################################################################
# abuse.ch URLhaus IDS ruleset (Suricata only)                 #
# Last updated: 2026-06-28 05:32:16 (UTC)                      #
#                                                              #
# Terms Of Use: https://urlhaus.abuse.ch/api/                  #
# For questions please contact urlhaus [at] abuse.ch           #
################################################################
#
# url
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.187.27.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877196/; classtype:trojan-activity;sid:84740296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.233.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877195/; classtype:trojan-activity;sid:84740295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.161.116.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877194/; classtype:trojan-activity;sid:84740294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.233.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877193/; classtype:trojan-activity;sid:84740293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.204.157.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877191/; classtype:trojan-activity;sid:84740291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.62.165"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877192/; classtype:trojan-activity;sid:84740292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.234.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877190/; classtype:trojan-activity;sid:84740290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.161.116.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877189/; classtype:trojan-activity;sid:84740289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.229.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877188/; classtype:trojan-activity;sid:84740288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.229.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877187/; classtype:trojan-activity;sid:84740287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.180.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877186/; classtype:trojan-activity;sid:84740286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.199.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877185/; classtype:trojan-activity;sid:84740285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.199.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877184/; classtype:trojan-activity;sid:84740284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.169.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877183/; classtype:trojan-activity;sid:84740283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.250.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877182/; classtype:trojan-activity;sid:84740282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.67.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877181/; classtype:trojan-activity;sid:84740281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.157.80.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877180/; classtype:trojan-activity;sid:84740280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.250.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877179/; classtype:trojan-activity;sid:84740279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.arm5"; depth:13; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877178/; classtype:trojan-activity;sid:84740278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.m68k"; depth:13; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877175/; classtype:trojan-activity;sid:84740275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.x86_64"; depth:15; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877176/; classtype:trojan-activity;sid:84740276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.mipsel"; depth:15; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877177/; classtype:trojan-activity;sid:84740277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.arm6"; depth:13; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877173/; classtype:trojan-activity;sid:84740273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.arm8"; depth:13; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877174/; classtype:trojan-activity;sid:84740274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.mips"; depth:13; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877170/; classtype:trojan-activity;sid:84740270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.x86"; depth:12; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877171/; classtype:trojan-activity;sid:84740271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.ppc"; depth:12; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877172/; classtype:trojan-activity;sid:84740272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.234.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877167/; classtype:trojan-activity;sid:84740267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877165/; classtype:trojan-activity;sid:84740265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.234.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877166/; classtype:trojan-activity;sid:84740266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877163/; classtype:trojan-activity;sid:84740263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877164/; classtype:trojan-activity;sid:84740264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.157.80.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877162/; classtype:trojan-activity;sid:84740262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.exe"; depth:8; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877161/; classtype:trojan-activity;sid:84740261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877157/; classtype:trojan-activity;sid:84740257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsle"; depth:7; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877158/; classtype:trojan-activity;sid:84740258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/android_arm64"; depth:14; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877159/; classtype:trojan-activity;sid:84740259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877160/; classtype:trojan-activity;sid:84740260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877151/; classtype:trojan-activity;sid:84740251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877152/; classtype:trojan-activity;sid:84740252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i386"; depth:5; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877153/; classtype:trojan-activity;sid:84740253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877154/; classtype:trojan-activity;sid:84740254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877155/; classtype:trojan-activity;sid:84740255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm64"; depth:6; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877156/; classtype:trojan-activity;sid:84740256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877149/; classtype:trojan-activity;sid:84740249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"91.92.40.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877150/; classtype:trojan-activity;sid:84740250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.128.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877148/; classtype:trojan-activity;sid:84740248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.241.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877147/; classtype:trojan-activity;sid:84740247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.187.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877146/; classtype:trojan-activity;sid:84740246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877145/; classtype:trojan-activity;sid:84740245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.144.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877144/; classtype:trojan-activity;sid:84740244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.169.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877143/; classtype:trojan-activity;sid:84740243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.7.208"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877142/; classtype:trojan-activity;sid:84740242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.240.161.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877141/; classtype:trojan-activity;sid:84740241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.6.240"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877140/; classtype:trojan-activity;sid:84740240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877139/; classtype:trojan-activity;sid:84740239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.91.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877136/; classtype:trojan-activity;sid:84740236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.arm"; depth:12; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877135/; classtype:trojan-activity;sid:84740235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flutter.arm7"; depth:13; endswith; nocase; http.host; content:"141.11.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877134/; classtype:trojan-activity;sid:84740234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.71.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877133/; classtype:trojan-activity;sid:84740233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877132/; classtype:trojan-activity;sid:84740232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.188.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877131/; classtype:trojan-activity;sid:84740231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.235.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877130/; classtype:trojan-activity;sid:84740230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.20.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877129/; classtype:trojan-activity;sid:84740229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.51.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877128/; classtype:trojan-activity;sid:84740228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.235.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_28; reference:url, urlhaus.abuse.ch/url/3877127/; classtype:trojan-activity;sid:84740227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=840a3f93-4b37-4b28-ba95-f500c82d58be"; depth:47; endswith; nocase; http.host; content:"vfu1w9au.honarrang.online"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877126/; classtype:trojan-activity;sid:84740226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.239.67"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877125/; classtype:trojan-activity;sid:84740225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.240.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877124/; classtype:trojan-activity;sid:84740224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.239.67"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877123/; classtype:trojan-activity;sid:84740223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.51.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877122/; classtype:trojan-activity;sid:84740222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.57.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877121/; classtype:trojan-activity;sid:84740221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.244.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877120/; classtype:trojan-activity;sid:84740220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.85.111.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877119/; classtype:trojan-activity;sid:84740219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.240.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877118/; classtype:trojan-activity;sid:84740218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.142.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877117/; classtype:trojan-activity;sid:84740217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=03e4c7d0-10b4-4f77-b0c3-7e9c498dd7dd"; depth:47; endswith; nocase; http.host; content:"t71awqhc.1xsignupbet.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877116/; classtype:trojan-activity;sid:84740216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.2.185.103"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877115/; classtype:trojan-activity;sid:84740215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.112.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877114/; classtype:trojan-activity;sid:84740214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.43.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877113/; classtype:trojan-activity;sid:84740213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.142.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877112/; classtype:trojan-activity;sid:84740212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.43.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877111/; classtype:trojan-activity;sid:84740211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877110/; classtype:trojan-activity;sid:84740210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.215.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877109/; classtype:trojan-activity;sid:84740209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.200.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877108/; classtype:trojan-activity;sid:84740208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877107/; classtype:trojan-activity;sid:84740207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877106/; classtype:trojan-activity;sid:84740206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.158.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877105/; classtype:trojan-activity;sid:84740205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.76.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877104/; classtype:trojan-activity;sid:84740204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=86f4898b-831b-4b0f-b5f4-307712647850"; depth:47; endswith; nocase; http.host; content:"1e2sdyr4.honardartarikh.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877103/; classtype:trojan-activity;sid:84740203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.89.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877102/; classtype:trojan-activity;sid:84740202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.85.111.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877101/; classtype:trojan-activity;sid:84740201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877100/; classtype:trojan-activity;sid:84740200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877099/; classtype:trojan-activity;sid:84740199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.48.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877098/; classtype:trojan-activity;sid:84740198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.89.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877097/; classtype:trojan-activity;sid:84740197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877096/; classtype:trojan-activity;sid:84740196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.76.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877095/; classtype:trojan-activity;sid:84740195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.158.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877092/; classtype:trojan-activity;sid:84740192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877093/; classtype:trojan-activity;sid:84740193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877094/; classtype:trojan-activity;sid:84740194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877091/; classtype:trojan-activity;sid:84740191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.120.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877090/; classtype:trojan-activity;sid:84740190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.48.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877089/; classtype:trojan-activity;sid:84740189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.133.100.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877088/; classtype:trojan-activity;sid:84740188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.137.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877087/; classtype:trojan-activity;sid:84740187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.133.100.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877086/; classtype:trojan-activity;sid:84740186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=40b7ccb1-d991-404b-93ce-e32c30e1fd85"; depth:47; endswith; nocase; http.host; content:"h663gbdv.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877085/; classtype:trojan-activity;sid:84740185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.197.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877084/; classtype:trojan-activity;sid:84740184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"162.141.92.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877083/; classtype:trojan-activity;sid:84740183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877082/; classtype:trojan-activity;sid:84740182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.157.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877081/; classtype:trojan-activity;sid:84740181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.147.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877080/; classtype:trojan-activity;sid:84740180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_be0b30035e9107d3.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877079/; classtype:trojan-activity;sid:84740179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877078/; classtype:trojan-activity;sid:84740178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d37d9229-1d44-4fee-af0c-9278a83b9b74"; depth:47; endswith; nocase; http.host; content:"6901jz2b.hesabdarishabahang.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877077/; classtype:trojan-activity;sid:84740177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5713466f4e745bae.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877076/; classtype:trojan-activity;sid:84740176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.186.237.86"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877075/; classtype:trojan-activity;sid:84740175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.33.54.120"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877074/; classtype:trojan-activity;sid:84740174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.196.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877073/; classtype:trojan-activity;sid:84740173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.157.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877072/; classtype:trojan-activity;sid:84740172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.86.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877070/; classtype:trojan-activity;sid:84740170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.115.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877071/; classtype:trojan-activity;sid:84740171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.170.216.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877069/; classtype:trojan-activity;sid:84740169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.253.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877068/; classtype:trojan-activity;sid:84740168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.199.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877067/; classtype:trojan-activity;sid:84740167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.170.216.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877066/; classtype:trojan-activity;sid:84740166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.253.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877065/; classtype:trojan-activity;sid:84740165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.173.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877064/; classtype:trojan-activity;sid:84740164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"153.117.15.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877063/; classtype:trojan-activity;sid:84740163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"122.50.1.7"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877062/; classtype:trojan-activity;sid:84740162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b93c69"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877059/; classtype:trojan-activity;sid:84740159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05ac2c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877060/; classtype:trojan-activity;sid:84740160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.103.100.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877061/; classtype:trojan-activity;sid:84740161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9afedb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877055/; classtype:trojan-activity;sid:84740155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/175a46"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877056/; classtype:trojan-activity;sid:84740156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"153.117.6.41"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877057/; classtype:trojan-activity;sid:84740157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.244.187.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877058/; classtype:trojan-activity;sid:84740158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7c04e1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877027/; classtype:trojan-activity;sid:84740127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8d594"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877028/; classtype:trojan-activity;sid:84740128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c3692"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877029/; classtype:trojan-activity;sid:84740129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/356b99"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877030/; classtype:trojan-activity;sid:84740130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c73cfc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877031/; classtype:trojan-activity;sid:84740131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea7e55"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877032/; classtype:trojan-activity;sid:84740132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95f600"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877033/; classtype:trojan-activity;sid:84740133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/713432"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877034/; classtype:trojan-activity;sid:84740134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87224c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877035/; classtype:trojan-activity;sid:84740135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8f5774"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877036/; classtype:trojan-activity;sid:84740136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea4400"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877037/; classtype:trojan-activity;sid:84740137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afe55a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877038/; classtype:trojan-activity;sid:84740138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95b834"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877039/; classtype:trojan-activity;sid:84740139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.248.61.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877040/; classtype:trojan-activity;sid:84740140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c0ca4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877041/; classtype:trojan-activity;sid:84740141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cda25b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877042/; classtype:trojan-activity;sid:84740142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ee8c6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877043/; classtype:trojan-activity;sid:84740143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6b030"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877044/; classtype:trojan-activity;sid:84740144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45f688"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877045/; classtype:trojan-activity;sid:84740145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d6c859"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877046/; classtype:trojan-activity;sid:84740146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/850383"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877047/; classtype:trojan-activity;sid:84740147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/014d15"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877048/; classtype:trojan-activity;sid:84740148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2d594b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877049/; classtype:trojan-activity;sid:84740149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef8be5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877050/; classtype:trojan-activity;sid:84740150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5e2d3b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877051/; classtype:trojan-activity;sid:84740151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c067db"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877052/; classtype:trojan-activity;sid:84740152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e158e2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877053/; classtype:trojan-activity;sid:84740153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94fcb0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877054/; classtype:trojan-activity;sid:84740154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d21e79"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877022/; classtype:trojan-activity;sid:84740122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00e000"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877023/; classtype:trojan-activity;sid:84740123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.173.7.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877024/; classtype:trojan-activity;sid:84740124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/389390"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877025/; classtype:trojan-activity;sid:84740125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d03139"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877026/; classtype:trojan-activity;sid:84740126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f42db4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877018/; classtype:trojan-activity;sid:84740118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/133b80"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877019/; classtype:trojan-activity;sid:84740119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9aff49"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877020/; classtype:trojan-activity;sid:84740120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b3251"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877021/; classtype:trojan-activity;sid:84740121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/03ea2c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877017/; classtype:trojan-activity;sid:84740117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a2612c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877009/; classtype:trojan-activity;sid:84740109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf93e3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877010/; classtype:trojan-activity;sid:84740110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/026d54"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877011/; classtype:trojan-activity;sid:84740111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24cd68"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877012/; classtype:trojan-activity;sid:84740112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/969682"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877013/; classtype:trojan-activity;sid:84740113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a4c21"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877014/; classtype:trojan-activity;sid:84740114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/469c57"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877015/; classtype:trojan-activity;sid:84740115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00bb3b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877016/; classtype:trojan-activity;sid:84740116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.102.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877008/; classtype:trojan-activity;sid:84740108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877007/; classtype:trojan-activity;sid:84740107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-cgroup"; depth:21; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877006/; classtype:trojan-activity;sid:84740106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.102.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877005/; classtype:trojan-activity;sid:84740105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877004/; classtype:trojan-activity;sid:84740104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.207.221"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877003/; classtype:trojan-activity;sid:84740103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877002/; classtype:trojan-activity;sid:84740102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.198.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877001/; classtype:trojan-activity;sid:84740101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3877000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e8fdddf9-cc7d-4ff9-9bab-473183826cc5"; depth:47; endswith; nocase; http.host; content:"ccczqxl6.blackjackonlineplay83.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3877000/; classtype:trojan-activity;sid:84740100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=821d8e6a-5083-4a53-acd3-d8204f10d8a9"; depth:47; endswith; nocase; http.host; content:"ck0ny34p.1xprobet.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876999/; classtype:trojan-activity;sid:84740099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.39.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876998/; classtype:trojan-activity;sid:84740098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876997/; classtype:trojan-activity;sid:84740097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-crypto"; depth:21; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876996/; classtype:trojan-activity;sid:84740096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipmiv2.xml"; depth:11; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876988/; classtype:trojan-activity;sid:84740088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-events"; depth:21; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876989/; classtype:trojan-activity;sid:84740089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-irq"; depth:18; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876990/; classtype:trojan-activity;sid:84740090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-softirq"; depth:22; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876991/; classtype:trojan-activity;sid:84740091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-rcu"; depth:18; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876992/; classtype:trojan-activity;sid:84740092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-netns"; depth:20; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876993/; classtype:trojan-activity;sid:84740093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-irq-bal"; depth:22; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876994/; classtype:trojan-activity;sid:84740094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-netns-rt"; depth:23; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876995/; classtype:trojan-activity;sid:84740095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.sh"; depth:10; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876987/; classtype:trojan-activity;sid:84740087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd"; depth:14; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876986/; classtype:trojan-activity;sid:84740086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.198.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876981/; classtype:trojan-activity;sid:84740081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-mm"; depth:17; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876982/; classtype:trojan-activity;sid:84740082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-blkcg"; depth:20; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876983/; classtype:trojan-activity;sid:84740083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-writeback"; depth:24; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876984/; classtype:trojan-activity;sid:84740084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-scsi"; depth:19; endswith; nocase; http.host; content:"93.115.101.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876985/; classtype:trojan-activity;sid:84740085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.173.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876980/; classtype:trojan-activity;sid:84740080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.85.98.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876979/; classtype:trojan-activity;sid:84740079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b78b8e118d18d080.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876978/; classtype:trojan-activity;sid:84740078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.200.85.114"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876977/; classtype:trojan-activity;sid:84740077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.70.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876975/; classtype:trojan-activity;sid:84740075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup-win32-bundle.exe"; depth:23; endswith; nocase; http.host; content:"dl.multiextension.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876974/; classtype:trojan-activity;sid:84740074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/bjbh.exe"; depth:14; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876969/; classtype:trojan-activity;sid:84740069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/greatcherry.exe"; depth:25; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876970/; classtype:trojan-activity;sid:84740070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/hjbk.exe"; depth:14; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876971/; classtype:trojan-activity;sid:84740071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/jhgkuyyg.exe"; depth:18; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876972/; classtype:trojan-activity;sid:84740072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/beb.exe"; depth:17; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876973/; classtype:trojan-activity;sid:84740073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/u1.exe"; depth:16; endswith; nocase; http.host; content:"5.252.155.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876968/; classtype:trojan-activity;sid:84740068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vpn/proctoru.1.32.win.08.exe"; depth:29; endswith; nocase; http.host; content:"185.191.126.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876967/; classtype:trojan-activity;sid:84740067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.exe"; depth:10; endswith; nocase; http.host; content:"194.87.138.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876966/; classtype:trojan-activity;sid:84740066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/u1.exe"; depth:16; endswith; nocase; http.host; content:"kuilfgfd.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876959/; classtype:trojan-activity;sid:84740059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/l9.exe"; depth:16; endswith; nocase; http.host; content:"apexdataserver4.sbs"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876961/; classtype:trojan-activity;sid:84740061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/kliulij.exehttp://185.191.126.171/vpn/proctoru.1.32.win.08.exe"; depth:68; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876962/; classtype:trojan-activity;sid:84740062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/l9.exe"; depth:16; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876964/; classtype:trojan-activity;sid:84740064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.39.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876958/; classtype:trojan-activity;sid:84740058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get"; depth:4; endswith; nocase; http.host; content:"45.192.12.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876957/; classtype:trojan-activity;sid:84740057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/beb.exe"; depth:17; endswith; nocase; http.host; content:"kuilfgfd.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876955/; classtype:trojan-activity;sid:84740055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/l97.exe"; depth:17; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876956/; classtype:trojan-activity;sid:84740056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jenniferloeffler.zip"; depth:21; endswith; nocase; http.host; content:"jenniferloeffler.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876953/; classtype:trojan-activity;sid:84740053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.46.119"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876954/; classtype:trojan-activity;sid:84740054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.143.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876952/; classtype:trojan-activity;sid:84740052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.215.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876951/; classtype:trojan-activity;sid:84740051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.194.50.3"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876949/; classtype:trojan-activity;sid:84740049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.60.224"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876950/; classtype:trojan-activity;sid:84740050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.186.237.86"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876948/; classtype:trojan-activity;sid:84740048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.73.3"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876947/; classtype:trojan-activity;sid:84740047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.52.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876946/; classtype:trojan-activity;sid:84740046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.52.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876945/; classtype:trojan-activity;sid:84740045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e66a8ec7-85d6-4798-b1aa-b9e7ac3f3c1a"; depth:47; endswith; nocase; http.host; content:"hzks2llo.1xdownload2023.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876944/; classtype:trojan-activity;sid:84740044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.198.116.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876943/; classtype:trojan-activity;sid:84740043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/tedy324/proxy-socket@d504380/netwrk"; depth:39; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876942/; classtype:trojan-activity;sid:84740042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.52.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876941/; classtype:trojan-activity;sid:84740041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.198.116.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876940/; classtype:trojan-activity;sid:84740040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.51.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876939/; classtype:trojan-activity;sid:84740039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.52.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876938/; classtype:trojan-activity;sid:84740038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/tedy324/proxy-socket@main/number"; depth:36; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876936/; classtype:trojan-activity;sid:84740036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0fce9b5b-bb28-4c42-8d94-b381ed3944b8"; depth:37; endswith; nocase; http.host; content:"e.perspolis.pro"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876937/; classtype:trojan-activity;sid:84740037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.120.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876935/; classtype:trojan-activity;sid:84740035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_2cc2c9ed16116f73.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876933/; classtype:trojan-activity;sid:84740033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_9d52b13e2e4a46f9.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876934/; classtype:trojan-activity;sid:84740034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.196.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876932/; classtype:trojan-activity;sid:84740032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876931/; classtype:trojan-activity;sid:84740031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.225.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876930/; classtype:trojan-activity;sid:84740030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.70.13.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876929/; classtype:trojan-activity;sid:84740029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.186.255"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876928/; classtype:trojan-activity;sid:84740028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.225.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876926/; classtype:trojan-activity;sid:84740026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.70.13.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876927/; classtype:trojan-activity;sid:84740027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.52.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876925/; classtype:trojan-activity;sid:84740025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c9a136a95aa72292.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876924/; classtype:trojan-activity;sid:84740024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.186.255"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876923/; classtype:trojan-activity;sid:84740023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.249.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876922/; classtype:trojan-activity;sid:84740022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876921/; classtype:trojan-activity;sid:84740021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.52.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876920/; classtype:trojan-activity;sid:84740020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876919/; classtype:trojan-activity;sid:84740019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876918/; classtype:trojan-activity;sid:84740018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876917/; classtype:trojan-activity;sid:84740017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876916/; classtype:trojan-activity;sid:84740016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.31.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876915/; classtype:trojan-activity;sid:84740015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=26e61271-b53c-40a6-adef-48cc79cdf14b"; depth:47; endswith; nocase; http.host; content:"tb4awyc7.vip1xbet.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876914/; classtype:trojan-activity;sid:84740014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.54.162.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876913/; classtype:trojan-activity;sid:84740013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.199.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876912/; classtype:trojan-activity;sid:84740012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.83.13.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876911/; classtype:trojan-activity;sid:84740011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kikimora-arch/solid-doodle/releases/download/realease/javachecker.exe"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876910/; classtype:trojan-activity;sid:84740010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.228.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876909/; classtype:trojan-activity;sid:84740009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"194.54.162.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876908/; classtype:trojan-activity;sid:84740008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.228.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876907/; classtype:trojan-activity;sid:84740007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3d43edf6-3d40-40b8-a4e0-a69c2cdc6009"; depth:47; endswith; nocase; http.host; content:"qpmbndoi.yekshart.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876906/; classtype:trojan-activity;sid:84740006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"181.193.106.86"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876905/; classtype:trojan-activity;sid:84740005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.99.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876904/; classtype:trojan-activity;sid:84740004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.187.82.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876903/; classtype:trojan-activity;sid:84740003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.111.39.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876902/; classtype:trojan-activity;sid:84740002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.111.39.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876901/; classtype:trojan-activity;sid:84740001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"162.251.60.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876900/; classtype:trojan-activity;sid:84740000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"162.251.60.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876899/; classtype:trojan-activity;sid:84739999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.240.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876898/; classtype:trojan-activity;sid:84739998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.255.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876897/; classtype:trojan-activity;sid:84739997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876896/; classtype:trojan-activity;sid:84739996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"23.139.68.114"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876895/; classtype:trojan-activity;sid:84739995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876894/; classtype:trojan-activity;sid:84739994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"5.8.18.23"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876893/; classtype:trojan-activity;sid:84739993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"89.233.194.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876892/; classtype:trojan-activity;sid:84739992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"5.8.18.45"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876891/; classtype:trojan-activity;sid:84739991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"5.8.18.45"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876890/; classtype:trojan-activity;sid:84739990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.53.152.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876889/; classtype:trojan-activity;sid:84739989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876888/; classtype:trojan-activity;sid:84739988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5075967f-f323-4802-8ed7-1a5845ffd972"; depth:47; endswith; nocase; http.host; content:"bcb7ukdo.tinyshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876887/; classtype:trojan-activity;sid:84739987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.53.152.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876886/; classtype:trojan-activity;sid:84739986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.38.11"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876885/; classtype:trojan-activity;sid:84739985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.240.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876884/; classtype:trojan-activity;sid:84739984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/m68k"; depth:8; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876882/; classtype:trojan-activity;sid:84739982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv6l"; depth:10; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876883/; classtype:trojan-activity;sid:84739983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/sh4"; depth:7; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876879/; classtype:trojan-activity;sid:84739979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86_64"; depth:10; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876880/; classtype:trojan-activity;sid:84739980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/ppc"; depth:7; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876881/; classtype:trojan-activity;sid:84739981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv4l"; depth:10; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876876/; classtype:trojan-activity;sid:84739976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mips64"; depth:10; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876877/; classtype:trojan-activity;sid:84739977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/aarch64"; depth:11; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876878/; classtype:trojan-activity;sid:84739978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv7l"; depth:10; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876875/; classtype:trojan-activity;sid:84739975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv5l"; depth:10; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876873/; classtype:trojan-activity;sid:84739973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/tbk"; depth:7; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876874/; classtype:trojan-activity;sid:84739974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86"; depth:7; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876872/; classtype:trojan-activity;sid:84739972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7fa0e4a5-c309-4cb8-accd-13ed062c71f9"; depth:47; endswith; nocase; http.host; content:"0z4y5ci2.1xboropartners.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876871/; classtype:trojan-activity;sid:84739971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.163.181.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876870/; classtype:trojan-activity;sid:84739970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.9.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876869/; classtype:trojan-activity;sid:84739969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mpsl"; depth:8; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876866/; classtype:trojan-activity;sid:84739966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mips"; depth:8; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876867/; classtype:trojan-activity;sid:84739967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/lterouter"; depth:13; endswith; nocase; http.host; content:"5.175.166.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876868/; classtype:trojan-activity;sid:84739968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.139.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876865/; classtype:trojan-activity;sid:84739965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/tedy324/bootstrap@main/mila-j"; depth:33; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876864/; classtype:trojan-activity;sid:84739964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.144"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876863/; classtype:trojan-activity;sid:84739963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.145.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876862/; classtype:trojan-activity;sid:84739962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.221.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876861/; classtype:trojan-activity;sid:84739961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.113.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876860/; classtype:trojan-activity;sid:84739960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.9.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876859/; classtype:trojan-activity;sid:84739959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.163.181.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876858/; classtype:trojan-activity;sid:84739958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/langflow.sh"; depth:17; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876857/; classtype:trojan-activity;sid:84739957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876856/; classtype:trojan-activity;sid:84739956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.163.134.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876855/; classtype:trojan-activity;sid:84739955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/tedy324/roadgate/dfsk-65j8"; depth:30; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876854/; classtype:trojan-activity;sid:84739954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.145.144"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876853/; classtype:trojan-activity;sid:84739953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.171.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876852/; classtype:trojan-activity;sid:84739952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.73.96.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876851/; classtype:trojan-activity;sid:84739951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876850/; classtype:trojan-activity;sid:84739950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876849/; classtype:trojan-activity;sid:84739949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=15832166-4358-4620-94a9-6f8b83b83a39"; depth:47; endswith; nocase; http.host; content:"ik029b3d.1xsignupbet.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876848/; classtype:trojan-activity;sid:84739948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=13406cbf-0d3f-4cda-8d2f-cfdace50e7a9"; depth:47; endswith; nocase; http.host; content:"tmvkionb.taktikbet.bio"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876847/; classtype:trojan-activity;sid:84739947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.139.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876846/; classtype:trojan-activity;sid:84739946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/roody2643/roadguard@main/car_284"; depth:36; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876845/; classtype:trojan-activity;sid:84739945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.221.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876844/; classtype:trojan-activity;sid:84739944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.250.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876843/; classtype:trojan-activity;sid:84739943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.157.210.26"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876842/; classtype:trojan-activity;sid:84739942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.74.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876841/; classtype:trojan-activity;sid:84739941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.250.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876840/; classtype:trojan-activity;sid:84739940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.195.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876839/; classtype:trojan-activity;sid:84739939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rt.sh"; depth:11; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876838/; classtype:trojan-activity;sid:84739938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.17.117"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876837/; classtype:trojan-activity;sid:84739937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876836/; classtype:trojan-activity;sid:84739936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.186.227.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876835/; classtype:trojan-activity;sid:84739935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.186.227.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876834/; classtype:trojan-activity;sid:84739934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.12.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876833/; classtype:trojan-activity;sid:84739933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4893cd95021a9ea1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876832/; classtype:trojan-activity;sid:84739932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackhole/asm/asmpure.txt"; depth:26; endswith; nocase; http.host; content:"babayagareborn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876831/; classtype:trojan-activity;sid:84739931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seition2doc/dosta2/main/n3.bat"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876830/; classtype:trojan-activity;sid:84739930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.74.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876829/; classtype:trojan-activity;sid:84739929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugd/09c1d5_4626761063374d69ab0351f21fd703ce.txt"; depth:48; endswith; nocase; http.host; content:"09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.filesusr.com"; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876828/; classtype:trojan-activity;sid:84739928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom.xml"; depth:9; endswith; nocase; http.host; content:"hoteljune2026.blogspot.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876827/; classtype:trojan-activity;sid:84739927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/////udus.docx.pdf.olp.sysphud.dudus.docx.pdf.olp.sysphud.dudus.docx.pdf.olp.sysphud.dpc.lfwo"; depth:93; endswith; nocase; http.host; content:"hoteljune2026.blogspot.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876826/; classtype:trojan-activity;sid:84739926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cf95ba24331b48d8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876825/; classtype:trojan-activity;sid:84739925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876824/; classtype:trojan-activity;sid:84739924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.232.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876823/; classtype:trojan-activity;sid:84739923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3hhwfoep7rfh57uns2k"; depth:20; endswith; nocase; http.host; content:"45.225.135.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876821/; classtype:trojan-activity;sid:84739921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache2"; depth:8; endswith; nocase; http.host; content:"31.76.241.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876822/; classtype:trojan-activity;sid:84739922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"diskfoottoarxives2023.vercel.app"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876819/; classtype:trojan-activity;sid:84739919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"police2606work.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876820/; classtype:trojan-activity;sid:84739920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"diskfoottoarxives2023.vercel.app"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876818/; classtype:trojan-activity;sid:84739918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_61e9916d8ab241af.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876810/; classtype:trojan-activity;sid:84739910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3f39b4276744a983.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876811/; classtype:trojan-activity;sid:84739911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e8eb14d778076b37.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876812/; classtype:trojan-activity;sid:84739912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d30be19c59a663a8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876813/; classtype:trojan-activity;sid:84739913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c6e154ddfe4355f1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876814/; classtype:trojan-activity;sid:84739914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_de029686f85cf6e5.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876815/; classtype:trojan-activity;sid:84739915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d1bb2fad4ab2e94b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876816/; classtype:trojan-activity;sid:84739916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_474f99b7ffd449d5.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876817/; classtype:trojan-activity;sid:84739917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.157.210.26"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876809/; classtype:trojan-activity;sid:84739909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.206.190"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876808/; classtype:trojan-activity;sid:84739908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.230.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876807/; classtype:trojan-activity;sid:84739907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.196.192.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876806/; classtype:trojan-activity;sid:84739906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.21.255.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876805/; classtype:trojan-activity;sid:84739905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=60668e46-5ccc-49f7-bc29-6d11782e73aa"; depth:47; endswith; nocase; http.host; content:"85xhbv2q.shartcart.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876804/; classtype:trojan-activity;sid:84739904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.38.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876803/; classtype:trojan-activity;sid:84739903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.21.255.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876802/; classtype:trojan-activity;sid:84739902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.230.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876801/; classtype:trojan-activity;sid:84739901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.238.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876800/; classtype:trojan-activity;sid:84739900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.20.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876799/; classtype:trojan-activity;sid:84739899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.252.69.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876798/; classtype:trojan-activity;sid:84739898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.42.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876797/; classtype:trojan-activity;sid:84739897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.194.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876796/; classtype:trojan-activity;sid:84739896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.38.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876795/; classtype:trojan-activity;sid:84739895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.137"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876794/; classtype:trojan-activity;sid:84739894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.sh4"; depth:12; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876792/; classtype:trojan-activity;sid:84739892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.m68k"; depth:13; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876793/; classtype:trojan-activity;sid:84739893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.x86"; depth:12; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876790/; classtype:trojan-activity;sid:84739890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.ppc"; depth:12; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876791/; classtype:trojan-activity;sid:84739891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"144.48.123.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876789/; classtype:trojan-activity;sid:84739889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.137"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876788/; classtype:trojan-activity;sid:84739888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876784/; classtype:trojan-activity;sid:84739884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876785/; classtype:trojan-activity;sid:84739885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm64"; depth:6; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876786/; classtype:trojan-activity;sid:84739886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876787/; classtype:trojan-activity;sid:84739887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i386"; depth:5; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876778/; classtype:trojan-activity;sid:84739878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876779/; classtype:trojan-activity;sid:84739879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsle"; depth:7; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876780/; classtype:trojan-activity;sid:84739880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876781/; classtype:trojan-activity;sid:84739881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876782/; classtype:trojan-activity;sid:84739882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876783/; classtype:trojan-activity;sid:84739883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.exe"; depth:8; endswith; nocase; http.host; content:"91.92.42.125"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876777/; classtype:trojan-activity;sid:84739877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.42.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876776/; classtype:trojan-activity;sid:84739876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"144.48.123.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876775/; classtype:trojan-activity;sid:84739875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.14.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876774/; classtype:trojan-activity;sid:84739874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.200.233.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876773/; classtype:trojan-activity;sid:84739873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.130.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876772/; classtype:trojan-activity;sid:84739872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.232.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876771/; classtype:trojan-activity;sid:84739871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=86a65fe1-cbde-43a9-90e1-f5d94d2d2ced"; depth:47; endswith; nocase; http.host; content:"7pkztjkc.1xbetpartnersiran.com"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876770/; classtype:trojan-activity;sid:84739870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.79.160.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876769/; classtype:trojan-activity;sid:84739869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=36d699e6-a378-460c-849a-696d1508bc3a"; depth:47; endswith; nocase; http.host; content:"9pkiisod.jetbet1.pro"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876768/; classtype:trojan-activity;sid:84739868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.194.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876767/; classtype:trojan-activity;sid:84739867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.156.139.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876766/; classtype:trojan-activity;sid:84739866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.200.233.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876765/; classtype:trojan-activity;sid:84739865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876764/; classtype:trojan-activity;sid:84739864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.231.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876763/; classtype:trojan-activity;sid:84739863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.174.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876762/; classtype:trojan-activity;sid:84739862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.174.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876761/; classtype:trojan-activity;sid:84739861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.231.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876760/; classtype:trojan-activity;sid:84739860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.194.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876759/; classtype:trojan-activity;sid:84739859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.224"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876758/; classtype:trojan-activity;sid:84739858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.227.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876757/; classtype:trojan-activity;sid:84739857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.205.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876756/; classtype:trojan-activity;sid:84739856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bce5e4a8-ffb5-44e4-8d63-f49e25a49152"; depth:47; endswith; nocase; http.host; content:"tszebpwz.1xprobet.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876755/; classtype:trojan-activity;sid:84739855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.223.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876754/; classtype:trojan-activity;sid:84739854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoakkkk/botnet/refs/heads/main/johenlastgen.sh"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876753/; classtype:trojan-activity;sid:84739853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.227.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876752/; classtype:trojan-activity;sid:84739852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a42c1dc8442e1c9b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876751/; classtype:trojan-activity;sid:84739851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.249.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876750/; classtype:trojan-activity;sid:84739850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.165.187.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876749/; classtype:trojan-activity;sid:84739849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.233.228.173"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876748/; classtype:trojan-activity;sid:84739848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.223.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876747/; classtype:trojan-activity;sid:84739847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.156.139.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876746/; classtype:trojan-activity;sid:84739846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876745/; classtype:trojan-activity;sid:84739845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.144.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876744/; classtype:trojan-activity;sid:84739844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.205.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876743/; classtype:trojan-activity;sid:84739843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.233.228.173"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876742/; classtype:trojan-activity;sid:84739842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7cc2255d-8e24-492c-92a9-9534b52de332"; depth:47; endswith; nocase; http.host; content:"c2uwzjf8.blackjackonlineplay83.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876741/; classtype:trojan-activity;sid:84739841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.249.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876740/; classtype:trojan-activity;sid:84739840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.164.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876739/; classtype:trojan-activity;sid:84739839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.94.142.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876738/; classtype:trojan-activity;sid:84739838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.82.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876737/; classtype:trojan-activity;sid:84739837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.82.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876736/; classtype:trojan-activity;sid:84739836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.165.187.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876735/; classtype:trojan-activity;sid:84739835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.141"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876734/; classtype:trojan-activity;sid:84739834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"server-830796.thatserver.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876733/; classtype:trojan-activity;sid:84739833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.71.31.249"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876732/; classtype:trojan-activity;sid:84739832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.94.142.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876731/; classtype:trojan-activity;sid:84739831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.55.36"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876730/; classtype:trojan-activity;sid:84739830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.71.31.249"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876729/; classtype:trojan-activity;sid:84739829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.76.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876728/; classtype:trojan-activity;sid:84739828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876727/; classtype:trojan-activity;sid:84739827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.77.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876726/; classtype:trojan-activity;sid:84739826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.76.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876725/; classtype:trojan-activity;sid:84739825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.215.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876724/; classtype:trojan-activity;sid:84739824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.120.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_27; reference:url, urlhaus.abuse.ch/url/3876723/; classtype:trojan-activity;sid:84739823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.156.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876722/; classtype:trojan-activity;sid:84739822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.214.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876721/; classtype:trojan-activity;sid:84739821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.77.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876720/; classtype:trojan-activity;sid:84739820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876719/; classtype:trojan-activity;sid:84739819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.215.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876718/; classtype:trojan-activity;sid:84739818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=72791768-c733-4336-9090-00935887e58a"; depth:47; endswith; nocase; http.host; content:"gibi1zic.alobet.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876717/; classtype:trojan-activity;sid:84739817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.120.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876716/; classtype:trojan-activity;sid:84739816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.157.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876715/; classtype:trojan-activity;sid:84739815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.251.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876714/; classtype:trojan-activity;sid:84739814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.157.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876713/; classtype:trojan-activity;sid:84739813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.199.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876712/; classtype:trojan-activity;sid:84739812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.238.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876710/; classtype:trojan-activity;sid:84739810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.238.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876711/; classtype:trojan-activity;sid:84739811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_639c336330ba48b7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876709/; classtype:trojan-activity;sid:84739809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.51.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876708/; classtype:trojan-activity;sid:84739808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.68.162.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876707/; classtype:trojan-activity;sid:84739807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=801f8b3a-b54a-409c-8c98-b5a30f64e1c3"; depth:47; endswith; nocase; http.host; content:"qq6dl5dg.1x303.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876706/; classtype:trojan-activity;sid:84739806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.156.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876705/; classtype:trojan-activity;sid:84739805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.145.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876704/; classtype:trojan-activity;sid:84739804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.54.95.49"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876703/; classtype:trojan-activity;sid:84739803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876702/; classtype:trojan-activity;sid:84739802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.71.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876701/; classtype:trojan-activity;sid:84739801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.68.162.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876700/; classtype:trojan-activity;sid:84739800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.249.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876699/; classtype:trojan-activity;sid:84739799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"68.235.251.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876698/; classtype:trojan-activity;sid:84739798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.171.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876697/; classtype:trojan-activity;sid:84739797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.54.95.49"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876696/; classtype:trojan-activity;sid:84739796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876694/; classtype:trojan-activity;sid:84739794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876695/; classtype:trojan-activity;sid:84739795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876693/; classtype:trojan-activity;sid:84739793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876692/; classtype:trojan-activity;sid:84739792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876690/; classtype:trojan-activity;sid:84739790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"45.192.97.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876691/; classtype:trojan-activity;sid:84739791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876689/; classtype:trojan-activity;sid:84739789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.23.137.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876688/; classtype:trojan-activity;sid:84739788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.229.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876687/; classtype:trojan-activity;sid:84739787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.87.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876686/; classtype:trojan-activity;sid:84739786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.119.164.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876685/; classtype:trojan-activity;sid:84739785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c728de98ac1beb8a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876684/; classtype:trojan-activity;sid:84739784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876683/; classtype:trojan-activity;sid:84739783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.251.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876681/; classtype:trojan-activity;sid:84739781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.106.86"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876682/; classtype:trojan-activity;sid:84739782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.229.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876680/; classtype:trojan-activity;sid:84739780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.99"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876679/; classtype:trojan-activity;sid:84739779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.177.33.164"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876678/; classtype:trojan-activity;sid:84739778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.119.164.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876677/; classtype:trojan-activity;sid:84739777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2df6a46f-f84b-44ba-8cee-29d1185e3014"; depth:47; endswith; nocase; http.host; content:"qa4lsxxi.313betapk.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876676/; classtype:trojan-activity;sid:84739776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b044dd75-8721-4bd6-916f-1501c01712ce"; depth:47; endswith; nocase; http.host; content:"6b4ki3sp.abt90kade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876675/; classtype:trojan-activity;sid:84739775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.179.18.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876674/; classtype:trojan-activity;sid:84739774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.146.250"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876673/; classtype:trojan-activity;sid:84739773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.179.18.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876672/; classtype:trojan-activity;sid:84739772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.221.150.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876671/; classtype:trojan-activity;sid:84739771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.224.33.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876670/; classtype:trojan-activity;sid:84739770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.224.33.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876669/; classtype:trojan-activity;sid:84739769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.249.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876668/; classtype:trojan-activity;sid:84739768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.177.33.164"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876667/; classtype:trojan-activity;sid:84739767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.153.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876666/; classtype:trojan-activity;sid:84739766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.231.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876665/; classtype:trojan-activity;sid:84739765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.232.100.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876664/; classtype:trojan-activity;sid:84739764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.221.150.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876663/; classtype:trojan-activity;sid:84739763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.25.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876661/; classtype:trojan-activity;sid:84739761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.25.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876662/; classtype:trojan-activity;sid:84739762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.76.123"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876660/; classtype:trojan-activity;sid:84739760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.163.107.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876659/; classtype:trojan-activity;sid:84739759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.232.100.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876658/; classtype:trojan-activity;sid:84739758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.16.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876657/; classtype:trojan-activity;sid:84739757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"157.66.146.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876656/; classtype:trojan-activity;sid:84739756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.3.0.134"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876655/; classtype:trojan-activity;sid:84739755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.18.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876654/; classtype:trojan-activity;sid:84739754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.163.107.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876653/; classtype:trojan-activity;sid:84739753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.3.0.134"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876652/; classtype:trojan-activity;sid:84739752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.164.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876651/; classtype:trojan-activity;sid:84739751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.85.60.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876650/; classtype:trojan-activity;sid:84739750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.245.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876649/; classtype:trojan-activity;sid:84739749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.147.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876648/; classtype:trojan-activity;sid:84739748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9acbec46-3cf2-48c1-af92-731bcb3553b6"; depth:47; endswith; nocase; http.host; content:"gkn9py5i.honarrang.online"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876647/; classtype:trojan-activity;sid:84739747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.196.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876646/; classtype:trojan-activity;sid:84739746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.249.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876645/; classtype:trojan-activity;sid:84739745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/tedy324/vlan44-nginx/sample"; depth:31; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876644/; classtype:trojan-activity;sid:84739744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.3.165"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876643/; classtype:trojan-activity;sid:84739743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36580b02-9d9c-4a93-81a8-46f87779e789"; depth:37; endswith; nocase; http.host; content:"sjc3.sabad724.bio"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876642/; classtype:trojan-activity;sid:84739742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/tedy324/vlan44-nginx/secure"; depth:31; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876641/; classtype:trojan-activity;sid:84739741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876640/; classtype:trojan-activity;sid:84739740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.245.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876639/; classtype:trojan-activity;sid:84739739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.81.226"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876638/; classtype:trojan-activity;sid:84739738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9db9"; depth:5; endswith; nocase; http.host; content:"server-830796.thatserver.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876637/; classtype:trojan-activity;sid:84739737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.59.107.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876636/; classtype:trojan-activity;sid:84739736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876635/; classtype:trojan-activity;sid:84739735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.81.226"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876634/; classtype:trojan-activity;sid:84739734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876633/; classtype:trojan-activity;sid:84739733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876632/; classtype:trojan-activity;sid:84739732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876631/; classtype:trojan-activity;sid:84739731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.12.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876630/; classtype:trojan-activity;sid:84739730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.199.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876629/; classtype:trojan-activity;sid:84739729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.93.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876628/; classtype:trojan-activity;sid:84739728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.239.216"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876627/; classtype:trojan-activity;sid:84739727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3342a41f-6114-45a0-909e-5f65f89baef8"; depth:47; endswith; nocase; http.host; content:"effc4p41.honardartarikh.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876626/; classtype:trojan-activity;sid:84739726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.20.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876625/; classtype:trojan-activity;sid:84739725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.199.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876624/; classtype:trojan-activity;sid:84739724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.251.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876623/; classtype:trojan-activity;sid:84739723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.74.63"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876621/; classtype:trojan-activity;sid:84739721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.105.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876622/; classtype:trojan-activity;sid:84739722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876605/; classtype:trojan-activity;sid:84739705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemcl/m68k"; depth:19; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876606/; classtype:trojan-activity;sid:84739706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemcl/x86_64"; depth:21; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876607/; classtype:trojan-activity;sid:84739707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm64"; depth:11; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876608/; classtype:trojan-activity;sid:84739708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i386"; depth:10; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876609/; classtype:trojan-activity;sid:84739709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i586"; depth:10; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876610/; classtype:trojan-activity;sid:84739710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876611/; classtype:trojan-activity;sid:84739711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s"; depth:2; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876612/; classtype:trojan-activity;sid:84739712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sparc"; depth:11; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876613/; classtype:trojan-activity;sid:84739713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/armv4l"; depth:12; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876614/; classtype:trojan-activity;sid:84739714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876615/; classtype:trojan-activity;sid:84739715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876616/; classtype:trojan-activity;sid:84739716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i486"; depth:10; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876617/; classtype:trojan-activity;sid:84739717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/armv5l"; depth:12; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876618/; classtype:trojan-activity;sid:84739718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876619/; classtype:trojan-activity;sid:84739719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemcl/mips"; depth:19; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876620/; classtype:trojan-activity;sid:84739720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876598/; classtype:trojan-activity;sid:84739698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876599/; classtype:trojan-activity;sid:84739699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/aarch64"; depth:13; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876600/; classtype:trojan-activity;sid:84739700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemcl/ppc"; depth:18; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876601/; classtype:trojan-activity;sid:84739701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/powerpc"; depth:13; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876602/; classtype:trojan-activity;sid:84739702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/armv7l"; depth:12; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876603/; classtype:trojan-activity;sid:84739703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amd64"; depth:11; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876604/; classtype:trojan-activity;sid:84739704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/systemcl/sh4"; depth:18; endswith; nocase; http.host; content:"138.124.117.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876597/; classtype:trojan-activity;sid:84739697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.184.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876596/; classtype:trojan-activity;sid:84739696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qic"; depth:4; endswith; nocase; http.host; content:"server-830796.thatserver.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876595/; classtype:trojan-activity;sid:84739695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876594/; classtype:trojan-activity;sid:84739694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.74.63"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876593/; classtype:trojan-activity;sid:84739693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fc3f134d-11c0-45aa-8299-b7f685d6110e"; depth:47; endswith; nocase; http.host; content:"pffvv3yw.22bahis-tr.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876592/; classtype:trojan-activity;sid:84739692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.93.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876591/; classtype:trojan-activity;sid:84739691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876590/; classtype:trojan-activity;sid:84739690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.194.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876589/; classtype:trojan-activity;sid:84739689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.251.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876588/; classtype:trojan-activity;sid:84739688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.86.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876587/; classtype:trojan-activity;sid:84739687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/levantamento/5gr67j/nwm2nb/jicbf8"; depth:34; endswith; nocase; http.host; content:"areal.rj.gov.br"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876586/; classtype:trojan-activity;sid:84739686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/levantamento/5gr67j/fr88rm/cmlzhu"; depth:34; endswith; nocase; http.host; content:"areal.rj.gov.br"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876585/; classtype:trojan-activity;sid:84739685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/u/2/d/1pa70qgfvmht-frcaihzsbh2fbm8hemg3/view|3f|usp=sharing"; depth:65; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876584/; classtype:trojan-activity;sid:84739684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4255b638-6f2a-400a-ad89-81f0b94f1fcd"; depth:47; endswith; nocase; http.host; content:"yvkbbq3e.1xdownload2023.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876583/; classtype:trojan-activity;sid:84739683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.24.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876582/; classtype:trojan-activity;sid:84739682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.195.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876581/; classtype:trojan-activity;sid:84739681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.78.205.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876580/; classtype:trojan-activity;sid:84739680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.221.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876578/; classtype:trojan-activity;sid:84739678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.221.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876579/; classtype:trojan-activity;sid:84739679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6f3ca295-4048-4123-8f63-7272f4d5de60"; depth:47; endswith; nocase; http.host; content:"isgmj697.hesabdarishabahang.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876577/; classtype:trojan-activity;sid:84739677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.109.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876576/; classtype:trojan-activity;sid:84739676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fe6d4366-4acb-4e06-9141-38ae8dbd5ba4"; depth:47; endswith; nocase; http.host; content:"arpt9xvl.1xdlbet.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876575/; classtype:trojan-activity;sid:84739675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.76.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876574/; classtype:trojan-activity;sid:84739674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"45.137.81.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876570/; classtype:trojan-activity;sid:84739670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"45.137.81.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876571/; classtype:trojan-activity;sid:84739671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"45.137.81.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876572/; classtype:trojan-activity;sid:84739672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"45.137.81.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876573/; classtype:trojan-activity;sid:84739673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"45.137.81.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876569/; classtype:trojan-activity;sid:84739669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876568/; classtype:trojan-activity;sid:84739668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.109.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876567/; classtype:trojan-activity;sid:84739667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.131.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876566/; classtype:trojan-activity;sid:84739666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.31.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876565/; classtype:trojan-activity;sid:84739665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.216.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876564/; classtype:trojan-activity;sid:84739664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.68.53.40"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876563/; classtype:trojan-activity;sid:84739663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876562/; classtype:trojan-activity;sid:84739662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.232.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876561/; classtype:trojan-activity;sid:84739661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.148.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876560/; classtype:trojan-activity;sid:84739660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.233.94.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876559/; classtype:trojan-activity;sid:84739659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.68.53.40"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876558/; classtype:trojan-activity;sid:84739658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.200.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876556/; classtype:trojan-activity;sid:84739656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.87.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876557/; classtype:trojan-activity;sid:84739657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.69.237"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876555/; classtype:trojan-activity;sid:84739655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.197.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876554/; classtype:trojan-activity;sid:84739654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.70.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876552/; classtype:trojan-activity;sid:84739652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.136.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876553/; classtype:trojan-activity;sid:84739653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.65.212"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876551/; classtype:trojan-activity;sid:84739651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.33.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876550/; classtype:trojan-activity;sid:84739650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.232.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876549/; classtype:trojan-activity;sid:84739649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.136.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876548/; classtype:trojan-activity;sid:84739648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.148.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876547/; classtype:trojan-activity;sid:84739647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876546/; classtype:trojan-activity;sid:84739646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.87.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876545/; classtype:trojan-activity;sid:84739645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.69.237"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876544/; classtype:trojan-activity;sid:84739644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b12991eb-8ded-428b-8258-6f45baf88ac6"; depth:47; endswith; nocase; http.host; content:"0qam1x6q.alobet.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876543/; classtype:trojan-activity;sid:84739643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.33.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876542/; classtype:trojan-activity;sid:84739642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.253.144"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876541/; classtype:trojan-activity;sid:84739641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.104.130"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876540/; classtype:trojan-activity;sid:84739640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.19.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876539/; classtype:trojan-activity;sid:84739639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.250.37.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876538/; classtype:trojan-activity;sid:84739638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876537/; classtype:trojan-activity;sid:84739637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.190.160.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876536/; classtype:trojan-activity;sid:84739636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876535/; classtype:trojan-activity;sid:84739635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.41.78.246"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876534/; classtype:trojan-activity;sid:84739634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.196.192.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876533/; classtype:trojan-activity;sid:84739633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.164.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876531/; classtype:trojan-activity;sid:84739631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.148.220.11"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876532/; classtype:trojan-activity;sid:84739632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.131.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876530/; classtype:trojan-activity;sid:84739630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.197.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876529/; classtype:trojan-activity;sid:84739629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.104.130"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876528/; classtype:trojan-activity;sid:84739628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.19.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876527/; classtype:trojan-activity;sid:84739627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.145.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876526/; classtype:trojan-activity;sid:84739626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.148.220.11"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876525/; classtype:trojan-activity;sid:84739625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.131.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876524/; classtype:trojan-activity;sid:84739624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.190.160.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876523/; classtype:trojan-activity;sid:84739623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check_bot_m"; depth:12; endswith; nocase; http.host; content:"diobenu2silva.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876522/; classtype:trojan-activity;sid:84739622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3fec31ac90ffd33e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876521/; classtype:trojan-activity;sid:84739621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_278ea03277611bf1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876520/; classtype:trojan-activity;sid:84739620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.164.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876519/; classtype:trojan-activity;sid:84739619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.147.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876518/; classtype:trojan-activity;sid:84739618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.200.191.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876517/; classtype:trojan-activity;sid:84739617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.239.216"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876516/; classtype:trojan-activity;sid:84739616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.200.191.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876515/; classtype:trojan-activity;sid:84739615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.165.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876514/; classtype:trojan-activity;sid:84739614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.212.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876513/; classtype:trojan-activity;sid:84739613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b3a28359-5117-4b3b-b920-2f6af5e95a93"; depth:47; endswith; nocase; http.host; content:"7sjngotr.1xsignupbet.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876512/; classtype:trojan-activity;sid:84739612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.167.39.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876511/; classtype:trojan-activity;sid:84739611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=859fe997-8d2e-4259-9545-371871746841"; depth:47; endswith; nocase; http.host; content:"qgyszj8a.abt90kade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876510/; classtype:trojan-activity;sid:84739610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.229.140"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876509/; classtype:trojan-activity;sid:84739609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.89.157.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876508/; classtype:trojan-activity;sid:84739608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unbefitting/pressurize"; depth:23; endswith; nocase; http.host; content:"www.v-care.hk"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876507/; classtype:trojan-activity;sid:84739607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vaseline/insole"; depth:16; endswith; nocase; http.host; content:"westcodex.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876506/; classtype:trojan-activity;sid:84739606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crushed/bilk"; depth:13; endswith; nocase; http.host; content:"sergiodiazcoach.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876503/; classtype:trojan-activity;sid:84739603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connatural/scavenge"; depth:20; endswith; nocase; http.host; content:"centrodeinfusaocuritiba.com.br"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876504/; classtype:trojan-activity;sid:84739604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prolegome/velvet"; depth:17; endswith; nocase; http.host; content:"ravstore.cl"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876505/; classtype:trojan-activity;sid:84739605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agrimotor/kilobyte"; depth:19; endswith; nocase; http.host; content:"testdomain.kognitivtrainer.de"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876495/; classtype:trojan-activity;sid:84739595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bunkering/onomasiology"; depth:23; endswith; nocase; http.host; content:"jabalitowers.nexatestwp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876496/; classtype:trojan-activity;sid:84739596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bunkering/advocacies"; depth:21; endswith; nocase; http.host; content:"jabalitowers.nexatestwp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876497/; classtype:trojan-activity;sid:84739597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/three.js.old/examples/models/gltf/monster/gltf/predatory/rampage"; depth:65; endswith; nocase; http.host; content:"360.intraserv.pl"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876498/; classtype:trojan-activity;sid:84739598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bunkering/clandestine"; depth:22; endswith; nocase; http.host; content:"jabalitowers.nexatestwp.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876499/; classtype:trojan-activity;sid:84739599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subparameter/seamy"; depth:19; endswith; nocase; http.host; content:"kelvintahvieh.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876500/; classtype:trojan-activity;sid:84739600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utilize/helicopter"; depth:19; endswith; nocase; http.host; content:"mythandmycelium.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876501/; classtype:trojan-activity;sid:84739601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/improperly/foregoing"; depth:21; endswith; nocase; http.host; content:"propertymgmtsoft.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876502/; classtype:trojan-activity;sid:84739602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matin/complicate"; depth:17; endswith; nocase; http.host; content:"doc.eagle-web-concept.fr"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876493/; classtype:trojan-activity;sid:84739593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feign/pedigreed"; depth:16; endswith; nocase; http.host; content:"alkhateebholding.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876494/; classtype:trojan-activity;sid:84739594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.50.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876492/; classtype:trojan-activity;sid:84739592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.68.168.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876491/; classtype:trojan-activity;sid:84739591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.165.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876490/; classtype:trojan-activity;sid:84739590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.185.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876489/; classtype:trojan-activity;sid:84739589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.89.157.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876488/; classtype:trojan-activity;sid:84739588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.185.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876487/; classtype:trojan-activity;sid:84739587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876486/; classtype:trojan-activity;sid:84739586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876485/; classtype:trojan-activity;sid:84739585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.167.39.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876484/; classtype:trojan-activity;sid:84739584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=03a32fba-0101-4277-94ea-928f9dc8aa4c"; depth:47; endswith; nocase; http.host; content:"00pq7d1j.1xboropartners.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876483/; classtype:trojan-activity;sid:84739583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.106.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876482/; classtype:trojan-activity;sid:84739582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.95.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876481/; classtype:trojan-activity;sid:84739581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.50.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876480/; classtype:trojan-activity;sid:84739580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"45.225.135.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876479/; classtype:trojan-activity;sid:84739579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.144.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876478/; classtype:trojan-activity;sid:84739578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.233.194.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876477/; classtype:trojan-activity;sid:84739577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.93.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876475/; classtype:trojan-activity;sid:84739575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.55.36"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876476/; classtype:trojan-activity;sid:84739576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.243.28"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876474/; classtype:trojan-activity;sid:84739574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.224.14.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876473/; classtype:trojan-activity;sid:84739573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876472/; classtype:trojan-activity;sid:84739572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.144.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876471/; classtype:trojan-activity;sid:84739571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.184.80.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876470/; classtype:trojan-activity;sid:84739570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.93.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876469/; classtype:trojan-activity;sid:84739569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.205.226.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876468/; classtype:trojan-activity;sid:84739568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.213.175.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876467/; classtype:trojan-activity;sid:84739567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.205.226.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876466/; classtype:trojan-activity;sid:84739566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.243.28"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876465/; classtype:trojan-activity;sid:84739565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.224.14.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876464/; classtype:trojan-activity;sid:84739564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.85.60.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876463/; classtype:trojan-activity;sid:84739563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=25c2a4b7-0168-4108-ac3b-71609dc02175"; depth:47; endswith; nocase; http.host; content:"rfhudhbz.313betsingup.casino"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876462/; classtype:trojan-activity;sid:84739562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kje"; depth:5; endswith; nocase; http.host; content:"server-830796.thatserver.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876461/; classtype:trojan-activity;sid:84739561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.173.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876460/; classtype:trojan-activity;sid:84739560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.32.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876459/; classtype:trojan-activity;sid:84739559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.184.80.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876458/; classtype:trojan-activity;sid:84739558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.228.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876457/; classtype:trojan-activity;sid:84739557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.230.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876456/; classtype:trojan-activity;sid:84739556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.228.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876455/; classtype:trojan-activity;sid:84739555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/roody2643/driver-access-service/access_manager"; depth:50; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876454/; classtype:trojan-activity;sid:84739554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.32.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876453/; classtype:trojan-activity;sid:84739553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.52.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876452/; classtype:trojan-activity;sid:84739552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876451/; classtype:trojan-activity;sid:84739551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.63.144.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876450/; classtype:trojan-activity;sid:84739550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.230.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876449/; classtype:trojan-activity;sid:84739549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/roody2643/roadblock4/dfd745"; depth:31; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876448/; classtype:trojan-activity;sid:84739548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d2e8d12f-63a2-4e0f-806b-da67aad39488"; depth:37; endswith; nocase; http.host; content:"drf.honareslami.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876447/; classtype:trojan-activity;sid:84739547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.255.30.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876446/; classtype:trojan-activity;sid:84739546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.52.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876445/; classtype:trojan-activity;sid:84739545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.201.202"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876444/; classtype:trojan-activity;sid:84739544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.206.102"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876443/; classtype:trojan-activity;sid:84739543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.186.175.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876442/; classtype:trojan-activity;sid:84739542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.144.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876441/; classtype:trojan-activity;sid:84739541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.255.30.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876440/; classtype:trojan-activity;sid:84739540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876439/; classtype:trojan-activity;sid:84739539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.23.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876438/; classtype:trojan-activity;sid:84739538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.201.202"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876437/; classtype:trojan-activity;sid:84739537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.206.102"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876436/; classtype:trojan-activity;sid:84739536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/belova-bb071/syd1-failover/krt5a"; depth:36; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876435/; classtype:trojan-activity;sid:84739535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0c4cf0d-a8b3-4e57-82fe-5686322d9bed"; depth:37; endswith; nocase; http.host; content:"xb.bet1bonus.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876434/; classtype:trojan-activity;sid:84739534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.186.175.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876433/; classtype:trojan-activity;sid:84739533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=29a94676-d1ea-4a6b-9d3a-ed0d793f48a8"; depth:47; endswith; nocase; http.host; content:"wlwnophi.313betiran.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876432/; classtype:trojan-activity;sid:84739532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.98.39.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876431/; classtype:trojan-activity;sid:84739531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86_64"; depth:10; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876429/; classtype:trojan-activity;sid:84739529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/main.x86_64"; depth:17; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876430/; classtype:trojan-activity;sid:84739530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/boatnet.x86"; depth:17; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876426/; classtype:trojan-activity;sid:84739526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/untouchable.x86"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876427/; classtype:trojan-activity;sid:84739527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/untouchable.x86"; depth:20; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876428/; classtype:trojan-activity;sid:84739528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/untouchable.x86"; depth:21; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876424/; classtype:trojan-activity;sid:84739524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/untouchable.x86_64"; depth:24; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876425/; classtype:trojan-activity;sid:84739525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/tadashi.x86_64"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876422/; classtype:trojan-activity;sid:84739522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2//bot.x86"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876423/; classtype:trojan-activity;sid:84739523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/boatnet.x86_64"; depth:20; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876421/; classtype:trojan-activity;sid:84739521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876420/; classtype:trojan-activity;sid:84739520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tuxbot.x86_64"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876417/; classtype:trojan-activity;sid:84739517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/tuxbot.x86"; depth:14; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876418/; classtype:trojan-activity;sid:84739518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/bot.x86_64"; depth:14; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876419/; classtype:trojan-activity;sid:84739519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/tadashi.x86_64"; depth:18; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876414/; classtype:trojan-activity;sid:84739514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/main.x86_64"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876415/; classtype:trojan-activity;sid:84739515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/boatnet.x86_64"; depth:18; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876416/; classtype:trojan-activity;sid:84739516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/sora.x86_64"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876411/; classtype:trojan-activity;sid:84739511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/main.x86"; depth:14; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876412/; classtype:trojan-activity;sid:84739512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876413/; classtype:trojan-activity;sid:84739513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/tuxbot.x86"; depth:21; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876404/; classtype:trojan-activity;sid:84739504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/main.x86"; depth:13; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876405/; classtype:trojan-activity;sid:84739505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/bot.x86"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876406/; classtype:trojan-activity;sid:84739506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86_64"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876407/; classtype:trojan-activity;sid:84739507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.x86_64"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876408/; classtype:trojan-activity;sid:84739508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tuxbot.x86"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876409/; classtype:trojan-activity;sid:84739509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/tuxbot.x86_64"; depth:18; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876410/; classtype:trojan-activity;sid:84739510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/nerv.x86_64"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876402/; classtype:trojan-activity;sid:84739502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.x86"; depth:13; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876403/; classtype:trojan-activity;sid:84739503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/main.x86"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876397/; classtype:trojan-activity;sid:84739497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/nerv.x86"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876398/; classtype:trojan-activity;sid:84739498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.x86_64"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876399/; classtype:trojan-activity;sid:84739499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/tuxbot.x86_64"; depth:17; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876400/; classtype:trojan-activity;sid:84739500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/main.x86_64"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876401/; classtype:trojan-activity;sid:84739501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.x86"; depth:13; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876396/; classtype:trojan-activity;sid:84739496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tadashi.x86_64"; depth:20; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876392/; classtype:trojan-activity;sid:84739492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/tadashi.x86"; depth:22; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876393/; classtype:trojan-activity;sid:84739493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/x86"; depth:8; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876394/; classtype:trojan-activity;sid:84739494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/untouchable.x86"; depth:26; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876395/; classtype:trojan-activity;sid:84739495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/untouchable.x86_64"; depth:22; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876387/; classtype:trojan-activity;sid:84739487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nerv.x86"; depth:14; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876388/; classtype:trojan-activity;sid:84739488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/boatnet.x86"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876389/; classtype:trojan-activity;sid:84739489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876390/; classtype:trojan-activity;sid:84739490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nerv.x86_64"; depth:17; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876391/; classtype:trojan-activity;sid:84739491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/sora.x86"; depth:13; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876382/; classtype:trojan-activity;sid:84739482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86"; depth:7; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876383/; classtype:trojan-activity;sid:84739483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/bot.x86_64"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876384/; classtype:trojan-activity;sid:84739484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/untouchable.x86_64"; depth:29; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876385/; classtype:trojan-activity;sid:84739485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/sora.x86_64"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876386/; classtype:trojan-activity;sid:84739486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/boatnet.x86"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876381/; classtype:trojan-activity;sid:84739481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/tadashi.x86"; depth:17; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876378/; classtype:trojan-activity;sid:84739478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876379/; classtype:trojan-activity;sid:84739479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/tadashi.x86"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876380/; classtype:trojan-activity;sid:84739480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/nerv.x86"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876367/; classtype:trojan-activity;sid:84739467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nerv.x86_64"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876368/; classtype:trojan-activity;sid:84739468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876369/; classtype:trojan-activity;sid:84739469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main.x86_64"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876370/; classtype:trojan-activity;sid:84739470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/bot.x86_64"; depth:21; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876371/; classtype:trojan-activity;sid:84739471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/sora.x86_64"; depth:22; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876372/; classtype:trojan-activity;sid:84739472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/main.x86"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876373/; classtype:trojan-activity;sid:84739473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.x86"; depth:9; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876374/; classtype:trojan-activity;sid:84739474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.x86_64"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876375/; classtype:trojan-activity;sid:84739475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check.sh"; depth:9; endswith; nocase; http.host; content:"45.225.135.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876376/; classtype:trojan-activity;sid:84739476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boatnet.x86"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876377/; classtype:trojan-activity;sid:84739477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/tadashi.x86_64"; depth:25; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876365/; classtype:trojan-activity;sid:84739465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tadashi.x86_64"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876366/; classtype:trojan-activity;sid:84739466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boatnet.x86_64"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876362/; classtype:trojan-activity;sid:84739462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/nerv.x86_64"; depth:22; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876363/; classtype:trojan-activity;sid:84739463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/main.x86_64"; depth:22; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876364/; classtype:trojan-activity;sid:84739464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cf7313a869b75634.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876361/; classtype:trojan-activity;sid:84739461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nilapila.docx.psd.pdf.in.sys.nilapila.docx.psd.pdf.in.sys"; depth:58; endswith; nocase; http.host; content:"mineiicancry25june2026.blogspot.com"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876360/; classtype:trojan-activity;sid:84739460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3929e99cb34bd81d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876356/; classtype:trojan-activity;sid:84739456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nilapila.docx.psd.pdf.in.sys.nilapila.docx.psd.pdf.in.sys|3f|m=1"; depth:65; endswith; nocase; http.host; content:"mineiicancry25june2026.blogspot.com"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876357/; classtype:trojan-activity;sid:84739457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5efa8b22546fb824.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876358/; classtype:trojan-activity;sid:84739458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugd/09c1d5_f29a3b493ad342199c678fc221f44af7.txt"; depth:48; endswith; nocase; http.host; content:"09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.filesusr.com"; depth:49; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876359/; classtype:trojan-activity;sid:84739459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apache"; depth:7; endswith; nocase; http.host; content:"31.76.241.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876355/; classtype:trojan-activity;sid:84739455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/fuckall.sh"; depth:19; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876354/; classtype:trojan-activity;sid:84739454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s4warm/cybervalorant-valorant-cheat-aimbot-esp/main/eduty%20external/valorant-external.vcxproj"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876353/; classtype:trojan-activity;sid:84739453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/besvigahw/valorant-efi-driver-cheat-hack/main/driver/driver/eficlient.vcxproj"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876352/; classtype:trojan-activity;sid:84739452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom.xml"; depth:9; endswith; nocase; http.host; content:"mineiicancry25june2026.blogspot.com"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876350/; classtype:trojan-activity;sid:84739450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom.xml|3f|m=1"; depth:16; endswith; nocase; http.host; content:"mineiicancry25june2026.blogspot.com"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876351/; classtype:trojan-activity;sid:84739451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4e2018f59b40990b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876347/; classtype:trojan-activity;sid:84739447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e6c9920023234218.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876348/; classtype:trojan-activity;sid:84739448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cb304e7539c83e32.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876349/; classtype:trojan-activity;sid:84739449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.243.27.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876346/; classtype:trojan-activity;sid:84739446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/untouchable.x86"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876345/; classtype:trojan-activity;sid:84739445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.251.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876344/; classtype:trojan-activity;sid:84739444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.103.251"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876343/; classtype:trojan-activity;sid:84739443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.216.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876342/; classtype:trojan-activity;sid:84739442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/tedy324/techub-v7/rtt-6"; depth:27; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876340/; classtype:trojan-activity;sid:84739440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9957f452-10ee-4604-9013-043730dd6937"; depth:37; endswith; nocase; http.host; content:"nxbv.sabad724.bio"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876341/; classtype:trojan-activity;sid:84739441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876339/; classtype:trojan-activity;sid:84739439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876338/; classtype:trojan-activity;sid:84739438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876336/; classtype:trojan-activity;sid:84739436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876337/; classtype:trojan-activity;sid:84739437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876335/; classtype:trojan-activity;sid:84739435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876332/; classtype:trojan-activity;sid:84739432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876333/; classtype:trojan-activity;sid:84739433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876334/; classtype:trojan-activity;sid:84739434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876331/; classtype:trojan-activity;sid:84739431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876329/; classtype:trojan-activity;sid:84739429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876330/; classtype:trojan-activity;sid:84739430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876327/; classtype:trojan-activity;sid:84739427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876328/; classtype:trojan-activity;sid:84739428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876326/; classtype:trojan-activity;sid:84739426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876324/; classtype:trojan-activity;sid:84739424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876325/; classtype:trojan-activity;sid:84739425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876320/; classtype:trojan-activity;sid:84739420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876321/; classtype:trojan-activity;sid:84739421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876322/; classtype:trojan-activity;sid:84739422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876323/; classtype:trojan-activity;sid:84739423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876318/; classtype:trojan-activity;sid:84739418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876319/; classtype:trojan-activity;sid:84739419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876317/; classtype:trojan-activity;sid:84739417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876316/; classtype:trojan-activity;sid:84739416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876312/; classtype:trojan-activity;sid:84739412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876313/; classtype:trojan-activity;sid:84739413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876314/; classtype:trojan-activity;sid:84739414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876315/; classtype:trojan-activity;sid:84739415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876303/; classtype:trojan-activity;sid:84739403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876304/; classtype:trojan-activity;sid:84739404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876305/; classtype:trojan-activity;sid:84739405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876306/; classtype:trojan-activity;sid:84739406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876307/; classtype:trojan-activity;sid:84739407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876308/; classtype:trojan-activity;sid:84739408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876309/; classtype:trojan-activity;sid:84739409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876310/; classtype:trojan-activity;sid:84739410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876311/; classtype:trojan-activity;sid:84739411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876294/; classtype:trojan-activity;sid:84739394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876295/; classtype:trojan-activity;sid:84739395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876296/; classtype:trojan-activity;sid:84739396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876297/; classtype:trojan-activity;sid:84739397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876298/; classtype:trojan-activity;sid:84739398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876299/; classtype:trojan-activity;sid:84739399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876300/; classtype:trojan-activity;sid:84739400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876301/; classtype:trojan-activity;sid:84739401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"mail.dns2.vendasptg.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876302/; classtype:trojan-activity;sid:84739402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876290/; classtype:trojan-activity;sid:84739390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876291/; classtype:trojan-activity;sid:84739391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876292/; classtype:trojan-activity;sid:84739392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"pagar10.vendasptg.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876293/; classtype:trojan-activity;sid:84739393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"176-97-210-186.syd.nbn.aussiebb.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876287/; classtype:trojan-activity;sid:84739387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"dns2.vendasptg.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876288/; classtype:trojan-activity;sid:84739388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"mail.pagar10.vendasptg.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876289/; classtype:trojan-activity;sid:84739389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"server-176-97-210-186.da.direct"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876286/; classtype:trojan-activity;sid:84739386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.42.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876285/; classtype:trojan-activity;sid:84739385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.243.27.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876284/; classtype:trojan-activity;sid:84739384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.12.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876282/; classtype:trojan-activity;sid:84739382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.12.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876283/; classtype:trojan-activity;sid:84739383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.145.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876281/; classtype:trojan-activity;sid:84739381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv5l"; depth:16; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876280/; classtype:trojan-activity;sid:84739380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.i486"; depth:14; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876269/; classtype:trojan-activity;sid:84739369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv7l"; depth:16; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876270/; classtype:trojan-activity;sid:84739370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.powerpc-440fp"; depth:23; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876271/; classtype:trojan-activity;sid:84739371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.mips64"; depth:16; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876272/; classtype:trojan-activity;sid:84739372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv4l"; depth:16; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876273/; classtype:trojan-activity;sid:84739373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv4tl"; depth:17; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876274/; classtype:trojan-activity;sid:84739374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.x86_64"; depth:16; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876275/; classtype:trojan-activity;sid:84739375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.mips"; depth:14; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876276/; classtype:trojan-activity;sid:84739376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.i586"; depth:14; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876277/; classtype:trojan-activity;sid:84739377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.i686"; depth:14; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876278/; classtype:trojan-activity;sid:84739378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.mipsel"; depth:16; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876279/; classtype:trojan-activity;sid:84739379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.m68k"; depth:14; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876264/; classtype:trojan-activity;sid:84739364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv6l"; depth:16; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876265/; classtype:trojan-activity;sid:84739365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.powerpc"; depth:17; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876266/; classtype:trojan-activity;sid:84739366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.sh4"; depth:13; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876267/; classtype:trojan-activity;sid:84739367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bin.armv4eb"; depth:17; endswith; nocase; http.host; content:"176.65.148.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876268/; classtype:trojan-activity;sid:84739368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.216.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876263/; classtype:trojan-activity;sid:84739363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.103.251"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876262/; classtype:trojan-activity;sid:84739362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=eef02546-fb14-4a9b-b56b-60ad5f1905b2"; depth:47; endswith; nocase; http.host; content:"nxk3vadq.1xprobet.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876261/; classtype:trojan-activity;sid:84739361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.49.213.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876260/; classtype:trojan-activity;sid:84739360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.251.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876259/; classtype:trojan-activity;sid:84739359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuxbot.x86_64"; depth:14; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876258/; classtype:trojan-activity;sid:84739358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876256/; classtype:trojan-activity;sid:84739356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.19.49.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876257/; classtype:trojan-activity;sid:84739357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.218.83"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876255/; classtype:trojan-activity;sid:84739355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.111.24.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876254/; classtype:trojan-activity;sid:84739354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.135.218.83"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876253/; classtype:trojan-activity;sid:84739353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.220.145.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876252/; classtype:trojan-activity;sid:84739352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.184.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876251/; classtype:trojan-activity;sid:84739351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"91.92.240.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876250/; classtype:trojan-activity;sid:84739350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"91.92.240.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876249/; classtype:trojan-activity;sid:84739349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"91.92.240.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876247/; classtype:trojan-activity;sid:84739347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"91.92.240.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876248/; classtype:trojan-activity;sid:84739348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.m68k"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876244/; classtype:trojan-activity;sid:84739344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.ppc"; depth:50; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876245/; classtype:trojan-activity;sid:84739345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmaarriioisectanee/mmaarriioisectanee.mips"; depth:43; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876246/; classtype:trojan-activity;sid:84739346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.x86"; depth:50; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876243/; classtype:trojan-activity;sid:84739343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm7"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876232/; classtype:trojan-activity;sid:84739332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm"; depth:50; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876233/; classtype:trojan-activity;sid:84739333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.spc"; depth:50; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876234/; classtype:trojan-activity;sid:84739334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm6"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876235/; classtype:trojan-activity;sid:84739335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.arm5"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876236/; classtype:trojan-activity;sid:84739336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.mips"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876237/; classtype:trojan-activity;sid:84739337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.mpsl"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876238/; classtype:trojan-activity;sid:84739338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.i586"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876239/; classtype:trojan-activity;sid:84739339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.x86_64"; depth:53; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876240/; classtype:trojan-activity;sid:84739340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.i686"; depth:51; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876241/; classtype:trojan-activity;sid:84739341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0l1mxjm4mdl4jjfjf7sb2vdmv/mmaarriioisectanee.sh4"; depth:50; endswith; nocase; http.host; content:"5.253.246.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876242/; classtype:trojan-activity;sid:84739342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.255.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876231/; classtype:trojan-activity;sid:84739331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.100.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876230/; classtype:trojan-activity;sid:84739330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876229/; classtype:trojan-activity;sid:84739329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876228/; classtype:trojan-activity;sid:84739328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.184.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876227/; classtype:trojan-activity;sid:84739327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm7"; depth:11; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876226/; classtype:trojan-activity;sid:84739326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm6"; depth:11; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876220/; classtype:trojan-activity;sid:84739320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.m68k"; depth:11; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876221/; classtype:trojan-activity;sid:84739321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.spc"; depth:10; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876222/; classtype:trojan-activity;sid:84739322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm5"; depth:11; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876223/; classtype:trojan-activity;sid:84739323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.arm"; depth:10; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876224/; classtype:trojan-activity;sid:84739324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.x86"; depth:10; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876225/; classtype:trojan-activity;sid:84739325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.sh4"; depth:10; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876218/; classtype:trojan-activity;sid:84739318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirai.mips"; depth:11; endswith; nocase; http.host; content:"176.97.210.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876219/; classtype:trojan-activity;sid:84739319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"194.26.192.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876217/; classtype:trojan-activity;sid:84739317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"194.26.192.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876216/; classtype:trojan-activity;sid:84739316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"192.159.99.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876215/; classtype:trojan-activity;sid:84739315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"192.159.99.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876214/; classtype:trojan-activity;sid:84739314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.238.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876213/; classtype:trojan-activity;sid:84739313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.251.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876212/; classtype:trojan-activity;sid:84739312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=44791ca1-0c48-42db-a742-763b32f0a9fa"; depth:47; endswith; nocase; http.host; content:"u5xjkopi.1xbetpartnersiran.com"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876210/; classtype:trojan-activity;sid:84739310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a848cfec-7bfd-46a8-876a-9f584ccf855b"; depth:47; endswith; nocase; http.host; content:"ty954rii.313betios.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876211/; classtype:trojan-activity;sid:84739311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.148.146"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876209/; classtype:trojan-activity;sid:84739309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.100.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876208/; classtype:trojan-activity;sid:84739308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.238.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876207/; classtype:trojan-activity;sid:84739307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.235.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876206/; classtype:trojan-activity;sid:84739306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/x86_64"; depth:17; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876205/; classtype:trojan-activity;sid:84739305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.61.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876204/; classtype:trojan-activity;sid:84739304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuxbot.x86"; depth:11; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876203/; classtype:trojan-activity;sid:84739303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/tadashi.x86"; depth:16; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876202/; classtype:trojan-activity;sid:84739302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.195.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876201/; classtype:trojan-activity;sid:84739301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.47.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876200/; classtype:trojan-activity;sid:84739300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.195.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876199/; classtype:trojan-activity;sid:84739299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.xml"; depth:6; endswith; nocase; http.host; content:"45.225.135.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876198/; classtype:trojan-activity;sid:84739298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.26.202.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876197/; classtype:trojan-activity;sid:84739297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.45.81"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876196/; classtype:trojan-activity;sid:84739296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.194.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876195/; classtype:trojan-activity;sid:84739295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/tuxbot.x86"; depth:15; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876194/; classtype:trojan-activity;sid:84739294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.211.47.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876193/; classtype:trojan-activity;sid:84739293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876192/; classtype:trojan-activity;sid:84739292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.26.202.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876191/; classtype:trojan-activity;sid:84739291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.196.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876190/; classtype:trojan-activity;sid:84739290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/x86"; depth:14; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876189/; classtype:trojan-activity;sid:84739289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876188/; classtype:trojan-activity;sid:84739288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.197.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876187/; classtype:trojan-activity;sid:84739287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.74.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876186/; classtype:trojan-activity;sid:84739286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.45.81"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876185/; classtype:trojan-activity;sid:84739285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.97.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876184/; classtype:trojan-activity;sid:84739284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.196.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876183/; classtype:trojan-activity;sid:84739283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nerv.x86"; depth:9; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876182/; classtype:trojan-activity;sid:84739282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876181/; classtype:trojan-activity;sid:84739281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.13.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876180/; classtype:trojan-activity;sid:84739280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.97.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876179/; classtype:trojan-activity;sid:84739279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876178/; classtype:trojan-activity;sid:84739278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876177/; classtype:trojan-activity;sid:84739277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main.x86"; depth:9; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876176/; classtype:trojan-activity;sid:84739276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.9.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876174/; classtype:trojan-activity;sid:84739274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.13.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876175/; classtype:trojan-activity;sid:84739275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.243.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876173/; classtype:trojan-activity;sid:84739273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.58.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876172/; classtype:trojan-activity;sid:84739272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.183.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876171/; classtype:trojan-activity;sid:84739271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876170/; classtype:trojan-activity;sid:84739270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.31.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876169/; classtype:trojan-activity;sid:84739269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/bot.x86"; depth:18; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876168/; classtype:trojan-activity;sid:84739268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.164.128.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876167/; classtype:trojan-activity;sid:84739267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.23.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876166/; classtype:trojan-activity;sid:84739266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876165/; classtype:trojan-activity;sid:84739265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876164/; classtype:trojan-activity;sid:84739264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.183.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876163/; classtype:trojan-activity;sid:84739263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876162/; classtype:trojan-activity;sid:84739262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.1"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876160/; classtype:trojan-activity;sid:84739260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.75.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876161/; classtype:trojan-activity;sid:84739261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.213.174.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876159/; classtype:trojan-activity;sid:84739259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7d1a5001-0f3c-4f7c-99ed-6a2df7baf38f"; depth:47; endswith; nocase; http.host; content:"wqeign6o.vip1xbet.org"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876158/; classtype:trojan-activity;sid:84739258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.84.215.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876157/; classtype:trojan-activity;sid:84739257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876156/; classtype:trojan-activity;sid:84739256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.213.174.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876155/; classtype:trojan-activity;sid:84739255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/tuxbot.x86_64"; depth:24; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876154/; classtype:trojan-activity;sid:84739254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/x86_64"; depth:11; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876153/; classtype:trojan-activity;sid:84739253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=baaa48cf-b389-4c92-80bd-3ee4f0ac0992"; depth:47; endswith; nocase; http.host; content:"9ergp1lh.yekshart.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876152/; classtype:trojan-activity;sid:84739252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.49.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876151/; classtype:trojan-activity;sid:84739251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/493632231/gxqtzwd.exe"; depth:28; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876150/; classtype:trojan-activity;sid:84739250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876149/; classtype:trojan-activity;sid:84739249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.49.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876148/; classtype:trojan-activity;sid:84739248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/untouchable.x86_64"; depth:23; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876147/; classtype:trojan-activity;sid:84739247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876146/; classtype:trojan-activity;sid:84739246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876145/; classtype:trojan-activity;sid:84739245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.80.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876144/; classtype:trojan-activity;sid:84739244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.169.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876143/; classtype:trojan-activity;sid:84739243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jkl"; depth:4; endswith; nocase; http.host; content:"server-830796.thatserver.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876142/; classtype:trojan-activity;sid:84739242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.14.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876141/; classtype:trojan-activity;sid:84739241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.5.76"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876140/; classtype:trojan-activity;sid:84739240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_26; reference:url, urlhaus.abuse.ch/url/3876139/; classtype:trojan-activity;sid:84739239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/untouchable.x86_64"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876138/; classtype:trojan-activity;sid:84739238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876137/; classtype:trojan-activity;sid:84739237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876136/; classtype:trojan-activity;sid:84739236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/dsj3lxu.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876135/; classtype:trojan-activity;sid:84739235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.60.130"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876134/; classtype:trojan-activity;sid:84739234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.19.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876133/; classtype:trojan-activity;sid:84739233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oix"; depth:4; endswith; nocase; http.host; content:"server-830796.thatserver.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876132/; classtype:trojan-activity;sid:84739232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.19.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876131/; classtype:trojan-activity;sid:84739231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.118.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876130/; classtype:trojan-activity;sid:84739230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/sora.x86"; depth:19; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876129/; classtype:trojan-activity;sid:84739229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4c5222c7-0633-4d1d-bb25-47483fbe1738"; depth:47; endswith; nocase; http.host; content:"4iw2skgz.tinyshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876128/; classtype:trojan-activity;sid:84739228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b81be4fe-20dc-4d72-bab3-18b14c1d1962"; depth:47; endswith; nocase; http.host; content:"nmo1ivv6.akhlagvaahkam.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876127/; classtype:trojan-activity;sid:84739227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.61.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876126/; classtype:trojan-activity;sid:84739226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876125/; classtype:trojan-activity;sid:84739225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.14.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876124/; classtype:trojan-activity;sid:84739224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.198.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876123/; classtype:trojan-activity;sid:84739223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.118.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876122/; classtype:trojan-activity;sid:84739222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876121/; classtype:trojan-activity;sid:84739221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.198.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876120/; classtype:trojan-activity;sid:84739220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.193.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876119/; classtype:trojan-activity;sid:84739219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.30.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876118/; classtype:trojan-activity;sid:84739218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.153.196.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876117/; classtype:trojan-activity;sid:84739217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.202.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876116/; classtype:trojan-activity;sid:84739216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.202.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876115/; classtype:trojan-activity;sid:84739215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.227.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876114/; classtype:trojan-activity;sid:84739214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tadashi.x86"; depth:12; endswith; nocase; http.host; content:"72.61.196.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876113/; classtype:trojan-activity;sid:84739213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.30.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876112/; classtype:trojan-activity;sid:84739212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.204.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876111/; classtype:trojan-activity;sid:84739211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876110/; classtype:trojan-activity;sid:84739210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.153.196.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876109/; classtype:trojan-activity;sid:84739209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.99.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876108/; classtype:trojan-activity;sid:84739208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876107/; classtype:trojan-activity;sid:84739207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.99.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876106/; classtype:trojan-activity;sid:84739206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.227.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876105/; classtype:trojan-activity;sid:84739205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.75.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876104/; classtype:trojan-activity;sid:84739204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876103/; classtype:trojan-activity;sid:84739203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b25772d6-925c-4b3e-a91c-004679564062"; depth:47; endswith; nocase; http.host; content:"71zdauu1.taktikbet.bio"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876102/; classtype:trojan-activity;sid:84739202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876101/; classtype:trojan-activity;sid:84739201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.121.120.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876099/; classtype:trojan-activity;sid:84739199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.118.194"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876098/; classtype:trojan-activity;sid:84739198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876097/; classtype:trojan-activity;sid:84739197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.106.1.158"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876096/; classtype:trojan-activity;sid:84739196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.121.120.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876095/; classtype:trojan-activity;sid:84739195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.31.123"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876094/; classtype:trojan-activity;sid:84739194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.72.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876093/; classtype:trojan-activity;sid:84739193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6a5530d6-08b2-45c4-885d-9591d652bac2"; depth:47; endswith; nocase; http.host; content:"ex5nibpq.vip1xbet.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876092/; classtype:trojan-activity;sid:84739192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876091/; classtype:trojan-activity;sid:84739191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.201.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876090/; classtype:trojan-activity;sid:84739190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.46.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876089/; classtype:trojan-activity;sid:84739189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.118.194"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876088/; classtype:trojan-activity;sid:84739188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.106.1.158"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876087/; classtype:trojan-activity;sid:84739187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.31.123"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876086/; classtype:trojan-activity;sid:84739186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.46.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876085/; classtype:trojan-activity;sid:84739185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.222.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876084/; classtype:trojan-activity;sid:84739184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.222.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876083/; classtype:trojan-activity;sid:84739183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.mips"; depth:13; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876074/; classtype:trojan-activity;sid:84739174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.mpsl"; depth:13; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876075/; classtype:trojan-activity;sid:84739175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.ppc"; depth:12; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876076/; classtype:trojan-activity;sid:84739176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.x86"; depth:12; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876077/; classtype:trojan-activity;sid:84739177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.arm5"; depth:13; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876078/; classtype:trojan-activity;sid:84739178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.arm"; depth:12; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876079/; classtype:trojan-activity;sid:84739179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.spc"; depth:12; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876080/; classtype:trojan-activity;sid:84739180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.sh4"; depth:12; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876081/; classtype:trojan-activity;sid:84739181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meerkat.arm6"; depth:13; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876082/; classtype:trojan-activity;sid:84739182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.18.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876073/; classtype:trojan-activity;sid:84739173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.5.138.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876072/; classtype:trojan-activity;sid:84739172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.18.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876071/; classtype:trojan-activity;sid:84739171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876070/; classtype:trojan-activity;sid:84739170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.140.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876069/; classtype:trojan-activity;sid:84739169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e59453c8-4280-4f44-8070-b6fc1c5788ae"; depth:47; endswith; nocase; http.host; content:"hdb1qm8y.shartcart.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876068/; classtype:trojan-activity;sid:84739168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a807958c8808a7df.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876067/; classtype:trojan-activity;sid:84739167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_96500d1cd646a6d8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876066/; classtype:trojan-activity;sid:84739166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876065/; classtype:trojan-activity;sid:84739165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ec8c5bd33d915201.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876062/; classtype:trojan-activity;sid:84739162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.sh"; depth:6; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876063/; classtype:trojan-activity;sid:84739163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper.sh"; depth:11; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876064/; classtype:trojan-activity;sid:84739164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.21.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876061/; classtype:trojan-activity;sid:84739161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.21.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876060/; classtype:trojan-activity;sid:84739160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.42.89.142"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876059/; classtype:trojan-activity;sid:84739159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.5.138.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876058/; classtype:trojan-activity;sid:84739158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.140.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876057/; classtype:trojan-activity;sid:84739157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.123.9.78"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876056/; classtype:trojan-activity;sid:84739156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.164.128.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876055/; classtype:trojan-activity;sid:84739155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.12.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876054/; classtype:trojan-activity;sid:84739154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876053/; classtype:trojan-activity;sid:84739153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876052/; classtype:trojan-activity;sid:84739152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.70.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876051/; classtype:trojan-activity;sid:84739151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.109.227.30"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876050/; classtype:trojan-activity;sid:84739150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=df01d0ba-2a5b-4f55-8fb3-0b5ec3fa9e29"; depth:47; endswith; nocase; http.host; content:"t1x1vby3.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876049/; classtype:trojan-activity;sid:84739149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.171.42.227"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876047/; classtype:trojan-activity;sid:84739147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876046/; classtype:trojan-activity;sid:84739146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.108.24.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876045/; classtype:trojan-activity;sid:84739145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.109.227.30"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876044/; classtype:trojan-activity;sid:84739144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.70.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876043/; classtype:trojan-activity;sid:84739143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876042/; classtype:trojan-activity;sid:84739142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.60.130"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876041/; classtype:trojan-activity;sid:84739141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876040/; classtype:trojan-activity;sid:84739140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnc"; depth:4; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876037/; classtype:trojan-activity;sid:84739137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.189.183.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876038/; classtype:trojan-activity;sid:84739138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876039/; classtype:trojan-activity;sid:84739139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.189.183.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876036/; classtype:trojan-activity;sid:84739136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.253.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876035/; classtype:trojan-activity;sid:84739135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.230.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876034/; classtype:trojan-activity;sid:84739134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.240.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876033/; classtype:trojan-activity;sid:84739133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.252.69.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876032/; classtype:trojan-activity;sid:84739132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876031/; classtype:trojan-activity;sid:84739131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.209.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876030/; classtype:trojan-activity;sid:84739130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=74bb95fe-85d1-4247-b674-b8c0a461ae25"; depth:47; endswith; nocase; http.host; content:"cd6ts3mz.blackjackonlineplay83.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876029/; classtype:trojan-activity;sid:84739129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.253.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876028/; classtype:trojan-activity;sid:84739128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.21.174.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876027/; classtype:trojan-activity;sid:84739127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.230.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876026/; classtype:trojan-activity;sid:84739126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.105.181"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876025/; classtype:trojan-activity;sid:84739125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.21.174.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876024/; classtype:trojan-activity;sid:84739124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.209.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876023/; classtype:trojan-activity;sid:84739123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.151.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876022/; classtype:trojan-activity;sid:84739122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.190.23.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876021/; classtype:trojan-activity;sid:84739121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.198.88"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876020/; classtype:trojan-activity;sid:84739120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e938818a-fef6-4d3f-8bf3-3ee13aa5c65e"; depth:47; endswith; nocase; http.host; content:"tv2gs2t9.1xfa.bio"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876019/; classtype:trojan-activity;sid:84739119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876017/; classtype:trojan-activity;sid:84739117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.190.23.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876016/; classtype:trojan-activity;sid:84739116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/script.sh"; depth:10; endswith; nocase; http.host; content:"etaczb1.jetbetapk.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876015/; classtype:trojan-activity;sid:84739115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dynamic|3f|txd=2dfc3df264e5fdd440df3a7466922a7228001af837832252e15bfd17b5343c68"; depth:80; endswith; nocase; http.host; content:"proviewhomeinspections.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876014/; classtype:trojan-activity;sid:84739114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876009/; classtype:trojan-activity;sid:84739109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876010/; classtype:trojan-activity;sid:84739110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876011/; classtype:trojan-activity;sid:84739111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876012/; classtype:trojan-activity;sid:84739112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876013/; classtype:trojan-activity;sid:84739113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876005/; classtype:trojan-activity;sid:84739105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.arm4"; depth:10; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876006/; classtype:trojan-activity;sid:84739106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876007/; classtype:trojan-activity;sid:84739107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876008/; classtype:trojan-activity;sid:84739108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/xd.mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876004/; classtype:trojan-activity;sid:84739104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gq2"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876003/; classtype:trojan-activity;sid:84739103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ab"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876002/; classtype:trojan-activity;sid:84739102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876001/; classtype:trojan-activity;sid:84739101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3876000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.140.190.1"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3876000/; classtype:trojan-activity;sid:84739100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yqfn"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875999/; classtype:trojan-activity;sid:84739099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lyul"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875997/; classtype:trojan-activity;sid:84739097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g7vg"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875998/; classtype:trojan-activity;sid:84739098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/bdaec2a4aop0iqi/cheat.rar/file"; depth:36; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875996/; classtype:trojan-activity;sid:84739096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.198.88"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875995/; classtype:trojan-activity;sid:84739095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.106.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875994/; classtype:trojan-activity;sid:84739094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.144.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875992/; classtype:trojan-activity;sid:84739092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875991/; classtype:trojan-activity;sid:84739091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.145.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875990/; classtype:trojan-activity;sid:84739090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=67ab1e54-fcad-470b-87ea-b63168276be9"; depth:47; endswith; nocase; http.host; content:"7vs3nqp7.vip1x.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875989/; classtype:trojan-activity;sid:84739089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.106.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875988/; classtype:trojan-activity;sid:84739088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.17.248"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875987/; classtype:trojan-activity;sid:84739087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.99.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875986/; classtype:trojan-activity;sid:84739086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.83.13.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875984/; classtype:trojan-activity;sid:84739084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.68.168.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875985/; classtype:trojan-activity;sid:84739085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.248.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875983/; classtype:trojan-activity;sid:84739083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.202.142.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875982/; classtype:trojan-activity;sid:84739082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=37c0fc50-796e-482b-9c5f-4cee609c32d3"; depth:47; endswith; nocase; http.host; content:"4iuq4imv.jetbet1.pro"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875981/; classtype:trojan-activity;sid:84739081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.144.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875979/; classtype:trojan-activity;sid:84739079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.5.76"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875980/; classtype:trojan-activity;sid:84739080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.85.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875978/; classtype:trojan-activity;sid:84739078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.248.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875977/; classtype:trojan-activity;sid:84739077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.202.142.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875976/; classtype:trojan-activity;sid:84739076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"75.107.136.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875975/; classtype:trojan-activity;sid:84739075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.85.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875974/; classtype:trojan-activity;sid:84739074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c4f50d63-3b86-4cf9-8569-407f1ffe8d6f"; depth:47; endswith; nocase; http.host; content:"8opocc30.1x303.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875973/; classtype:trojan-activity;sid:84739073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.99.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875972/; classtype:trojan-activity;sid:84739072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.141.130.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875971/; classtype:trojan-activity;sid:84739071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875970/; classtype:trojan-activity;sid:84739070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron35/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875969/; classtype:trojan-activity;sid:84739069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron33/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875967/; classtype:trojan-activity;sid:84739067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron34/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875968/; classtype:trojan-activity;sid:84739068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron31/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875965/; classtype:trojan-activity;sid:84739065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron32/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875966/; classtype:trojan-activity;sid:84739066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron29/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875963/; classtype:trojan-activity;sid:84739063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron30/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875964/; classtype:trojan-activity;sid:84739064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.67.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875962/; classtype:trojan-activity;sid:84739062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron27/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875961/; classtype:trojan-activity;sid:84739061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron25/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875958/; classtype:trojan-activity;sid:84739058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron28/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875959/; classtype:trojan-activity;sid:84739059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron26/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875960/; classtype:trojan-activity;sid:84739060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron24/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875954/; classtype:trojan-activity;sid:84739054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron21/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875955/; classtype:trojan-activity;sid:84739055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron23/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875956/; classtype:trojan-activity;sid:84739056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron22/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875957/; classtype:trojan-activity;sid:84739057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron18/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875949/; classtype:trojan-activity;sid:84739049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron19/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875950/; classtype:trojan-activity;sid:84739050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron17/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875951/; classtype:trojan-activity;sid:84739051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron20/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875952/; classtype:trojan-activity;sid:84739052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron16/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875953/; classtype:trojan-activity;sid:84739053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron15/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875948/; classtype:trojan-activity;sid:84739048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.67.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875947/; classtype:trojan-activity;sid:84739047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron14/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875946/; classtype:trojan-activity;sid:84739046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron60/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875945/; classtype:trojan-activity;sid:84739045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron58/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875941/; classtype:trojan-activity;sid:84739041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron57/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875942/; classtype:trojan-activity;sid:84739042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron59/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875943/; classtype:trojan-activity;sid:84739043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron56/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875944/; classtype:trojan-activity;sid:84739044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron55/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875940/; classtype:trojan-activity;sid:84739040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron53/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875938/; classtype:trojan-activity;sid:84739038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron54/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875939/; classtype:trojan-activity;sid:84739039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron52/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875937/; classtype:trojan-activity;sid:84739037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron50/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875936/; classtype:trojan-activity;sid:84739036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron51/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875935/; classtype:trojan-activity;sid:84739035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron48/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875933/; classtype:trojan-activity;sid:84739033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron47/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875934/; classtype:trojan-activity;sid:84739034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron49/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875932/; classtype:trojan-activity;sid:84739032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron45/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875929/; classtype:trojan-activity;sid:84739029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron44/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875930/; classtype:trojan-activity;sid:84739030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron46/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875931/; classtype:trojan-activity;sid:84739031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron41/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875925/; classtype:trojan-activity;sid:84739025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron42/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875926/; classtype:trojan-activity;sid:84739026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron40/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875927/; classtype:trojan-activity;sid:84739027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron43/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875928/; classtype:trojan-activity;sid:84739028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron37/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875921/; classtype:trojan-activity;sid:84739021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron36/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875922/; classtype:trojan-activity;sid:84739022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron38/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875923/; classtype:trojan-activity;sid:84739023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron39/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875924/; classtype:trojan-activity;sid:84739024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.27.182"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875920/; classtype:trojan-activity;sid:84739020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875919/; classtype:trojan-activity;sid:84739019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.141.130.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875918/; classtype:trojan-activity;sid:84739018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j0yh-keux-j9id-2i7m/img_ozliwt.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875917/; classtype:trojan-activity;sid:84739017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.27.182"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875916/; classtype:trojan-activity;sid:84739016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.224.194.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875915/; classtype:trojan-activity;sid:84739015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sensi.sh"; depth:9; endswith; nocase; http.host; content:"176.65.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875914/; classtype:trojan-activity;sid:84739014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/izc8wp2sgdkd2kga69p4w/re-417205-908134-rechnung-de6429037.vbs|3f|rlkey=5d4amumoki24s4pbqv22ofwsx|7c|26|7c|st=ma0htyv5|7c|26|7c|dl=1"; depth:139; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875913/; classtype:trojan-activity;sid:84739013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0bc22eed-3685-4474-b210-b9e75e35294d"; depth:47; endswith; nocase; http.host; content:"qkqz220k.jetbet1.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875912/; classtype:trojan-activity;sid:84739012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.201.126.83"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875911/; classtype:trojan-activity;sid:84739011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.131.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875910/; classtype:trojan-activity;sid:84739010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.150.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875909/; classtype:trojan-activity;sid:84739009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.120.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875908/; classtype:trojan-activity;sid:84739008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.106.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875907/; classtype:trojan-activity;sid:84739007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.253.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875906/; classtype:trojan-activity;sid:84739006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.150.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875905/; classtype:trojan-activity;sid:84739005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.201.126.83"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875904/; classtype:trojan-activity;sid:84739004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.120.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875903/; classtype:trojan-activity;sid:84739003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/ip1js3nmm1jqwtfxrivkz/re-690215-374880-rechnung-de4917602.vbs|3f|rlkey=ogve9v4k3i524oj7gx7x6f0so|7c|26|7c|st=6dojarzo|7c|26|7c|dl=1"; depth:139; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875902/; classtype:trojan-activity;sid:84739002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_09db6a78e39c7ec7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875901/; classtype:trojan-activity;sid:84739001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.218.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875900/; classtype:trojan-activity;sid:84739000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.236.141"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875899/; classtype:trojan-activity;sid:84738999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.15.111"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875898/; classtype:trojan-activity;sid:84738998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.253.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875897/; classtype:trojan-activity;sid:84738997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.94.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875896/; classtype:trojan-activity;sid:84738996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.218.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875895/; classtype:trojan-activity;sid:84738995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875894/; classtype:trojan-activity;sid:84738994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875893/; classtype:trojan-activity;sid:84738993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.3.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875892/; classtype:trojan-activity;sid:84738992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.17.248"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875891/; classtype:trojan-activity;sid:84738991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.15.111"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875890/; classtype:trojan-activity;sid:84738990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.94.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875889/; classtype:trojan-activity;sid:84738989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875888/; classtype:trojan-activity;sid:84738988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.22.219.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875886/; classtype:trojan-activity;sid:84738986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875887/; classtype:trojan-activity;sid:84738987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.22.219.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875885/; classtype:trojan-activity;sid:84738985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm8"; depth:12; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875883/; classtype:trojan-activity;sid:84738983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.m68k"; depth:12; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875884/; classtype:trojan-activity;sid:84738984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mipsel"; depth:14; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875879/; classtype:trojan-activity;sid:84738979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86_64"; depth:14; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875880/; classtype:trojan-activity;sid:84738980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86"; depth:11; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875881/; classtype:trojan-activity;sid:84738981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.ppc"; depth:11; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875882/; classtype:trojan-activity;sid:84738982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm7"; depth:12; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875877/; classtype:trojan-activity;sid:84738977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mips"; depth:12; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875878/; classtype:trojan-activity;sid:84738978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm"; depth:11; endswith; nocase; http.host; content:"176.65.139.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875876/; classtype:trojan-activity;sid:84738976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7ad8380a-5ab4-470a-88fe-aab2caeeb2ff"; depth:47; endswith; nocase; http.host; content:"jw2wczuj.jetbet1.pro"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875875/; classtype:trojan-activity;sid:84738975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.147.4"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875874/; classtype:trojan-activity;sid:84738974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875873/; classtype:trojan-activity;sid:84738973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.103.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875871/; classtype:trojan-activity;sid:84738971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875872/; classtype:trojan-activity;sid:84738972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.112.129.172"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875870/; classtype:trojan-activity;sid:84738970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.95.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875869/; classtype:trojan-activity;sid:84738969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.107.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875868/; classtype:trojan-activity;sid:84738968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.137.234"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875867/; classtype:trojan-activity;sid:84738967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.107.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875866/; classtype:trojan-activity;sid:84738966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.137.234"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875865/; classtype:trojan-activity;sid:84738965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.159.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875864/; classtype:trojan-activity;sid:84738964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.149.125.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875863/; classtype:trojan-activity;sid:84738963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=96c60124-b066-4958-a5ea-a50071191f64"; depth:47; endswith; nocase; http.host; content:"6novzudn.vip1xbet.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875862/; classtype:trojan-activity;sid:84738962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.83.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875861/; classtype:trojan-activity;sid:84738961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.103.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875860/; classtype:trojan-activity;sid:84738960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.95.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875859/; classtype:trojan-activity;sid:84738959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.63.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875858/; classtype:trojan-activity;sid:84738958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cage.exe"; depth:9; endswith; nocase; http.host; content:"widerangegroup.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875857/; classtype:trojan-activity;sid:84738957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.63.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875856/; classtype:trojan-activity;sid:84738956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.31.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875855/; classtype:trojan-activity;sid:84738955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.144.150"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875854/; classtype:trojan-activity;sid:84738954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.162.10"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875853/; classtype:trojan-activity;sid:84738953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.162.10"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875852/; classtype:trojan-activity;sid:84738952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875851/; classtype:trojan-activity;sid:84738951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.149.125.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875850/; classtype:trojan-activity;sid:84738950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875843/; classtype:trojan-activity;sid:84738943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875844/; classtype:trojan-activity;sid:84738944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875845/; classtype:trojan-activity;sid:84738945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875846/; classtype:trojan-activity;sid:84738946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875847/; classtype:trojan-activity;sid:84738947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875848/; classtype:trojan-activity;sid:84738948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875849/; classtype:trojan-activity;sid:84738949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.94.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875842/; classtype:trojan-activity;sid:84738942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875840/; classtype:trojan-activity;sid:84738940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875841/; classtype:trojan-activity;sid:84738941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f28c9e09b0b2c92e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875837/; classtype:trojan-activity;sid:84738937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875838/; classtype:trojan-activity;sid:84738938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"51.158.248.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875839/; classtype:trojan-activity;sid:84738939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.104.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875836/; classtype:trojan-activity;sid:84738936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9bd2acf0-ad55-4b13-bf07-c775fcf5cd7f"; depth:47; endswith; nocase; http.host; content:"c3u193ap.betmajic.cc"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875835/; classtype:trojan-activity;sid:84738935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875834/; classtype:trojan-activity;sid:84738934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f41699fe-9f66-49bb-b033-b877b315998a"; depth:47; endswith; nocase; http.host; content:"oay019z6.1xfa.bio"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875833/; classtype:trojan-activity;sid:84738933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.93.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875832/; classtype:trojan-activity;sid:84738932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.151.34.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875831/; classtype:trojan-activity;sid:84738931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.166.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875829/; classtype:trojan-activity;sid:84738929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kblockd0"; depth:14; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875828/; classtype:trojan-activity;sid:84738928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ksoftirqd0"; depth:16; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875825/; classtype:trojan-activity;sid:84738925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cfg80211d"; depth:15; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875826/; classtype:trojan-activity;sid:84738926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/edac_polld"; depth:16; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875827/; classtype:trojan-activity;sid:84738927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworker_u8"; depth:16; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875818/; classtype:trojan-activity;sid:84738918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bioset0"; depth:13; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875819/; classtype:trojan-activity;sid:84738919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jbd2_sda1d"; depth:16; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875820/; classtype:trojan-activity;sid:84738920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/devfreq_wq"; depth:16; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875821/; classtype:trojan-activity;sid:84738921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ecryptfsd"; depth:15; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875822/; classtype:trojan-activity;sid:84738922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zswap_shrinkd"; depth:19; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875823/; classtype:trojan-activity;sid:84738923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kswapd0"; depth:13; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875824/; classtype:trojan-activity;sid:84738924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.sh"; depth:10; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875817/; classtype:trojan-activity;sid:84738917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rcuop_0"; depth:13; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875816/; classtype:trojan-activity;sid:84738916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xfsaild_sda"; depth:17; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875814/; classtype:trojan-activity;sid:84738914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/scsi_tmf_0"; depth:16; endswith; nocase; http.host; content:"45.76.149.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875815/; classtype:trojan-activity;sid:84738915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.211.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875813/; classtype:trojan-activity;sid:84738913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.242.128.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875812/; classtype:trojan-activity;sid:84738912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.151.34.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875811/; classtype:trojan-activity;sid:84738911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875810/; classtype:trojan-activity;sid:84738910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64.ghost"; depth:13; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875808/; classtype:trojan-activity;sid:84738908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l.ghost"; depth:13; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875809/; classtype:trojan-activity;sid:84738909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc.ghost"; depth:14; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875804/; classtype:trojan-activity;sid:84738904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4.ghost"; depth:10; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875805/; classtype:trojan-activity;sid:84738905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel.ghost"; depth:13; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875806/; classtype:trojan-activity;sid:84738906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64.ghost"; depth:14; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875807/; classtype:trojan-activity;sid:84738907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k.ghost"; depth:11; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875800/; classtype:trojan-activity;sid:84738900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips.ghost"; depth:11; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875801/; classtype:trojan-activity;sid:84738901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686.ghost"; depth:11; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875802/; classtype:trojan-activity;sid:84738902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l.ghost"; depth:13; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875803/; classtype:trojan-activity;sid:84738903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.211.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875799/; classtype:trojan-activity;sid:84738899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/payload.applescript"; depth:26; endswith; nocase; http.host; content:"5v12-3my5908y1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875798/; classtype:trojan-activity;sid:84738898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/loader.sh"; depth:16; endswith; nocase; http.host; content:"5v12-3my5908y1.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875797/; classtype:trojan-activity;sid:84738897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"209.250.238.240"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875796/; classtype:trojan-activity;sid:84738896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.166.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875795/; classtype:trojan-activity;sid:84738895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan"; depth:6; endswith; nocase; http.host; content:"45.63.94.71"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875794/; classtype:trojan-activity;sid:84738894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.134.19"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875791/; classtype:trojan-activity;sid:84738891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.19.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875792/; classtype:trojan-activity;sid:84738892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cf5e4a39-69f9-459a-9f8f-19dc4f0dcf17"; depth:47; endswith; nocase; http.host; content:"4olnuxxz.blackjackonlineplay83.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875789/; classtype:trojan-activity;sid:84738889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.165.231.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875788/; classtype:trojan-activity;sid:84738888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.236.74.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875787/; classtype:trojan-activity;sid:84738887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"ashahaarmans.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875786/; classtype:trojan-activity;sid:84738886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/144.exe"; depth:8; endswith; nocase; http.host; content:"ashahaarmans.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875785/; classtype:trojan-activity;sid:84738885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.134.19"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875784/; classtype:trojan-activity;sid:84738884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.187.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875783/; classtype:trojan-activity;sid:84738883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_51113c4021c7ce7a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875782/; classtype:trojan-activity;sid:84738882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.224.74.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875781/; classtype:trojan-activity;sid:84738881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.236.74.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875780/; classtype:trojan-activity;sid:84738880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.165.231.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875778/; classtype:trojan-activity;sid:84738878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.187.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875779/; classtype:trojan-activity;sid:84738879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.187.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875777/; classtype:trojan-activity;sid:84738877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.224.74.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875776/; classtype:trojan-activity;sid:84738876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.80.14.41"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875775/; classtype:trojan-activity;sid:84738875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0e0abe39-4e05-40ea-a663-04b2e1f0feb1"; depth:47; endswith; nocase; http.host; content:"ygbl3eg2.vip1xbet.org"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875774/; classtype:trojan-activity;sid:84738874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.84.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875773/; classtype:trojan-activity;sid:84738873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_770ba08c32f49311.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875772/; classtype:trojan-activity;sid:84738872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.164.238.73"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875771/; classtype:trojan-activity;sid:84738871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deploy_softwaretech.sh"; depth:23; endswith; nocase; http.host; content:"45.225.135.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875770/; classtype:trojan-activity;sid:84738870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghost.sh"; depth:9; endswith; nocase; http.host; content:"176.65.139.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875769/; classtype:trojan-activity;sid:84738869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/072d9420-f4da-402d-ab74-9195bee8d427/pf.ch"; depth:43; endswith; nocase; http.host; content:"fdg.jetbet1.xyz"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875768/; classtype:trojan-activity;sid:84738868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_7d35d73729c60ac7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875767/; classtype:trojan-activity;sid:84738867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.181.113"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875766/; classtype:trojan-activity;sid:84738866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.150"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875765/; classtype:trojan-activity;sid:84738865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.80.14.41"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875764/; classtype:trojan-activity;sid:84738864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b7cd8121-586a-47e6-8acc-07ae169647bd"; depth:47; endswith; nocase; http.host; content:"pa9xqikq.1000shart.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875763/; classtype:trojan-activity;sid:84738863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.193.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875762/; classtype:trojan-activity;sid:84738862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.0.132"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875761/; classtype:trojan-activity;sid:84738861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.66.64.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875760/; classtype:trojan-activity;sid:84738860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.193.203.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875759/; classtype:trojan-activity;sid:84738859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875758/; classtype:trojan-activity;sid:84738858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.191.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875757/; classtype:trojan-activity;sid:84738857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.85.193"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875756/; classtype:trojan-activity;sid:84738856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.212.37.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875755/; classtype:trojan-activity;sid:84738855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=361a0d0e-e4e4-4b68-afe9-3ecaa2dd28e3"; depth:47; endswith; nocase; http.host; content:"g3byemsx.xbetone.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875754/; classtype:trojan-activity;sid:84738854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875753/; classtype:trojan-activity;sid:84738853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.0.132"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875752/; classtype:trojan-activity;sid:84738852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.191.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875751/; classtype:trojan-activity;sid:84738851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.122.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875750/; classtype:trojan-activity;sid:84738850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.221.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875748/; classtype:trojan-activity;sid:84738848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.122.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875747/; classtype:trojan-activity;sid:84738847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.41.156"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875746/; classtype:trojan-activity;sid:84738846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.41.156"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875745/; classtype:trojan-activity;sid:84738845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875744/; classtype:trojan-activity;sid:84738844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.45.14.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875743/; classtype:trojan-activity;sid:84738843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7fdf217b-76cd-49a9-945e-1ddc06f9cfb5"; depth:47; endswith; nocase; http.host; content:"5qsj6shb.rigel1poker.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875742/; classtype:trojan-activity;sid:84738842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.85.193"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875741/; classtype:trojan-activity;sid:84738841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.34.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875740/; classtype:trojan-activity;sid:84738840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.45.14.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875739/; classtype:trojan-activity;sid:84738839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.249.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875738/; classtype:trojan-activity;sid:84738838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875737/; classtype:trojan-activity;sid:84738837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.188.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875736/; classtype:trojan-activity;sid:84738836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.188.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875735/; classtype:trojan-activity;sid:84738835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.67.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875734/; classtype:trojan-activity;sid:84738834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.107.12.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875733/; classtype:trojan-activity;sid:84738833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.70.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875732/; classtype:trojan-activity;sid:84738832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.104.181"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875731/; classtype:trojan-activity;sid:84738831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.1.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875730/; classtype:trojan-activity;sid:84738830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.95.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875729/; classtype:trojan-activity;sid:84738829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.111.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875727/; classtype:trojan-activity;sid:84738827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.1.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875728/; classtype:trojan-activity;sid:84738828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.67.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_25; reference:url, urlhaus.abuse.ch/url/3875726/; classtype:trojan-activity;sid:84738826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.95.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875725/; classtype:trojan-activity;sid:84738825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.243.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875724/; classtype:trojan-activity;sid:84738824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.65.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875723/; classtype:trojan-activity;sid:84738823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.26.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875722/; classtype:trojan-activity;sid:84738822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d3ece653-6dcf-43a3-87cb-1409b785d187"; depth:47; endswith; nocase; http.host; content:"glbr7plk.parsballl.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875721/; classtype:trojan-activity;sid:84738821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.111.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875720/; classtype:trojan-activity;sid:84738820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.42.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875719/; classtype:trojan-activity;sid:84738819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.233.77.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875717/; classtype:trojan-activity;sid:84738817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875718/; classtype:trojan-activity;sid:84738818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.42.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875716/; classtype:trojan-activity;sid:84738816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.65.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875715/; classtype:trojan-activity;sid:84738815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.233.77.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875714/; classtype:trojan-activity;sid:84738814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.93.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875713/; classtype:trojan-activity;sid:84738813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.131.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875712/; classtype:trojan-activity;sid:84738812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.215.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875710/; classtype:trojan-activity;sid:84738810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.74.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875711/; classtype:trojan-activity;sid:84738811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.66.64.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875709/; classtype:trojan-activity;sid:84738809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.215.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875708/; classtype:trojan-activity;sid:84738808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875707/; classtype:trojan-activity;sid:84738807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.80.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875705/; classtype:trojan-activity;sid:84738805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.144.208"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875706/; classtype:trojan-activity;sid:84738806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.224.228.37"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875704/; classtype:trojan-activity;sid:84738804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.253.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875703/; classtype:trojan-activity;sid:84738803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.42.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875701/; classtype:trojan-activity;sid:84738801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.80.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875702/; classtype:trojan-activity;sid:84738802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.87.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875700/; classtype:trojan-activity;sid:84738800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"153.117.6.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875699/; classtype:trojan-activity;sid:84738799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.144.208"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875687/; classtype:trojan-activity;sid:84738787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/tbk"; depth:7; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875686/; classtype:trojan-activity;sid:84738786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875685/; classtype:trojan-activity;sid:84738785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.87.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875684/; classtype:trojan-activity;sid:84738784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.251.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875683/; classtype:trojan-activity;sid:84738783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/ppc"; depth:7; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875673/; classtype:trojan-activity;sid:84738773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86"; depth:7; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875674/; classtype:trojan-activity;sid:84738774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv5l"; depth:10; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875675/; classtype:trojan-activity;sid:84738775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv7l"; depth:10; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875676/; classtype:trojan-activity;sid:84738776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86_64"; depth:10; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875677/; classtype:trojan-activity;sid:84738777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/m68k"; depth:8; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875678/; classtype:trojan-activity;sid:84738778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv4l"; depth:10; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875679/; classtype:trojan-activity;sid:84738779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv6l"; depth:10; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875680/; classtype:trojan-activity;sid:84738780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/sh4"; depth:7; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875681/; classtype:trojan-activity;sid:84738781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mips64"; depth:10; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875682/; classtype:trojan-activity;sid:84738782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/aarch64"; depth:11; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875672/; classtype:trojan-activity;sid:84738772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.253.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875671/; classtype:trojan-activity;sid:84738771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=48859f92-b5fc-4d03-9c1a-0052c24c5e40"; depth:47; endswith; nocase; http.host; content:"1owgctfi.ekhtelalattabrizi.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875670/; classtype:trojan-activity;sid:84738770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.164.115.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875669/; classtype:trojan-activity;sid:84738769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mips"; depth:8; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875667/; classtype:trojan-activity;sid:84738767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/lterouter"; depth:13; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875668/; classtype:trojan-activity;sid:84738768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mpsl"; depth:8; endswith; nocase; http.host; content:"51.81.96.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875666/; classtype:trojan-activity;sid:84738766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.101.0.88"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875665/; classtype:trojan-activity;sid:84738765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.15.46"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875664/; classtype:trojan-activity;sid:84738764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875663/; classtype:trojan-activity;sid:84738763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5cc291ec-850e-49a0-8e79-7c2d41690321"; depth:47; endswith; nocase; http.host; content:"6shg02c5.onlinecasinorouletteblackjack.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875662/; classtype:trojan-activity;sid:84738762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.164.115.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875661/; classtype:trojan-activity;sid:84738761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.145.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875660/; classtype:trojan-activity;sid:84738760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.238.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875659/; classtype:trojan-activity;sid:84738759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.42.89.142"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875658/; classtype:trojan-activity;sid:84738758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.15.46"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875657/; classtype:trojan-activity;sid:84738757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875656/; classtype:trojan-activity;sid:84738756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.185.93.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875655/; classtype:trojan-activity;sid:84738755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.99.162.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875654/; classtype:trojan-activity;sid:84738754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.185.93.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875653/; classtype:trojan-activity;sid:84738753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=44fdb697-24db-41d8-afc9-09557b3b7b45"; depth:47; endswith; nocase; http.host; content:"b97pimiu.vip1x.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875652/; classtype:trojan-activity;sid:84738752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.112.129.172"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875651/; classtype:trojan-activity;sid:84738751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.238.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875650/; classtype:trojan-activity;sid:84738750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.36.23.67"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875649/; classtype:trojan-activity;sid:84738749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.101.0.88"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875648/; classtype:trojan-activity;sid:84738748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.243.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875647/; classtype:trojan-activity;sid:84738747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875646/; classtype:trojan-activity;sid:84738746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.151.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875645/; classtype:trojan-activity;sid:84738745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.186.37.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875644/; classtype:trojan-activity;sid:84738744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.163.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875643/; classtype:trojan-activity;sid:84738743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.186.37.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875642/; classtype:trojan-activity;sid:84738742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.223.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875641/; classtype:trojan-activity;sid:84738741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.224.9.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875640/; classtype:trojan-activity;sid:84738740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.163.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875639/; classtype:trojan-activity;sid:84738739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.240.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875638/; classtype:trojan-activity;sid:84738738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pm68k"; depth:11; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875636/; classtype:trojan-activity;sid:84738736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875637/; classtype:trojan-activity;sid:84738737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.29.223.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875635/; classtype:trojan-activity;sid:84738735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875634/; classtype:trojan-activity;sid:84738734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=032922bc-e273-4542-8708-60927a371713"; depth:47; endswith; nocase; http.host; content:"xxgbaenv.onlineblackjackscam.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875633/; classtype:trojan-activity;sid:84738733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875632/; classtype:trojan-activity;sid:84738732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.240.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875631/; classtype:trojan-activity;sid:84738731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.107.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875630/; classtype:trojan-activity;sid:84738730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.224.9.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875629/; classtype:trojan-activity;sid:84738729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.174.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875628/; classtype:trojan-activity;sid:84738728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.174.122.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875627/; classtype:trojan-activity;sid:84738727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.76.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875626/; classtype:trojan-activity;sid:84738726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.98.97.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875625/; classtype:trojan-activity;sid:84738725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.158.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875624/; classtype:trojan-activity;sid:84738724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.174.122.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875623/; classtype:trojan-activity;sid:84738723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.158.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875622/; classtype:trojan-activity;sid:84738722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.144.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875621/; classtype:trojan-activity;sid:84738721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.122.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875620/; classtype:trojan-activity;sid:84738720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.76.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875619/; classtype:trojan-activity;sid:84738719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.144.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875618/; classtype:trojan-activity;sid:84738718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.98.97.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875617/; classtype:trojan-activity;sid:84738717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.156.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875616/; classtype:trojan-activity;sid:84738716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.137.114"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875615/; classtype:trojan-activity;sid:84738715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.122.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875614/; classtype:trojan-activity;sid:84738714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.156.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875613/; classtype:trojan-activity;sid:84738713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.137.114"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875612/; classtype:trojan-activity;sid:84738712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.137.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875611/; classtype:trojan-activity;sid:84738711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.160.130.109"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875610/; classtype:trojan-activity;sid:84738710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.84.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875609/; classtype:trojan-activity;sid:84738709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e06ecccc-7a43-4453-8895-6ff22a2bfdbd"; depth:47; endswith; nocase; http.host; content:"ss9sxw23.online-blackjack-j.info"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875608/; classtype:trojan-activity;sid:84738708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.131.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875607/; classtype:trojan-activity;sid:84738707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.84.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875605/; classtype:trojan-activity;sid:84738705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.249.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875606/; classtype:trojan-activity;sid:84738706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.9.33"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875604/; classtype:trojan-activity;sid:84738704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.102.33"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875603/; classtype:trojan-activity;sid:84738703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3f407dbb-4d46-4a51-aaad-c2590716f03f"; depth:47; endswith; nocase; http.host; content:"hbcq8sv3.oghabbet1.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875602/; classtype:trojan-activity;sid:84738702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.160.130.109"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875601/; classtype:trojan-activity;sid:84738701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.140.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875600/; classtype:trojan-activity;sid:84738700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.181.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875599/; classtype:trojan-activity;sid:84738699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.74.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875598/; classtype:trojan-activity;sid:84738698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.74.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875597/; classtype:trojan-activity;sid:84738697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5422679e-54d2-48bf-9ca5-e189c0ae943c"; depth:47; endswith; nocase; http.host; content:"4o63jpbm.ekhtelalat.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875596/; classtype:trojan-activity;sid:84738696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.4.166"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875595/; classtype:trojan-activity;sid:84738695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1bafc197e17b2b27.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875594/; classtype:trojan-activity;sid:84738694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.181.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875593/; classtype:trojan-activity;sid:84738693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"156.226.174.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875592/; classtype:trojan-activity;sid:84738692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heilongbotnet.arm7"; depth:19; endswith; nocase; http.host; content:"103.30.183.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875591/; classtype:trojan-activity;sid:84738691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_89313d786b8bc386.ps1"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875590/; classtype:trojan-activity;sid:84738690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dee49145-da2e-4229-a145-7a29b95bca16"; depth:47; endswith; nocase; http.host; content:"ljkfok0p.vip1xbet.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875589/; classtype:trojan-activity;sid:84738689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.250.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875588/; classtype:trojan-activity;sid:84738688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.69.45"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875587/; classtype:trojan-activity;sid:84738687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.182.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875586/; classtype:trojan-activity;sid:84738686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.140.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875585/; classtype:trojan-activity;sid:84738685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.250.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875584/; classtype:trojan-activity;sid:84738684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.146.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875583/; classtype:trojan-activity;sid:84738683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.32.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875582/; classtype:trojan-activity;sid:84738682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=48d42bd7-c73c-4907-8c40-8a70f41e8682"; depth:47; endswith; nocase; http.host; content:"8aldchrh.jetbt9.online"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875581/; classtype:trojan-activity;sid:84738681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.245.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875580/; classtype:trojan-activity;sid:84738680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.187.105.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875579/; classtype:trojan-activity;sid:84738679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.123.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875578/; classtype:trojan-activity;sid:84738678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.33.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875577/; classtype:trojan-activity;sid:84738677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.229.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875576/; classtype:trojan-activity;sid:84738676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.39.122.214"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875575/; classtype:trojan-activity;sid:84738675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.123.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875574/; classtype:trojan-activity;sid:84738674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.33.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875573/; classtype:trojan-activity;sid:84738673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.229.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875572/; classtype:trojan-activity;sid:84738672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.34.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875571/; classtype:trojan-activity;sid:84738671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.187.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875570/; classtype:trojan-activity;sid:84738670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875569/; classtype:trojan-activity;sid:84738669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.142.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875568/; classtype:trojan-activity;sid:84738668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875567/; classtype:trojan-activity;sid:84738667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"148.170.135.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875566/; classtype:trojan-activity;sid:84738666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.147.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875565/; classtype:trojan-activity;sid:84738665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.94.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875564/; classtype:trojan-activity;sid:84738664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.250.17.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875563/; classtype:trojan-activity;sid:84738663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.116.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875562/; classtype:trojan-activity;sid:84738662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8275aba1-2d9a-443c-b065-09354981600f"; depth:47; endswith; nocase; http.host; content:"9baeu5sl.zistzirezarebin.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875561/; classtype:trojan-activity;sid:84738661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.144.104"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875560/; classtype:trojan-activity;sid:84738660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.116.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875559/; classtype:trojan-activity;sid:84738659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.250.17.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875558/; classtype:trojan-activity;sid:84738658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.249.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875557/; classtype:trojan-activity;sid:84738657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875556/; classtype:trojan-activity;sid:84738656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875554/; classtype:trojan-activity;sid:84738654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.110.60.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875555/; classtype:trojan-activity;sid:84738655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftm0-40po-ao28-g98e/img_ybcdby.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875553/; classtype:trojan-activity;sid:84738653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/300/img_214949.png"; depth:19; endswith; nocase; http.host; content:"192.3.140.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875552/; classtype:trojan-activity;sid:84738652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/300/givingmesomethinggoodthingsforme.hta"; depth:41; endswith; nocase; http.host; content:"192.3.140.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875550/; classtype:trojan-activity;sid:84738650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/makemybestgoodpartwithbetterwayscomingforme.hta"; depth:51; endswith; nocase; http.host; content:"198.23.177.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875551/; classtype:trojan-activity;sid:84738651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm5"; depth:22; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875535/; classtype:trojan-activity;sid:84738635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.mpsl"; depth:22; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875536/; classtype:trojan-activity;sid:84738636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875537/; classtype:trojan-activity;sid:84738637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875538/; classtype:trojan-activity;sid:84738638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875539/; classtype:trojan-activity;sid:84738639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/psh4"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875540/; classtype:trojan-activity;sid:84738640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875541/; classtype:trojan-activity;sid:84738641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875542/; classtype:trojan-activity;sid:84738642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875543/; classtype:trojan-activity;sid:84738643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875544/; classtype:trojan-activity;sid:84738644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875545/; classtype:trojan-activity;sid:84738645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875546/; classtype:trojan-activity;sid:84738646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875547/; classtype:trojan-activity;sid:84738647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875548/; classtype:trojan-activity;sid:84738648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pppc"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875549/; classtype:trojan-activity;sid:84738649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875533/; classtype:trojan-activity;sid:84738633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875534/; classtype:trojan-activity;sid:84738634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875528/; classtype:trojan-activity;sid:84738628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm7"; depth:22; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875529/; classtype:trojan-activity;sid:84738629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875530/; classtype:trojan-activity;sid:84738630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875531/; classtype:trojan-activity;sid:84738631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875532/; classtype:trojan-activity;sid:84738632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875526/; classtype:trojan-activity;sid:84738626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"heartbeatlinkbot.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875527/; classtype:trojan-activity;sid:84738627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm6"; depth:22; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875524/; classtype:trojan-activity;sid:84738624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.mips"; depth:22; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875525/; classtype:trojan-activity;sid:84738625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.spc"; depth:21; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875522/; classtype:trojan-activity;sid:84738622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm"; depth:21; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875523/; classtype:trojan-activity;sid:84738623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.m68k"; depth:22; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875521/; classtype:trojan-activity;sid:84738621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zalupa/void%20launcher.rar"; depth:27; endswith; nocase; http.host; content:"voidgame.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875520/; classtype:trojan-activity;sid:84738620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"thedon1.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875513/; classtype:trojan-activity;sid:84738613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.i686"; depth:22; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875514/; classtype:trojan-activity;sid:84738614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.sh4"; depth:21; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875515/; classtype:trojan-activity;sid:84738615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.ppc"; depth:21; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875516/; classtype:trojan-activity;sid:84738616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.x86_64"; depth:24; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875517/; classtype:trojan-activity;sid:84738617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arc"; depth:21; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875518/; classtype:trojan-activity;sid:84738618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.x86"; depth:21; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875519/; classtype:trojan-activity;sid:84738619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"thedon1.ink"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875512/; classtype:trojan-activity;sid:84738612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gms_update.apk"; depth:15; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875509/; classtype:trojan-activity;sid:84738609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.apk"; depth:11; endswith; nocase; http.host; content:"genddos.st"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875510/; classtype:trojan-activity;sid:84738610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in"; depth:3; endswith; nocase; http.host; content:"echallan-traffic.live"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875511/; classtype:trojan-activity;sid:84738611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_54bee27ccbe25b86.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875504/; classtype:trojan-activity;sid:84738604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_bed02281218bd914.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875505/; classtype:trojan-activity;sid:84738605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"deznyllcf.top"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875506/; classtype:trojan-activity;sid:84738606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"deznyllcf.top"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875507/; classtype:trojan-activity;sid:84738607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/0x68j0lrza0nrfylgw1mx/gutschein_zertifikat12174.pfd.js|3f|rlkey=qjw2lg1gluodzwi3oa5q8yfix"; depth:97; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875508/; classtype:trojan-activity;sid:84738608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.110.60.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875503/; classtype:trojan-activity;sid:84738603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.217.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875502/; classtype:trojan-activity;sid:84738602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.244.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875501/; classtype:trojan-activity;sid:84738601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.244.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875500/; classtype:trojan-activity;sid:84738600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875499/; classtype:trojan-activity;sid:84738599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.217.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875498/; classtype:trojan-activity;sid:84738598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.11.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875497/; classtype:trojan-activity;sid:84738597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.190.235.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875496/; classtype:trojan-activity;sid:84738596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.222.152"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875495/; classtype:trojan-activity;sid:84738595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b20949d5-c3da-4872-8ed0-84327888f900"; depth:47; endswith; nocase; http.host; content:"ya6b2803.edareumumi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875494/; classtype:trojan-activity;sid:84738594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.116.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875493/; classtype:trojan-activity;sid:84738593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.247.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875491/; classtype:trojan-activity;sid:84738591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.247.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875492/; classtype:trojan-activity;sid:84738592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.101.187.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875490/; classtype:trojan-activity;sid:84738590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.97"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875489/; classtype:trojan-activity;sid:84738589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.73.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875488/; classtype:trojan-activity;sid:84738588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=253e8ead-7f1a-4da6-acca-d93dbedacaed"; depth:47; endswith; nocase; http.host; content:"893804ep.zarinfile.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875487/; classtype:trojan-activity;sid:84738587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.117.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875486/; classtype:trojan-activity;sid:84738586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.38.11"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875485/; classtype:trojan-activity;sid:84738585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a3c3fc31-9e9c-45dc-b0a7-7effc7330ab9"; depth:47; endswith; nocase; http.host; content:"she63245.vip1xbet.org"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875484/; classtype:trojan-activity;sid:84738584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.40.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875483/; classtype:trojan-activity;sid:84738583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.73.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875482/; classtype:trojan-activity;sid:84738582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.182.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875481/; classtype:trojan-activity;sid:84738581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.40.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875480/; classtype:trojan-activity;sid:84738580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.253.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875479/; classtype:trojan-activity;sid:84738579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.205.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875478/; classtype:trojan-activity;sid:84738578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.228.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875476/; classtype:trojan-activity;sid:84738576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.124.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875477/; classtype:trojan-activity;sid:84738577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.61.39.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875475/; classtype:trojan-activity;sid:84738575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.61.39.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875474/; classtype:trojan-activity;sid:84738574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.164.32.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875473/; classtype:trojan-activity;sid:84738573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4c27da"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875469/; classtype:trojan-activity;sid:84738569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/464e0c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875470/; classtype:trojan-activity;sid:84738570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2e2f92"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875471/; classtype:trojan-activity;sid:84738571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5e056e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875472/; classtype:trojan-activity;sid:84738572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a4f95"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875461/; classtype:trojan-activity;sid:84738561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b02638"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875462/; classtype:trojan-activity;sid:84738562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cffba7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875463/; classtype:trojan-activity;sid:84738563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bee900"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875464/; classtype:trojan-activity;sid:84738564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5db573"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875465/; classtype:trojan-activity;sid:84738565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0accb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875466/; classtype:trojan-activity;sid:84738566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5956b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875467/; classtype:trojan-activity;sid:84738567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e4a4e9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875468/; classtype:trojan-activity;sid:84738568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xs3"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875456/; classtype:trojan-activity;sid:84738556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y7vl"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875457/; classtype:trojan-activity;sid:84738557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwzd"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875458/; classtype:trojan-activity;sid:84738558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ffk"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875459/; classtype:trojan-activity;sid:84738559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uer"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875460/; classtype:trojan-activity;sid:84738560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/taxii/edu.png"; depth:23; endswith; nocase; http.host; content:"securedisk.cfd"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875455/; classtype:trojan-activity;sid:84738555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roxanneiq6.exe"; depth:15; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875454/; classtype:trojan-activity;sid:84738554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/taxii/optim.png"; depth:25; endswith; nocase; http.host; content:"securedisk.cfd"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875453/; classtype:trojan-activity;sid:84738553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.46"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875452/; classtype:trojan-activity;sid:84738552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j0yh-keux-j9id-2i7m/img_n0x6bn.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875451/; classtype:trojan-activity;sid:84738551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yachted/sibling/"; depth:17; endswith; nocase; http.host; content:"demo.alkhateeb.ae"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875449/; classtype:trojan-activity;sid:84738549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connatural/shortsighted"; depth:24; endswith; nocase; http.host; content:"centrodeinfusaocuritiba.com.br"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875450/; classtype:trojan-activity;sid:84738550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matin/rend"; depth:11; endswith; nocase; http.host; content:"doc.eagle-web-concept.fr"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875448/; classtype:trojan-activity;sid:84738548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=20b69ad2-ae8d-41c9-b843-b3d0f427c1be"; depth:47; endswith; nocase; http.host; content:"k9qxyqt8.jetbt8.online"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875447/; classtype:trojan-activity;sid:84738547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.32.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875446/; classtype:trojan-activity;sid:84738546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875445/; classtype:trojan-activity;sid:84738545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.229.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875444/; classtype:trojan-activity;sid:84738544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.32.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875443/; classtype:trojan-activity;sid:84738543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bonavol.zip|3f|v=1782289272129|7c|26|7c|r=tdodhd"; depth:49; endswith; nocase; http.host; content:"bonavol.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875442/; classtype:trojan-activity;sid:84738542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a2b567031aeb65f7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875441/; classtype:trojan-activity;sid:84738541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"102.132.135.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875440/; classtype:trojan-activity;sid:84738540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"102.132.135.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875439/; classtype:trojan-activity;sid:84738539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/djoriginnew.png"; depth:20; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875438/; classtype:trojan-activity;sid:84738538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/components/stubaa.ps1"; depth:22; endswith; nocase; http.host; content:"2019.ecoknights.org.my"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875437/; classtype:trojan-activity;sid:84738537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/optimized_foryujune.png"; depth:29; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875436/; classtype:trojan-activity;sid:84738536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.24.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875434/; classtype:trojan-activity;sid:84738534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.24.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875435/; classtype:trojan-activity;sid:84738535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.84.134.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875433/; classtype:trojan-activity;sid:84738533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b1eca"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875432/; classtype:trojan-activity;sid:84738532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/068dd6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875428/; classtype:trojan-activity;sid:84738528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7d200e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875429/; classtype:trojan-activity;sid:84738529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/09a96c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875430/; classtype:trojan-activity;sid:84738530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b78de2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875431/; classtype:trojan-activity;sid:84738531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/242ed0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875427/; classtype:trojan-activity;sid:84738527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a14535"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875422/; classtype:trojan-activity;sid:84738522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb8bc9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875423/; classtype:trojan-activity;sid:84738523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c20310"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875424/; classtype:trojan-activity;sid:84738524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1a75c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875425/; classtype:trojan-activity;sid:84738525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43252c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875426/; classtype:trojan-activity;sid:84738526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/mpsl"; depth:13; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875418/; classtype:trojan-activity;sid:84738518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/x86"; depth:12; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875419/; classtype:trojan-activity;sid:84738519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d91b8a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875420/; classtype:trojan-activity;sid:84738520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875421/; classtype:trojan-activity;sid:84738521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b2ac87"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875401/; classtype:trojan-activity;sid:84738501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3475cd"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875402/; classtype:trojan-activity;sid:84738502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/071094"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875403/; classtype:trojan-activity;sid:84738503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/752cf3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875404/; classtype:trojan-activity;sid:84738504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb87c3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875405/; classtype:trojan-activity;sid:84738505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/030d34"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875406/; classtype:trojan-activity;sid:84738506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9902c4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875407/; classtype:trojan-activity;sid:84738507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3312a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875408/; classtype:trojan-activity;sid:84738508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36778c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875409/; classtype:trojan-activity;sid:84738509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5d9f3d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875410/; classtype:trojan-activity;sid:84738510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53d8b8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875411/; classtype:trojan-activity;sid:84738511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0c8da2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875412/; classtype:trojan-activity;sid:84738512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a2453"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875413/; classtype:trojan-activity;sid:84738513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e51801"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875414/; classtype:trojan-activity;sid:84738514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c24b2f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875415/; classtype:trojan-activity;sid:84738515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c42e24"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875416/; classtype:trojan-activity;sid:84738516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a70a3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875417/; classtype:trojan-activity;sid:84738517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4f738"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875384/; classtype:trojan-activity;sid:84738484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/108b2a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875385/; classtype:trojan-activity;sid:84738485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/865dd0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875386/; classtype:trojan-activity;sid:84738486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1671e9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875387/; classtype:trojan-activity;sid:84738487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97b730"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875388/; classtype:trojan-activity;sid:84738488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d4385"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875389/; classtype:trojan-activity;sid:84738489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f273ee"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875390/; classtype:trojan-activity;sid:84738490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5891f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875391/; classtype:trojan-activity;sid:84738491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0a1b9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875392/; classtype:trojan-activity;sid:84738492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e08f7e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875393/; classtype:trojan-activity;sid:84738493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1de7f2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875394/; classtype:trojan-activity;sid:84738494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/156231"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875395/; classtype:trojan-activity;sid:84738495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/418957"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875396/; classtype:trojan-activity;sid:84738496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a14b12"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875397/; classtype:trojan-activity;sid:84738497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1ab0a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875398/; classtype:trojan-activity;sid:84738498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/93a7f0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875399/; classtype:trojan-activity;sid:84738499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a287a6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875400/; classtype:trojan-activity;sid:84738500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01ae15"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875382/; classtype:trojan-activity;sid:84738482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdbcb8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875383/; classtype:trojan-activity;sid:84738483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.207.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875381/; classtype:trojan-activity;sid:84738481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.84.134.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875380/; classtype:trojan-activity;sid:84738480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.216.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875379/; classtype:trojan-activity;sid:84738479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.207.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875378/; classtype:trojan-activity;sid:84738478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.11.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875377/; classtype:trojan-activity;sid:84738477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=68af7e40-3ff3-43d0-90e6-61387ce78d08"; depth:47; endswith; nocase; http.host; content:"8jkjxf31.jetbt7.online"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875376/; classtype:trojan-activity;sid:84738476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.212.37.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875375/; classtype:trojan-activity;sid:84738475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.52.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875374/; classtype:trojan-activity;sid:84738474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=71a75337-f523-4a8c-814a-cb124930fd86"; depth:47; endswith; nocase; http.host; content:"m2p5bg3q.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875373/; classtype:trojan-activity;sid:84738473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875372/; classtype:trojan-activity;sid:84738472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.52.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875371/; classtype:trojan-activity;sid:84738471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.32.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875370/; classtype:trojan-activity;sid:84738470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.62.58.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875369/; classtype:trojan-activity;sid:84738469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/268cf3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875356/; classtype:trojan-activity;sid:84738456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4a7dc3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875357/; classtype:trojan-activity;sid:84738457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1953e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875358/; classtype:trojan-activity;sid:84738458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0b1517"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875359/; classtype:trojan-activity;sid:84738459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4d01d5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875360/; classtype:trojan-activity;sid:84738460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2529d6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875361/; classtype:trojan-activity;sid:84738461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d67c6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875363/; classtype:trojan-activity;sid:84738463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/78e24f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875364/; classtype:trojan-activity;sid:84738464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90aad3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875367/; classtype:trojan-activity;sid:84738467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1cef9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875368/; classtype:trojan-activity;sid:84738468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd0b31"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875354/; classtype:trojan-activity;sid:84738454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/883b9c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875355/; classtype:trojan-activity;sid:84738455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.4.150.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875353/; classtype:trojan-activity;sid:84738453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d2ee02"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875347/; classtype:trojan-activity;sid:84738447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/090987"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875348/; classtype:trojan-activity;sid:84738448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/217d54"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875349/; classtype:trojan-activity;sid:84738449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c8cc97"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875351/; classtype:trojan-activity;sid:84738451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b61498"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875337/; classtype:trojan-activity;sid:84738437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"144.48.132.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875339/; classtype:trojan-activity;sid:84738439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.45.103.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875346/; classtype:trojan-activity;sid:84738446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76a632"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875322/; classtype:trojan-activity;sid:84738422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e2cbb1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875323/; classtype:trojan-activity;sid:84738423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38ec5f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875324/; classtype:trojan-activity;sid:84738424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87fa5f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875325/; classtype:trojan-activity;sid:84738425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4f6d54"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875326/; classtype:trojan-activity;sid:84738426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/985cea"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875327/; classtype:trojan-activity;sid:84738427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16dcd4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875328/; classtype:trojan-activity;sid:84738428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bd4b8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875329/; classtype:trojan-activity;sid:84738429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95675c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875330/; classtype:trojan-activity;sid:84738430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4f1932"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875331/; classtype:trojan-activity;sid:84738431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6300a2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875332/; classtype:trojan-activity;sid:84738432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2fe1e0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875333/; classtype:trojan-activity;sid:84738433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3994af"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875334/; classtype:trojan-activity;sid:84738434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/875b73"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875335/; classtype:trojan-activity;sid:84738435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f13dc1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875336/; classtype:trojan-activity;sid:84738436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875321/; classtype:trojan-activity;sid:84738421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875317/; classtype:trojan-activity;sid:84738417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.sh4"; depth:11; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875318/; classtype:trojan-activity;sid:84738418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.sh4"; depth:11; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875319/; classtype:trojan-activity;sid:84738419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875320/; classtype:trojan-activity;sid:84738420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips"; depth:10; endswith; nocase; http.host; content:"45.38.228.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875312/; classtype:trojan-activity;sid:84738412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/womp"; depth:5; endswith; nocase; http.host; content:"45.38.228.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875313/; classtype:trojan-activity;sid:84738413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/896e0f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875314/; classtype:trojan-activity;sid:84738414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34195b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875315/; classtype:trojan-activity;sid:84738415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875316/; classtype:trojan-activity;sid:84738416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875302/; classtype:trojan-activity;sid:84738402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875303/; classtype:trojan-activity;sid:84738403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875304/; classtype:trojan-activity;sid:84738404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875305/; classtype:trojan-activity;sid:84738405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dca15d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875306/; classtype:trojan-activity;sid:84738406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21bc78"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875307/; classtype:trojan-activity;sid:84738407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41bca6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875308/; classtype:trojan-activity;sid:84738408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"103.141.5.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875309/; classtype:trojan-activity;sid:84738409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875310/; classtype:trojan-activity;sid:84738410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf35c6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875311/; classtype:trojan-activity;sid:84738411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c8f58f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875301/; classtype:trojan-activity;sid:84738401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22cd13"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875293/; classtype:trojan-activity;sid:84738393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbg"; depth:4; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875294/; classtype:trojan-activity;sid:84738394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0aac5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875295/; classtype:trojan-activity;sid:84738395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm5"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875296/; classtype:trojan-activity;sid:84738396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d12973"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875297/; classtype:trojan-activity;sid:84738397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkx86"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875298/; classtype:trojan-activity;sid:84738398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ce314"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875299/; classtype:trojan-activity;sid:84738399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmpsl"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875300/; classtype:trojan-activity;sid:84738400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875292/; classtype:trojan-activity;sid:84738392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"72.255.3.100"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875291/; classtype:trojan-activity;sid:84738391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/717f7b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875277/; classtype:trojan-activity;sid:84738377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efb57c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875278/; classtype:trojan-activity;sid:84738378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/04858e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875279/; classtype:trojan-activity;sid:84738379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/63228b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875280/; classtype:trojan-activity;sid:84738380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b195c6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875281/; classtype:trojan-activity;sid:84738381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0a8d57"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875282/; classtype:trojan-activity;sid:84738382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875283/; classtype:trojan-activity;sid:84738383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropper"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875284/; classtype:trojan-activity;sid:84738384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/975580"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875285/; classtype:trojan-activity;sid:84738385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0b090"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875286/; classtype:trojan-activity;sid:84738386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2e5788"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875287/; classtype:trojan-activity;sid:84738387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64782a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875288/; classtype:trojan-activity;sid:84738388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875289/; classtype:trojan-activity;sid:84738389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ec92a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875290/; classtype:trojan-activity;sid:84738390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e003f5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875252/; classtype:trojan-activity;sid:84738352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f8c015"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875253/; classtype:trojan-activity;sid:84738353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875254/; classtype:trojan-activity;sid:84738354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/181ff1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875255/; classtype:trojan-activity;sid:84738355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkarm7"; depth:9; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875256/; classtype:trojan-activity;sid:84738356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72883f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875257/; classtype:trojan-activity;sid:84738357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshksh4"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875258/; classtype:trojan-activity;sid:84738358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angelaaa.apk"; depth:13; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875259/; classtype:trojan-activity;sid:84738359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b784e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875260/; classtype:trojan-activity;sid:84738360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a8e4a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875261/; classtype:trojan-activity;sid:84738361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ac4a1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875262/; classtype:trojan-activity;sid:84738362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm7"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875263/; classtype:trojan-activity;sid:84738363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7d08d4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875264/; classtype:trojan-activity;sid:84738364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875265/; classtype:trojan-activity;sid:84738365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5063ea"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875266/; classtype:trojan-activity;sid:84738366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fcf84d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875267/; classtype:trojan-activity;sid:84738367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkarm6"; depth:9; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875268/; classtype:trojan-activity;sid:84738368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875269/; classtype:trojan-activity;sid:84738369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshsh4"; depth:7; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875270/; classtype:trojan-activity;sid:84738370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875271/; classtype:trojan-activity;sid:84738371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkmips"; depth:9; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875272/; classtype:trojan-activity;sid:84738372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb54e5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875273/; classtype:trojan-activity;sid:84738373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm6"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875274/; classtype:trojan-activity;sid:84738374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875275/; classtype:trojan-activity;sid:84738375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/126fa5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875276/; classtype:trojan-activity;sid:84738376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/services.apk"; depth:13; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875251/; classtype:trojan-activity;sid:84738351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1746a7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875250/; classtype:trojan-activity;sid:84738350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.135.46.40"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875249/; classtype:trojan-activity;sid:84738349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/49.elf"; depth:7; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875248/; classtype:trojan-activity;sid:84738348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ml"; depth:3; endswith; nocase; http.host; content:"8.217.17.75"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875214/; classtype:trojan-activity;sid:84738314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875192/; classtype:trojan-activity;sid:84738292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875191/; classtype:trojan-activity;sid:84738291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skakbar963-arch/arcraiders-fps-booster-2025-2026/raw/refs/heads/main/crymodynia/booster-arc-fp-raiders-3.5.zip"; depth:111; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875188/; classtype:trojan-activity;sid:84738288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smailikskywarsp4s/arcraiders-fps-booster-2025-2026/raw/refs/heads/main/booster.rar"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875189/; classtype:trojan-activity;sid:84738289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kyle-liu-io1998l8/arcraiders-fps-booster/releases/download/download/setup-v3.1.6.7zeaponsmith.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875190/; classtype:trojan-activity;sid:84738290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dutyfree-embroiderystitch433/arcraiderfpsboosterforgithub2026/raw/refs/heads/main/aly/hub_booster_raider_for_git_arc_fps_2.6-alpha.1.zip"; depth:137; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875186/; classtype:trojan-activity;sid:84738286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackersex67.sh"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875187/; classtype:trojan-activity;sid:84738287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_717ce1f261546251.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875181/; classtype:trojan-activity;sid:84738281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f3c6c0ff5a0ca01b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875182/; classtype:trojan-activity;sid:84738282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_98de8e9324af4477.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875183/; classtype:trojan-activity;sid:84738283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desktop.zip"; depth:12; endswith; nocase; http.host; content:"192.3.177.153"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875184/; classtype:trojan-activity;sid:84738284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desktop.zip"; depth:12; endswith; nocase; http.host; content:"192.3.177.153"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875185/; classtype:trojan-activity;sid:84738285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.31.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875180/; classtype:trojan-activity;sid:84738280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875179/; classtype:trojan-activity;sid:84738279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.31.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875178/; classtype:trojan-activity;sid:84738278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.125.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875177/; classtype:trojan-activity;sid:84738277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.144.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875176/; classtype:trojan-activity;sid:84738276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.29.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875175/; classtype:trojan-activity;sid:84738275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6f69e3d4-5a26-4c31-883f-6c835d1eaa89"; depth:47; endswith; nocase; http.host; content:"kyard07v.vip1xbet.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875174/; classtype:trojan-activity;sid:84738274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.29.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875173/; classtype:trojan-activity;sid:84738273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.249.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875172/; classtype:trojan-activity;sid:84738272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875171/; classtype:trojan-activity;sid:84738271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875170/; classtype:trojan-activity;sid:84738270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.208.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875169/; classtype:trojan-activity;sid:84738269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.189.165.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875168/; classtype:trojan-activity;sid:84738268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875167/; classtype:trojan-activity;sid:84738267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.126.86.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875166/; classtype:trojan-activity;sid:84738266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.126.86.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875165/; classtype:trojan-activity;sid:84738265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.78.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875164/; classtype:trojan-activity;sid:84738264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c0e8fbe7-f1cd-4f79-ba02-2689487decea"; depth:47; endswith; nocase; http.host; content:"arop4gtf.jetbt6.online"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875163/; classtype:trojan-activity;sid:84738263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875160/; classtype:trojan-activity;sid:84738260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875161/; classtype:trojan-activity;sid:84738261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875162/; classtype:trojan-activity;sid:84738262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875158/; classtype:trojan-activity;sid:84738258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875159/; classtype:trojan-activity;sid:84738259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875152/; classtype:trojan-activity;sid:84738252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875153/; classtype:trojan-activity;sid:84738253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875154/; classtype:trojan-activity;sid:84738254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875155/; classtype:trojan-activity;sid:84738255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875156/; classtype:trojan-activity;sid:84738256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875157/; classtype:trojan-activity;sid:84738257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875150/; classtype:trojan-activity;sid:84738250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875151/; classtype:trojan-activity;sid:84738251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.0.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875149/; classtype:trojan-activity;sid:84738249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.164.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875148/; classtype:trojan-activity;sid:84738248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.97.69"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875147/; classtype:trojan-activity;sid:84738247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.251.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875146/; classtype:trojan-activity;sid:84738246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.164.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875145/; classtype:trojan-activity;sid:84738245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.251.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875144/; classtype:trojan-activity;sid:84738244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.194.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875143/; classtype:trojan-activity;sid:84738243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875142/; classtype:trojan-activity;sid:84738242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.16.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875141/; classtype:trojan-activity;sid:84738241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.201.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875140/; classtype:trojan-activity;sid:84738240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.223.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875139/; classtype:trojan-activity;sid:84738239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875138/; classtype:trojan-activity;sid:84738238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.226.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875137/; classtype:trojan-activity;sid:84738237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.245.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875136/; classtype:trojan-activity;sid:84738236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.57.50.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875135/; classtype:trojan-activity;sid:84738235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.58.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875134/; classtype:trojan-activity;sid:84738234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.133.101.113"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875133/; classtype:trojan-activity;sid:84738233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.64.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875132/; classtype:trojan-activity;sid:84738232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.57.50.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875131/; classtype:trojan-activity;sid:84738231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875130/; classtype:trojan-activity;sid:84738230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.133.101.113"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875129/; classtype:trojan-activity;sid:84738229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b9d355f5-d822-4e31-a6ec-1e4d7b780b31"; depth:47; endswith; nocase; http.host; content:"mszlnqlm.jetbet1.live"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875128/; classtype:trojan-activity;sid:84738228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875127/; classtype:trojan-activity;sid:84738227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.109.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875126/; classtype:trojan-activity;sid:84738226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.221.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875125/; classtype:trojan-activity;sid:84738225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.187.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875124/; classtype:trojan-activity;sid:84738224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.223.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875122/; classtype:trojan-activity;sid:84738222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.187.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875123/; classtype:trojan-activity;sid:84738223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.4.166"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875121/; classtype:trojan-activity;sid:84738221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.105.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875120/; classtype:trojan-activity;sid:84738220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e4eb4459-9f9d-4323-86ba-acd71796216f"; depth:47; endswith; nocase; http.host; content:"vzhtsv4n.1x303.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875119/; classtype:trojan-activity;sid:84738219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.29.46.195"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875118/; classtype:trojan-activity;sid:84738218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.105.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875117/; classtype:trojan-activity;sid:84738217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/jeiioql.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875116/; classtype:trojan-activity;sid:84738216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b7adadd3-bf63-4a27-a9d5-e1294e8d8cc7"; depth:47; endswith; nocase; http.host; content:"p0d2virz.blackjacktipsnnt.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875115/; classtype:trojan-activity;sid:84738215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.183.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875114/; classtype:trojan-activity;sid:84738214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=370112d6-38db-4738-a39a-6e6f52d505db"; depth:47; endswith; nocase; http.host; content:"e1fi2yi1.vip1x.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875113/; classtype:trojan-activity;sid:84738213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875112/; classtype:trojan-activity;sid:84738212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.1.43"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875111/; classtype:trojan-activity;sid:84738211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.114.229.216"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875110/; classtype:trojan-activity;sid:84738210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.183.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875109/; classtype:trojan-activity;sid:84738209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.1.43"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875108/; classtype:trojan-activity;sid:84738208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.97"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875107/; classtype:trojan-activity;sid:84738207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875106/; classtype:trojan-activity;sid:84738206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.91.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875105/; classtype:trojan-activity;sid:84738205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.26.49.53"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_24; reference:url, urlhaus.abuse.ch/url/3875104/; classtype:trojan-activity;sid:84738204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"187.45.95.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875103/; classtype:trojan-activity;sid:84738203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875102/; classtype:trojan-activity;sid:84738202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.144.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875101/; classtype:trojan-activity;sid:84738201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.236.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875100/; classtype:trojan-activity;sid:84738200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/ipmiv2.xml"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875099/; classtype:trojan-activity;sid:84738199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.138.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875098/; classtype:trojan-activity;sid:84738198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875097/; classtype:trojan-activity;sid:84738197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875096/; classtype:trojan-activity;sid:84738196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.236.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875095/; classtype:trojan-activity;sid:84738195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.57.56.118"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875094/; classtype:trojan-activity;sid:84738194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.187.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875093/; classtype:trojan-activity;sid:84738193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.102.35.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875092/; classtype:trojan-activity;sid:84738192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=58592673-e4de-4377-9c8b-23149cf22a4a"; depth:47; endswith; nocase; http.host; content:"bpyos3va.blackjack-x.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875091/; classtype:trojan-activity;sid:84738191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.187.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875090/; classtype:trojan-activity;sid:84738190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.57.56.118"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875089/; classtype:trojan-activity;sid:84738189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.223.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875088/; classtype:trojan-activity;sid:84738188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.127.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875087/; classtype:trojan-activity;sid:84738187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.112.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875086/; classtype:trojan-activity;sid:84738186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.197.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875085/; classtype:trojan-activity;sid:84738185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.197.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875084/; classtype:trojan-activity;sid:84738184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.127.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875083/; classtype:trojan-activity;sid:84738183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.205.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875082/; classtype:trojan-activity;sid:84738182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.216.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875080/; classtype:trojan-activity;sid:84738180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.225.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875081/; classtype:trojan-activity;sid:84738181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.141.129.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875079/; classtype:trojan-activity;sid:84738179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.19.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875078/; classtype:trojan-activity;sid:84738178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.48.239"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875076/; classtype:trojan-activity;sid:84738176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.97.69"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875077/; classtype:trojan-activity;sid:84738177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.201.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875075/; classtype:trojan-activity;sid:84738175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.19.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875074/; classtype:trojan-activity;sid:84738174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.225.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875073/; classtype:trojan-activity;sid:84738173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875070/; classtype:trojan-activity;sid:84738170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875071/; classtype:trojan-activity;sid:84738171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875072/; classtype:trojan-activity;sid:84738172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.141.129.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875069/; classtype:trojan-activity;sid:84738169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/ivrqvfp.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875068/; classtype:trojan-activity;sid:84738168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.201.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875067/; classtype:trojan-activity;sid:84738167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.148.240.15"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875066/; classtype:trojan-activity;sid:84738166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.249.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875065/; classtype:trojan-activity;sid:84738165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.148.240.15"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875064/; classtype:trojan-activity;sid:84738164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cc1c1aabd55380d4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875063/; classtype:trojan-activity;sid:84738163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.48.239"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875062/; classtype:trojan-activity;sid:84738162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/ivrqvfp.ps1"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875061/; classtype:trojan-activity;sid:84738161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/gyoeoud.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875060/; classtype:trojan-activity;sid:84738160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d8b4f87c-aa48-4fdd-a215-ea08f68ed6fe"; depth:47; endswith; nocase; http.host; content:"69xb4m1d.betmajic.cc"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875059/; classtype:trojan-activity;sid:84738159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=55ce4ecc-431f-4b5c-9237-45709215d541"; depth:47; endswith; nocase; http.host; content:"8ra83hil.blackjackonlineplay83.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875058/; classtype:trojan-activity;sid:84738158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.176.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875057/; classtype:trojan-activity;sid:84738157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.176.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875056/; classtype:trojan-activity;sid:84738156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.82.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875055/; classtype:trojan-activity;sid:84738155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.253.17"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875054/; classtype:trojan-activity;sid:84738154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nova.sh"; depth:8; endswith; nocase; http.host; content:"meow.otval.cfd"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875053/; classtype:trojan-activity;sid:84738153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.23.221"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875052/; classtype:trojan-activity;sid:84738152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3853f05d-c7f1-475b-a0e8-d8c72a0d9441"; depth:47; endswith; nocase; http.host; content:"s7w5r3s2.onebet1x.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875051/; classtype:trojan-activity;sid:84738151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.exe"; depth:12; endswith; nocase; http.host; content:"155.138.195.0"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875050/; classtype:trojan-activity;sid:84738150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.253.17"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875049/; classtype:trojan-activity;sid:84738149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.23.221"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875048/; classtype:trojan-activity;sid:84738148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.73.220"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875046/; classtype:trojan-activity;sid:84738146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.95.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875047/; classtype:trojan-activity;sid:84738147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.113.16"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875045/; classtype:trojan-activity;sid:84738145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875044/; classtype:trojan-activity;sid:84738144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.38.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875043/; classtype:trojan-activity;sid:84738143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.144.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875042/; classtype:trojan-activity;sid:84738142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.145.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875041/; classtype:trojan-activity;sid:84738141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875040/; classtype:trojan-activity;sid:84738140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.38.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875039/; classtype:trojan-activity;sid:84738139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.86.74"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875038/; classtype:trojan-activity;sid:84738138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.199.68"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875037/; classtype:trojan-activity;sid:84738137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ec391420-b068-4315-a1de-5093fb9483b3"; depth:47; endswith; nocase; http.host; content:"mx8cw0rw.engelabeslami.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875036/; classtype:trojan-activity;sid:84738136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.37.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875035/; classtype:trojan-activity;sid:84738135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.107.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875034/; classtype:trojan-activity;sid:84738134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.174.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875033/; classtype:trojan-activity;sid:84738133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875032/; classtype:trojan-activity;sid:84738132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.248.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875031/; classtype:trojan-activity;sid:84738131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.4.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875030/; classtype:trojan-activity;sid:84738130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.174.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875029/; classtype:trojan-activity;sid:84738129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"155.138.206.173"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875028/; classtype:trojan-activity;sid:84738128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"155.138.206.173"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875027/; classtype:trojan-activity;sid:84738127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q24i"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875025/; classtype:trojan-activity;sid:84738125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jto"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875026/; classtype:trojan-activity;sid:84738126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"155.138.223.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875023/; classtype:trojan-activity;sid:84738123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"155.138.220.70"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875024/; classtype:trojan-activity;sid:84738124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.61.157.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875021/; classtype:trojan-activity;sid:84738121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.61.135.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875022/; classtype:trojan-activity;sid:84738122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.61.157.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875020/; classtype:trojan-activity;sid:84738120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.61.135.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875018/; classtype:trojan-activity;sid:84738118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.61.157.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875019/; classtype:trojan-activity;sid:84738119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.214.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875017/; classtype:trojan-activity;sid:84738117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"216.126.237.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875016/; classtype:trojan-activity;sid:84738116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"216.126.237.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875015/; classtype:trojan-activity;sid:84738115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.82.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875014/; classtype:trojan-activity;sid:84738114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"216.126.227.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875013/; classtype:trojan-activity;sid:84738113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"216.126.227.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875012/; classtype:trojan-activity;sid:84738112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.201.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875011/; classtype:trojan-activity;sid:84738111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.4.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875010/; classtype:trojan-activity;sid:84738110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.33.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875009/; classtype:trojan-activity;sid:84738109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.150.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875008/; classtype:trojan-activity;sid:84738108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.214.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875007/; classtype:trojan-activity;sid:84738107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.33.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875006/; classtype:trojan-activity;sid:84738106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.115.71.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875005/; classtype:trojan-activity;sid:84738105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ertb"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875002/; classtype:trojan-activity;sid:84738102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jkl"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875003/; classtype:trojan-activity;sid:84738103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pfdy"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875004/; classtype:trojan-activity;sid:84738104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.115.71.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875001/; classtype:trojan-activity;sid:84738101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3875000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"216.126.227.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3875000/; classtype:trojan-activity;sid:84738100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=76a085a2-bb73-40f7-ab15-c6477d426c3b"; depth:47; endswith; nocase; http.host; content:"haqoakt0.elmolnafs.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874999/; classtype:trojan-activity;sid:84738099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.126.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874998/; classtype:trojan-activity;sid:84738098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.126.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874997/; classtype:trojan-activity;sid:84738097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.15.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874996/; classtype:trojan-activity;sid:84738096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.15.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874995/; classtype:trojan-activity;sid:84738095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.120.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874994/; classtype:trojan-activity;sid:84738094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.120.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874993/; classtype:trojan-activity;sid:84738093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.85.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874992/; classtype:trojan-activity;sid:84738092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.126.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874991/; classtype:trojan-activity;sid:84738091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.126.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874990/; classtype:trojan-activity;sid:84738090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=adb1975c-0f72-4c15-bfe6-bdd05374dfc9"; depth:47; endswith; nocase; http.host; content:"ygl9tk3l.ekhtelalattabrizi.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874989/; classtype:trojan-activity;sid:84738089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.117.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874988/; classtype:trojan-activity;sid:84738088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.117.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874987/; classtype:trojan-activity;sid:84738087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.25.57"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874986/; classtype:trojan-activity;sid:84738086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.125.230.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874985/; classtype:trojan-activity;sid:84738085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.85.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874984/; classtype:trojan-activity;sid:84738084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.91.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874983/; classtype:trojan-activity;sid:84738083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874982/; classtype:trojan-activity;sid:84738082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"167.88.166.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874981/; classtype:trojan-activity;sid:84738081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"police2306work.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874979/; classtype:trojan-activity;sid:84738079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"167.88.166.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874980/; classtype:trojan-activity;sid:84738080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"91.92.40.142"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874977/; classtype:trojan-activity;sid:84738077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"policecontrol.vercel.app"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874978/; classtype:trojan-activity;sid:84738078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4ffaffade03d1c5e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874976/; classtype:trojan-activity;sid:84738076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gms_update.apk"; depth:15; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874974/; classtype:trojan-activity;sid:84738074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.apk"; depth:11; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874975/; classtype:trojan-activity;sid:84738075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.m68k"; depth:22; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874970/; classtype:trojan-activity;sid:84738070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arc"; depth:21; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874971/; classtype:trojan-activity;sid:84738071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.sh4"; depth:21; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874972/; classtype:trojan-activity;sid:84738072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm"; depth:21; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874973/; classtype:trojan-activity;sid:84738073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wl.xml"; depth:7; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874967/; classtype:trojan-activity;sid:84738067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/routereater"; depth:12; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874968/; classtype:trojan-activity;sid:84738068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poc.xml"; depth:8; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874969/; classtype:trojan-activity;sid:84738069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm7"; depth:22; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874966/; classtype:trojan-activity;sid:84738066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm5"; depth:22; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874962/; classtype:trojan-activity;sid:84738062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.arm6"; depth:22; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874963/; classtype:trojan-activity;sid:84738063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.mpsl"; depth:22; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874964/; classtype:trojan-activity;sid:84738064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.ppc"; depth:21; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874965/; classtype:trojan-activity;sid:84738065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.25.57"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874961/; classtype:trojan-activity;sid:84738061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.91.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874960/; classtype:trojan-activity;sid:84738060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874959/; classtype:trojan-activity;sid:84738059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874958/; classtype:trojan-activity;sid:84738058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.111.130.219"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874957/; classtype:trojan-activity;sid:84738057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.244.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874956/; classtype:trojan-activity;sid:84738056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874955/; classtype:trojan-activity;sid:84738055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.85.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874954/; classtype:trojan-activity;sid:84738054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"167.88.166.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874953/; classtype:trojan-activity;sid:84738053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"167.88.166.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874952/; classtype:trojan-activity;sid:84738052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.244.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874951/; classtype:trojan-activity;sid:84738051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1cad5ed2-bbff-4ad1-9f7d-ea9082c2d041"; depth:47; endswith; nocase; http.host; content:"dlsak5pv.megapariwin.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874950/; classtype:trojan-activity;sid:84738050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=452f58ff-1213-4de7-a9f7-206d03e36b66"; depth:47; endswith; nocase; http.host; content:"2k7d5hmd.one1xbet.win"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874949/; classtype:trojan-activity;sid:84738049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.94.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874948/; classtype:trojan-activity;sid:84738048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.253.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874947/; classtype:trojan-activity;sid:84738047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.116.145"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874946/; classtype:trojan-activity;sid:84738046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"191.96.94.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874943/; classtype:trojan-activity;sid:84738043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"191.96.94.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874944/; classtype:trojan-activity;sid:84738044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"191.96.94.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874945/; classtype:trojan-activity;sid:84738045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"167.88.166.106"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874942/; classtype:trojan-activity;sid:84738042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"167.88.166.106"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874941/; classtype:trojan-activity;sid:84738041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"191.96.94.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874939/; classtype:trojan-activity;sid:84738039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"191.96.94.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874940/; classtype:trojan-activity;sid:84738040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.85.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874938/; classtype:trojan-activity;sid:84738038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.251"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874937/; classtype:trojan-activity;sid:84738037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"153.75.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874936/; classtype:trojan-activity;sid:84738036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"153.75.83.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874935/; classtype:trojan-activity;sid:84738035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.251"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874934/; classtype:trojan-activity;sid:84738034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.99.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874933/; classtype:trojan-activity;sid:84738033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.99.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874932/; classtype:trojan-activity;sid:84738032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874931/; classtype:trojan-activity;sid:84738031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.117.148.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874930/; classtype:trojan-activity;sid:84738030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.8.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874929/; classtype:trojan-activity;sid:84738029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.116.145"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874928/; classtype:trojan-activity;sid:84738028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.129.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874927/; classtype:trojan-activity;sid:84738027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874926/; classtype:trojan-activity;sid:84738026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.70.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874925/; classtype:trojan-activity;sid:84738025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.29.46.195"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874924/; classtype:trojan-activity;sid:84738024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.129.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874923/; classtype:trojan-activity;sid:84738023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.8.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874922/; classtype:trojan-activity;sid:84738022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.93.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874921/; classtype:trojan-activity;sid:84738021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.99.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874920/; classtype:trojan-activity;sid:84738020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.99.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874919/; classtype:trojan-activity;sid:84738019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.98.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874918/; classtype:trojan-activity;sid:84738018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.98.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874917/; classtype:trojan-activity;sid:84738017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.70.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874916/; classtype:trojan-activity;sid:84738016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.94.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874914/; classtype:trojan-activity;sid:84738014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.96.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874915/; classtype:trojan-activity;sid:84738015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.96.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874912/; classtype:trojan-activity;sid:84738012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.94.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874913/; classtype:trojan-activity;sid:84738013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.84.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874911/; classtype:trojan-activity;sid:84738011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.71.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874910/; classtype:trojan-activity;sid:84738010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.84.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874909/; classtype:trojan-activity;sid:84738009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.35.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874906/; classtype:trojan-activity;sid:84738006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.170.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874907/; classtype:trojan-activity;sid:84738007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.29.40"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874908/; classtype:trojan-activity;sid:84738008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.117.8"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874905/; classtype:trojan-activity;sid:84738005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.117.8"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874904/; classtype:trojan-activity;sid:84738004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.116.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874902/; classtype:trojan-activity;sid:84738002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.116.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874903/; classtype:trojan-activity;sid:84738003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.115.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874901/; classtype:trojan-activity;sid:84738001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.115.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874900/; classtype:trojan-activity;sid:84738000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.114.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874899/; classtype:trojan-activity;sid:84737999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.114.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874898/; classtype:trojan-activity;sid:84737998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.110.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874897/; classtype:trojan-activity;sid:84737997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.110.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874896/; classtype:trojan-activity;sid:84737996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.170.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874895/; classtype:trojan-activity;sid:84737995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pondescalator/nlp-quickbook-classification/releases/download/release/nlp_quickbook.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874894/; classtype:trojan-activity;sid:84737994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.109.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874893/; classtype:trojan-activity;sid:84737993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chainbarberbear/roblox-client-tracker-versions/releases/download/release/roblox-client-tracker.zip"; depth:99; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874892/; classtype:trojan-activity;sid:84737992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.109.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874891/; classtype:trojan-activity;sid:84737991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy2_pjewzxwjc50ycpab.php|3f|name=billing_statement_kredivo_jatuh_tempo.pdf"; depth:78; endswith; nocase; http.host; content:"hostinghosting3.site"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874890/; classtype:trojan-activity;sid:84737990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.105.29"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874888/; classtype:trojan-activity;sid:84737988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.105.29"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874889/; classtype:trojan-activity;sid:84737989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.103.83"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874887/; classtype:trojan-activity;sid:84737987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3e039423-8997-458a-8b17-e7f46a695833"; depth:47; endswith; nocase; http.host; content:"l2ekym1s.megaparivip.vip"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874886/; classtype:trojan-activity;sid:84737986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.253.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874885/; classtype:trojan-activity;sid:84737985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874884/; classtype:trojan-activity;sid:84737984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.79.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874883/; classtype:trojan-activity;sid:84737983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.208.54"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874882/; classtype:trojan-activity;sid:84737982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.69.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874881/; classtype:trojan-activity;sid:84737981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runtimebroker.msi"; depth:18; endswith; nocase; http.host; content:"4.216.93.211"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874880/; classtype:trojan-activity;sid:84737980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.253.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874879/; classtype:trojan-activity;sid:84737979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.122.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874878/; classtype:trojan-activity;sid:84737978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.245.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874877/; classtype:trojan-activity;sid:84737977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.103.25"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874876/; classtype:trojan-activity;sid:84737976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.103.25"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874875/; classtype:trojan-activity;sid:84737975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4444/16020572.bin"; depth:18; endswith; nocase; http.host; content:"27.124.40.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874874/; classtype:trojan-activity;sid:84737974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/444/chart.exe"; depth:14; endswith; nocase; http.host; content:"27.124.40.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874872/; classtype:trojan-activity;sid:84737972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4444/chart.exe"; depth:15; endswith; nocase; http.host; content:"27.124.40.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874873/; classtype:trojan-activity;sid:84737973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"149.28.42.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874871/; classtype:trojan-activity;sid:84737971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.94.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874870/; classtype:trojan-activity;sid:84737970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.184.170.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874869/; classtype:trojan-activity;sid:84737969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.35.78.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874868/; classtype:trojan-activity;sid:84737968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.96.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874867/; classtype:trojan-activity;sid:84737967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.36.61.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874866/; classtype:trojan-activity;sid:84737966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.141.199"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874865/; classtype:trojan-activity;sid:84737965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"157.211.178.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874863/; classtype:trojan-activity;sid:84737963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.184.170.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874864/; classtype:trojan-activity;sid:84737964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c3a07065-8e54-4976-92dd-0d1f14b3e07d"; depth:47; endswith; nocase; http.host; content:"2b4zfudu.ekhtelalat.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874862/; classtype:trojan-activity;sid:84737962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.14.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874861/; classtype:trojan-activity;sid:84737961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.146.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874860/; classtype:trojan-activity;sid:84737960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.223.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874859/; classtype:trojan-activity;sid:84737959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.35.78.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874858/; classtype:trojan-activity;sid:84737958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.16.164.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874857/; classtype:trojan-activity;sid:84737957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e9aae35f-7518-4b0c-b360-50a20b91c243"; depth:47; endswith; nocase; http.host; content:"qze3e7uq.megaparivip.net"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874856/; classtype:trojan-activity;sid:84737956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.169.222"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874855/; classtype:trojan-activity;sid:84737955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.146.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874854/; classtype:trojan-activity;sid:84737954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.122.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874853/; classtype:trojan-activity;sid:84737953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874852/; classtype:trojan-activity;sid:84737952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.114.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874851/; classtype:trojan-activity;sid:84737951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"verification-claude-cdn.beer"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874850/; classtype:trojan-activity;sid:84737950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"code.verification-claude-cdn.beer"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874848/; classtype:trojan-activity;sid:84737948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"codecerification.beer"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874849/; classtype:trojan-activity;sid:84737949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"idverification-code.beer"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874844/; classtype:trojan-activity;sid:84737944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"cdn-2faclov.sbs"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874845/; classtype:trojan-activity;sid:84737945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"claudverification-id.beer"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874846/; classtype:trojan-activity;sid:84737946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"ethercdnns.beer"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874847/; classtype:trojan-activity;sid:84737947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"verification-code-js.beer"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874843/; classtype:trojan-activity;sid:84737943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"claudesave.beer"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874842/; classtype:trojan-activity;sid:84737942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"framesavecloudjs.beer"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874840/; classtype:trojan-activity;sid:84737940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_62b5e41d6225f9e5.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874841/; classtype:trojan-activity;sid:84737941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.234.142"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874839/; classtype:trojan-activity;sid:84737939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.234.142"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874838/; classtype:trojan-activity;sid:84737938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.41"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874837/; classtype:trojan-activity;sid:84737937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.169.222"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874836/; classtype:trojan-activity;sid:84737936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.196.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874835/; classtype:trojan-activity;sid:84737935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.123.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874834/; classtype:trojan-activity;sid:84737934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.41"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874833/; classtype:trojan-activity;sid:84737933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.196.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874832/; classtype:trojan-activity;sid:84737932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=75ae8a0c-7e51-4f2a-8c55-a6490d9b08a9"; depth:47; endswith; nocase; http.host; content:"az6trzrx.one1xbet.vip"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874831/; classtype:trojan-activity;sid:84737931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.198.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874830/; classtype:trojan-activity;sid:84737930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.36.232"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874829/; classtype:trojan-activity;sid:84737929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"149.71.39.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874828/; classtype:trojan-activity;sid:84737928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.36.232"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874827/; classtype:trojan-activity;sid:84737927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.233.94.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874826/; classtype:trojan-activity;sid:84737926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.19.49.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874825/; classtype:trojan-activity;sid:84737925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.164"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874824/; classtype:trojan-activity;sid:84737924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2ec2b287-b544-43d5-bb1c-5546e07d4fe0"; depth:47; endswith; nocase; http.host; content:"ordiljgt.entegaljerm.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874823/; classtype:trojan-activity;sid:84737923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.53.14"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874822/; classtype:trojan-activity;sid:84737922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874821/; classtype:trojan-activity;sid:84737921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.44.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874820/; classtype:trojan-activity;sid:84737920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.44.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874819/; classtype:trojan-activity;sid:84737919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/stego_payload.png"; depth:30; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874817/; classtype:trojan-activity;sid:84737917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/usgh.png"; depth:21; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874818/; classtype:trojan-activity;sid:84737918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhtg.png"; depth:9; endswith; nocase; http.host; content:"chayadip.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874816/; classtype:trojan-activity;sid:84737916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logs/pdf.ps1"; depth:13; endswith; nocase; http.host; content:"tecmon.hr"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874815/; classtype:trojan-activity;sid:84737915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/catpidbd.png"; depth:25; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874812/; classtype:trojan-activity;sid:84737912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/6r5df.png"; depth:22; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874813/; classtype:trojan-activity;sid:84737913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/fggfu.png"; depth:22; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874814/; classtype:trojan-activity;sid:84737914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/stego_payload%20(3).png"; depth:36; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874805/; classtype:trojan-activity;sid:84737905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/stego_payload%20(31).png"; depth:37; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874806/; classtype:trojan-activity;sid:84737906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/spmid.png"; depth:22; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874807/; classtype:trojan-activity;sid:84737907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/htfd.png"; depth:21; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874808/; classtype:trojan-activity;sid:84737908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/gdfytdy.png"; depth:24; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874809/; classtype:trojan-activity;sid:84737909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/stego_payload%20(6).png"; depth:36; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874810/; classtype:trojan-activity;sid:84737910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/shshs.png"; depth:22; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874811/; classtype:trojan-activity;sid:84737911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/sgdh.png"; depth:21; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874804/; classtype:trojan-activity;sid:84737904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/stego_payload%20(9).png"; depth:36; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874802/; classtype:trojan-activity;sid:84737902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/erffh.png"; depth:22; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874803/; classtype:trojan-activity;sid:84737903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.19.49.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874801/; classtype:trojan-activity;sid:84737901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmdlhntj/stub.ps1"; depth:18; endswith; nocase; http.host; content:"day023.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874800/; classtype:trojan-activity;sid:84737900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb7e19"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874798/; classtype:trojan-activity;sid:84737898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djc"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874799/; classtype:trojan-activity;sid:84737899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f8518e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874787/; classtype:trojan-activity;sid:84737887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95c879"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874788/; classtype:trojan-activity;sid:84737888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cac388"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874789/; classtype:trojan-activity;sid:84737889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcd1bd"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874790/; classtype:trojan-activity;sid:84737890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85b314"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874791/; classtype:trojan-activity;sid:84737891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a09a82"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874792/; classtype:trojan-activity;sid:84737892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52d828"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874793/; classtype:trojan-activity;sid:84737893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25ad59"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874794/; classtype:trojan-activity;sid:84737894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab5a00"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874795/; classtype:trojan-activity;sid:84737895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5a1f7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874796/; classtype:trojan-activity;sid:84737896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5eab74"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874797/; classtype:trojan-activity;sid:84737897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3a9685"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874786/; classtype:trojan-activity;sid:84737886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6077f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874779/; classtype:trojan-activity;sid:84737879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76f105"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874780/; classtype:trojan-activity;sid:84737880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xju"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874781/; classtype:trojan-activity;sid:84737881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kao"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874782/; classtype:trojan-activity;sid:84737882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7se"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874783/; classtype:trojan-activity;sid:84737883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ml97"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874784/; classtype:trojan-activity;sid:84737884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874785/; classtype:trojan-activity;sid:84737885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53718b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874746/; classtype:trojan-activity;sid:84737846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8b48e3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874747/; classtype:trojan-activity;sid:84737847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/259653"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874748/; classtype:trojan-activity;sid:84737848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f9935e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874749/; classtype:trojan-activity;sid:84737849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3a410b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874750/; classtype:trojan-activity;sid:84737850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/213b67"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874751/; classtype:trojan-activity;sid:84737851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d34e03"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874752/; classtype:trojan-activity;sid:84737852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1e6c9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874753/; classtype:trojan-activity;sid:84737853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b1b7f2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874754/; classtype:trojan-activity;sid:84737854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/028f6a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874755/; classtype:trojan-activity;sid:84737855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37bdbc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874756/; classtype:trojan-activity;sid:84737856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1453be"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874757/; classtype:trojan-activity;sid:84737857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa906b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874758/; classtype:trojan-activity;sid:84737858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21ab20"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874759/; classtype:trojan-activity;sid:84737859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/082fe9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874760/; classtype:trojan-activity;sid:84737860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee85c3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874761/; classtype:trojan-activity;sid:84737861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d92bc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874762/; classtype:trojan-activity;sid:84737862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e4048"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874763/; classtype:trojan-activity;sid:84737863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dfa29"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874764/; classtype:trojan-activity;sid:84737864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3127f9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874765/; classtype:trojan-activity;sid:84737865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d61626"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874766/; classtype:trojan-activity;sid:84737866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a283cc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874767/; classtype:trojan-activity;sid:84737867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1821a1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874768/; classtype:trojan-activity;sid:84737868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2e28fb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874769/; classtype:trojan-activity;sid:84737869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15ce08"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874770/; classtype:trojan-activity;sid:84737870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4a013d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874771/; classtype:trojan-activity;sid:84737871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c482f7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874772/; classtype:trojan-activity;sid:84737872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff6b53"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874773/; classtype:trojan-activity;sid:84737873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b83c61"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874774/; classtype:trojan-activity;sid:84737874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50b182"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874775/; classtype:trojan-activity;sid:84737875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b48c1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874776/; classtype:trojan-activity;sid:84737876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7ceda2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874777/; classtype:trojan-activity;sid:84737877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7634e8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874778/; classtype:trojan-activity;sid:84737878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.208.112.127"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874745/; classtype:trojan-activity;sid:84737845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.149.107.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874744/; classtype:trojan-activity;sid:84737844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874743/; classtype:trojan-activity;sid:84737843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/img_130809.png"; depth:24; endswith; nocase; http.host; content:"techosazteca.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874742/; classtype:trojan-activity;sid:84737842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyhgl"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874739/; classtype:trojan-activity;sid:84737839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftm0-40po-ao28-g98e/img_qiql6d.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874740/; classtype:trojan-activity;sid:84737840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftm0-40po-ao28-g98e/img_d3tsz1.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874741/; classtype:trojan-activity;sid:84737841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.jpg"; depth:6; endswith; nocase; http.host; content:"kzaa.co.za"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874738/; classtype:trojan-activity;sid:84737838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874737/; classtype:trojan-activity;sid:84737837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dgof.png"; depth:9; endswith; nocase; http.host; content:"pub-1900be17f2994b5580d602f23eb7fb93.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874736/; classtype:trojan-activity;sid:84737836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uifin"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874735/; classtype:trojan-activity;sid:84737835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mbgex.png"; depth:10; endswith; nocase; http.host; content:"pub-3eb258fc94fd47cd88d3b4950dd66492.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874733/; classtype:trojan-activity;sid:84737833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wexokcyu.png"; depth:13; endswith; nocase; http.host; content:"pub-6f0dab4f7243480ba98591e4c6e339f9.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874734/; classtype:trojan-activity;sid:84737834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874732/; classtype:trojan-activity;sid:84737832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.230.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874731/; classtype:trojan-activity;sid:84737831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.32.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874730/; classtype:trojan-activity;sid:84737830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/taxii/richy.png"; depth:25; endswith; nocase; http.host; content:"serverfile.click"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874728/; classtype:trojan-activity;sid:84737828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/taxii/optimizedrump.png"; depth:33; endswith; nocase; http.host; content:"serverfile.click"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874729/; classtype:trojan-activity;sid:84737829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/includes/taxii/dbk.png"; depth:23; endswith; nocase; http.host; content:"serverfile.click"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874727/; classtype:trojan-activity;sid:84737827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.137.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874726/; classtype:trojan-activity;sid:84737826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.137.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874725/; classtype:trojan-activity;sid:84737825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.214.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874724/; classtype:trojan-activity;sid:84737824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.41.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874723/; classtype:trojan-activity;sid:84737823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.91.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874722/; classtype:trojan-activity;sid:84737822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.223.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874721/; classtype:trojan-activity;sid:84737821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23x06x2026_x64.exe"; depth:19; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874720/; classtype:trojan-activity;sid:84737820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client4.exe"; depth:12; endswith; nocase; http.host; content:"yettyagency.tz"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874719/; classtype:trojan-activity;sid:84737819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; depth:63; endswith; nocase; http.host; content:"172.86.107.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874718/; classtype:trojan-activity;sid:84737818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ojstub.ps1"; depth:11; endswith; nocase; http.host; content:"mail.avicennaalliedhealthinstitute.org"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874716/; classtype:trojan-activity;sid:84737816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stubmy.ps1"; depth:11; endswith; nocase; http.host; content:"mail.avicennaalliedhealthinstitute.org"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874717/; classtype:trojan-activity;sid:84737817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/therecruiter809876/liquidbounce/master/nexusclient-1.21.1-v2.0.4.jar"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874715/; classtype:trojan-activity;sid:84737815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hunterdevops/cs2-training-toolkit/releases/download/cs2/c2ware.by.hunterdevops.v3.1.zip"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874714/; classtype:trojan-activity;sid:84737814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kworker"; depth:8; endswith; nocase; http.host; content:"168.222.254.230"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874713/; classtype:trojan-activity;sid:84737813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.116.120.29"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874708/; classtype:trojan-activity;sid:84737808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"police2026work2106.vercel.app"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874709/; classtype:trojan-activity;sid:84737809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl/wuwsjfijjqus/svchost.exe"; depth:28; endswith; nocase; http.host; content:"tmpfiles.org"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874710/; classtype:trojan-activity;sid:84737810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tealweaponsmith/arc-raiders-fps-optimizer-ai/releases/download/optimizer-booster/arkoptimizerfps+.by.xxgamecoder.zip"; depth:117; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874711/; classtype:trojan-activity;sid:84737811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crahulam/arc_raiders_fps_booster/releases/download/v2.3.3/arc_raiders_fps_booster.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874712/; classtype:trojan-activity;sid:84737812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.i686"; depth:22; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874704/; classtype:trojan-activity;sid:84737804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.x86_64"; depth:24; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874705/; classtype:trojan-activity;sid:84737805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.x86"; depth:21; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874706/; classtype:trojan-activity;sid:84737806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.mips"; depth:22; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874707/; classtype:trojan-activity;sid:84737807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_67f5cec408166426.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874702/; classtype:trojan-activity;sid:84737802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4c46142d9f2fb57c.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874703/; classtype:trojan-activity;sid:84737803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.125.2"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874701/; classtype:trojan-activity;sid:84737801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.91.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874700/; classtype:trojan-activity;sid:84737800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5a7e45b0-bbc7-4b87-a60f-d043508040bd"; depth:47; endswith; nocase; http.host; content:"m3f7xwi4.ensandareslam.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874699/; classtype:trojan-activity;sid:84737799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.77.175"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874698/; classtype:trojan-activity;sid:84737798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.10.4"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874697/; classtype:trojan-activity;sid:84737797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.136.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874696/; classtype:trojan-activity;sid:84737796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.196.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874695/; classtype:trojan-activity;sid:84737795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ec8085ba-a62a-497b-9c3e-ee8eb13146b3"; depth:47; endswith; nocase; http.host; content:"jxsf8qrc.edareumumi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874694/; classtype:trojan-activity;sid:84737794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.8.236"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874693/; classtype:trojan-activity;sid:84737793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.214.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874692/; classtype:trojan-activity;sid:84737792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.212.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874691/; classtype:trojan-activity;sid:84737791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.212.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874690/; classtype:trojan-activity;sid:84737790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.89.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874689/; classtype:trojan-activity;sid:84737789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.228.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874688/; classtype:trojan-activity;sid:84737788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.8.236"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874687/; classtype:trojan-activity;sid:84737787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.89.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874686/; classtype:trojan-activity;sid:84737786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874685/; classtype:trojan-activity;sid:84737785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.129.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874684/; classtype:trojan-activity;sid:84737784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.129.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874683/; classtype:trojan-activity;sid:84737783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.28.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874682/; classtype:trojan-activity;sid:84737782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.142.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874681/; classtype:trojan-activity;sid:84737781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c53a6582-4b18-4206-ae2b-8a45c190560f"; depth:47; endswith; nocase; http.host; content:"foorar9u.megapariwin.poker"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874679/; classtype:trojan-activity;sid:84737779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=521ee65b-b9c7-4244-939c-cefd892636e3"; depth:47; endswith; nocase; http.host; content:"yw1tz6yc.englishekhtesasi.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874680/; classtype:trojan-activity;sid:84737780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.28.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874678/; classtype:trojan-activity;sid:84737778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.152.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874676/; classtype:trojan-activity;sid:84737776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.152.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874677/; classtype:trojan-activity;sid:84737777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.205.183"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874675/; classtype:trojan-activity;sid:84737775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.205.183"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874674/; classtype:trojan-activity;sid:84737774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.173.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874673/; classtype:trojan-activity;sid:84737773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.90.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874672/; classtype:trojan-activity;sid:84737772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.86.229.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874671/; classtype:trojan-activity;sid:84737771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.90.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874670/; classtype:trojan-activity;sid:84737770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874669/; classtype:trojan-activity;sid:84737769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.173.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874668/; classtype:trojan-activity;sid:84737768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.75.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874667/; classtype:trojan-activity;sid:84737767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.99.216"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874666/; classtype:trojan-activity;sid:84737766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.193.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874665/; classtype:trojan-activity;sid:84737765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.38.24.33"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874664/; classtype:trojan-activity;sid:84737764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.75.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874663/; classtype:trojan-activity;sid:84737763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=997b9b09-ae25-4915-a91e-5ce18e1b35f0"; depth:47; endswith; nocase; http.host; content:"xgj65td7.engelabshafifar.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874662/; classtype:trojan-activity;sid:84737762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.232.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874661/; classtype:trojan-activity;sid:84737761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.0.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874660/; classtype:trojan-activity;sid:84737760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.10.133.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874659/; classtype:trojan-activity;sid:84737759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.38.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874658/; classtype:trojan-activity;sid:84737758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.72.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874656/; classtype:trojan-activity;sid:84737756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.186.230.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874657/; classtype:trojan-activity;sid:84737757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.38.24.33"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874655/; classtype:trojan-activity;sid:84737755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.7.55"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874654/; classtype:trojan-activity;sid:84737754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.102.33"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874653/; classtype:trojan-activity;sid:84737753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.38.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874652/; classtype:trojan-activity;sid:84737752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.186.230.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874651/; classtype:trojan-activity;sid:84737751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.14.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874650/; classtype:trojan-activity;sid:84737750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.7.55"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874649/; classtype:trojan-activity;sid:84737749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.161.252.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874648/; classtype:trojan-activity;sid:84737748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.111.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874646/; classtype:trojan-activity;sid:84737746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"190.103.68.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874647/; classtype:trojan-activity;sid:84737747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.161.252.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874645/; classtype:trojan-activity;sid:84737745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.79.160.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874644/; classtype:trojan-activity;sid:84737744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.203.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874643/; classtype:trojan-activity;sid:84737743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.147.81.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874642/; classtype:trojan-activity;sid:84737742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=11c80a8d-a4ee-45a0-b177-da3886af882f"; depth:47; endswith; nocase; http.host; content:"d52cv625.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874641/; classtype:trojan-activity;sid:84737741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.147.81.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874640/; classtype:trojan-activity;sid:84737740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.203.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874639/; classtype:trojan-activity;sid:84737739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.112.128"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874637/; classtype:trojan-activity;sid:84737737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.112.128"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874638/; classtype:trojan-activity;sid:84737738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874636/; classtype:trojan-activity;sid:84737736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=54e076b1-cc67-4ddf-a6a9-c8086a591c25"; depth:47; endswith; nocase; http.host; content:"nqw33qaj.engelabiran.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874635/; classtype:trojan-activity;sid:84737735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.163.16"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874634/; classtype:trojan-activity;sid:84737734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.190"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874633/; classtype:trojan-activity;sid:84737733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.83.128.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874632/; classtype:trojan-activity;sid:84737732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.40.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874631/; classtype:trojan-activity;sid:84737731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oix"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874628/; classtype:trojan-activity;sid:84737728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3kje"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874629/; classtype:trojan-activity;sid:84737729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lil"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874630/; classtype:trojan-activity;sid:84737730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.77.175"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874627/; classtype:trojan-activity;sid:84737727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.163.16"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874626/; classtype:trojan-activity;sid:84737726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.123.205.117"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874625/; classtype:trojan-activity;sid:84737725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.112.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_23; reference:url, urlhaus.abuse.ch/url/3874624/; classtype:trojan-activity;sid:84737724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.83.128.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874623/; classtype:trojan-activity;sid:84737723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.90.141"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874622/; classtype:trojan-activity;sid:84737722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.108.230.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874621/; classtype:trojan-activity;sid:84737721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.40.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874620/; classtype:trojan-activity;sid:84737720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nwk"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874619/; classtype:trojan-activity;sid:84737719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qic"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874618/; classtype:trojan-activity;sid:84737718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9db9"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874617/; classtype:trojan-activity;sid:84737717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9eaa09f5-33b4-4401-9884-4a9888757417"; depth:47; endswith; nocase; http.host; content:"1iubqhod.megapariwin.casino"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874616/; classtype:trojan-activity;sid:84737716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.34.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874615/; classtype:trojan-activity;sid:84737715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874614/; classtype:trojan-activity;sid:84737714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.123.205.117"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874613/; classtype:trojan-activity;sid:84737713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/larm4"; depth:6; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874612/; classtype:trojan-activity;sid:84737712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/larm5"; depth:6; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874610/; classtype:trojan-activity;sid:84737710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/larm7"; depth:6; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874611/; classtype:trojan-activity;sid:84737711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"62.60.251.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874606/; classtype:trojan-activity;sid:84737706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"62.60.251.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874607/; classtype:trojan-activity;sid:84737707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"62.60.251.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874608/; classtype:trojan-activity;sid:84737708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"62.60.251.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874609/; classtype:trojan-activity;sid:84737709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmpsl"; depth:6; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874604/; classtype:trojan-activity;sid:84737704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"62.60.251.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874605/; classtype:trojan-activity;sid:84737705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.141.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874603/; classtype:trojan-activity;sid:84737703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.136.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874602/; classtype:trojan-activity;sid:84737702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.74.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874601/; classtype:trojan-activity;sid:84737701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.195.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874600/; classtype:trojan-activity;sid:84737700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.53.231.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874599/; classtype:trojan-activity;sid:84737699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.136.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874598/; classtype:trojan-activity;sid:84737698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.76.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874597/; classtype:trojan-activity;sid:84737697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ab1ec46c-a270-4fe6-935f-c25902be4d72"; depth:47; endswith; nocase; http.host; content:"3bds554w.megaparivip.vip"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874596/; classtype:trojan-activity;sid:84737696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.183.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874595/; classtype:trojan-activity;sid:84737695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874593/; classtype:trojan-activity;sid:84737693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.168.126.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874594/; classtype:trojan-activity;sid:84737694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.74.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874592/; classtype:trojan-activity;sid:84737692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.195.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874591/; classtype:trojan-activity;sid:84737691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.53.231.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874590/; classtype:trojan-activity;sid:84737690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.168.126.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874589/; classtype:trojan-activity;sid:84737689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.250.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874588/; classtype:trojan-activity;sid:84737688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.28.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874587/; classtype:trojan-activity;sid:84737687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.138.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874586/; classtype:trojan-activity;sid:84737686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron13/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874585/; classtype:trojan-activity;sid:84737685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron12/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874584/; classtype:trojan-activity;sid:84737684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.91.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874583/; classtype:trojan-activity;sid:84737683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.138.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874582/; classtype:trojan-activity;sid:84737682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.226.3.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874581/; classtype:trojan-activity;sid:84737681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.124.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874580/; classtype:trojan-activity;sid:84737680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.21.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874579/; classtype:trojan-activity;sid:84737679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.53.14"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874578/; classtype:trojan-activity;sid:84737678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874577/; classtype:trojan-activity;sid:84737677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874576/; classtype:trojan-activity;sid:84737676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.226.3.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874575/; classtype:trojan-activity;sid:84737675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.218.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874574/; classtype:trojan-activity;sid:84737674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.21.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874573/; classtype:trojan-activity;sid:84737673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.34.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874572/; classtype:trojan-activity;sid:84737672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.16.164.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874571/; classtype:trojan-activity;sid:84737671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.123.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874570/; classtype:trojan-activity;sid:84737670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.226.152"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874569/; classtype:trojan-activity;sid:84737669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bd56dd9b-803f-4a4b-8124-5ce6355ff5af"; depth:47; endswith; nocase; http.host; content:"xbf6th7x.megaparicom.poker"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874568/; classtype:trojan-activity;sid:84737668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874567/; classtype:trojan-activity;sid:84737667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.218.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874566/; classtype:trojan-activity;sid:84737666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874565/; classtype:trojan-activity;sid:84737665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.255.254.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874564/; classtype:trojan-activity;sid:84737664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874563/; classtype:trojan-activity;sid:84737663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.141.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874562/; classtype:trojan-activity;sid:84737662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.65.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874561/; classtype:trojan-activity;sid:84737661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.178.39.174"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874560/; classtype:trojan-activity;sid:84737660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.36.61.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874559/; classtype:trojan-activity;sid:84737659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.61.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874558/; classtype:trojan-activity;sid:84737658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.168.120"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874557/; classtype:trojan-activity;sid:84737657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ecee7dc8-1d49-415e-be42-d124f4e7efa9"; depth:47; endswith; nocase; http.host; content:"92a3tm8e.1x303.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874556/; classtype:trojan-activity;sid:84737656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.61.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874555/; classtype:trojan-activity;sid:84737655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.54.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874554/; classtype:trojan-activity;sid:84737654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874553/; classtype:trojan-activity;sid:84737653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.41.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874552/; classtype:trojan-activity;sid:84737652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.60.46"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874551/; classtype:trojan-activity;sid:84737651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_124ebea06ddce2ed.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874550/; classtype:trojan-activity;sid:84737650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.65.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874549/; classtype:trojan-activity;sid:84737649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.94.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874548/; classtype:trojan-activity;sid:84737648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874547/; classtype:trojan-activity;sid:84737647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.18.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874546/; classtype:trojan-activity;sid:84737646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874545/; classtype:trojan-activity;sid:84737645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.190"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874544/; classtype:trojan-activity;sid:84737644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.115.102.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874543/; classtype:trojan-activity;sid:84737643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.18.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874542/; classtype:trojan-activity;sid:84737642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_0e1ac68890c06603.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874541/; classtype:trojan-activity;sid:84737641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.180.117"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874540/; classtype:trojan-activity;sid:84737640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874539/; classtype:trojan-activity;sid:84737639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.85.98.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874538/; classtype:trojan-activity;sid:84737638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.220"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874537/; classtype:trojan-activity;sid:84737637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7f25e7d5-3866-4df3-bd96-2d9d8244039b"; depth:47; endswith; nocase; http.host; content:"1di0v3ei.one1xbetfa.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874536/; classtype:trojan-activity;sid:84737636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a7593533-0a50-4239-9252-fc77efd4d0b5"; depth:47; endswith; nocase; http.host; content:"o8eyo1vo.megaparivip.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874535/; classtype:trojan-activity;sid:84737635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.102.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874534/; classtype:trojan-activity;sid:84737634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.115.102.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874533/; classtype:trojan-activity;sid:84737633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.193.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874532/; classtype:trojan-activity;sid:84737632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.180.117"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874531/; classtype:trojan-activity;sid:84737631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.118.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874530/; classtype:trojan-activity;sid:84737630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.231.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874529/; classtype:trojan-activity;sid:84737629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.118.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874528/; classtype:trojan-activity;sid:84737628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.193.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874527/; classtype:trojan-activity;sid:84737627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_964a41c5ea52bfc9.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874526/; classtype:trojan-activity;sid:84737626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.126"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874525/; classtype:trojan-activity;sid:84737625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.181.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874524/; classtype:trojan-activity;sid:84737624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.231.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874523/; classtype:trojan-activity;sid:84737623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.253.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874522/; classtype:trojan-activity;sid:84737622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.147.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874521/; classtype:trojan-activity;sid:84737621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.193.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874520/; classtype:trojan-activity;sid:84737620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.14.118.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874519/; classtype:trojan-activity;sid:84737619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/resmushit-image-optimizer/stego_payload.png"; depth:63; endswith; nocase; http.host; content:"ach-sa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874518/; classtype:trojan-activity;sid:84737618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.183.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874517/; classtype:trojan-activity;sid:84737617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maiv/stego_payloads.png"; depth:24; endswith; nocase; http.host; content:"lb.nigsv.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874516/; classtype:trojan-activity;sid:84737616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ch.bat"; depth:7; endswith; nocase; http.host; content:"stockholm-pump-aged-truck.trycloudflare.com"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874515/; classtype:trojan-activity;sid:84737615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.137.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874514/; classtype:trojan-activity;sid:84737614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enter/stego_payload1.png"; depth:25; endswith; nocase; http.host; content:"latinaria.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874513/; classtype:trojan-activity;sid:84737613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pred.inf"; depth:9; endswith; nocase; http.host; content:"grantexx.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874512/; classtype:trojan-activity;sid:84737612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.54.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874511/; classtype:trojan-activity;sid:84737611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffsa3b.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874510/; classtype:trojan-activity;sid:84737610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qtibs"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874509/; classtype:trojan-activity;sid:84737609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.112.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874508/; classtype:trojan-activity;sid:84737608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4444.exe"; depth:9; endswith; nocase; http.host; content:"royalcare-sy.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874507/; classtype:trojan-activity;sid:84737607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tilsee.cur"; depth:11; endswith; nocase; http.host; content:"grantexx.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874505/; classtype:trojan-activity;sid:84737605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=14gdct9n0frg_0j3dk1zhxjpkhkfhsbvz"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874506/; classtype:trojan-activity;sid:84737606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.1.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874504/; classtype:trojan-activity;sid:84737604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1y-dqcn3frltuh1cxovts2t3ufa9mziid"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874503/; classtype:trojan-activity;sid:84737603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e423e311-1b73-4e5d-8e0a-f97e10651d87"; depth:47; endswith; nocase; http.host; content:"c4cxraym.megaparicom.poker"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874502/; classtype:trojan-activity;sid:84737602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.253.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874501/; classtype:trojan-activity;sid:84737601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftm0-40po-ao28-g98e/img_eqjdyx.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874500/; classtype:trojan-activity;sid:84737600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftm0-40po-ao28-g98e/img_kgeewt.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874499/; classtype:trojan-activity;sid:84737599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/258/ec/weneedbestthingseverandeveryforagoodlifetolive.hta"; depth:58; endswith; nocase; http.host; content:"192.3.140.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874498/; classtype:trojan-activity;sid:84737598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"fogotten17.vercel.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874497/; classtype:trojan-activity;sid:84737597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.114.178.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874495/; classtype:trojan-activity;sid:84737595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dragonballs76ace.exe"; depth:21; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874494/; classtype:trojan-activity;sid:84737594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reviwe/|3f|download=built_stub.exe"; depth:35; endswith; nocase; http.host; content:"teams.alfredcore.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874493/; classtype:trojan-activity;sid:84737593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dtywbqrnaaz461tdks7kdnvynowyffwr"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874491/; classtype:trojan-activity;sid:84737591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gk9hapmb_ndvvxxd3fhc_e4zwrlac1a3"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874492/; classtype:trojan-activity;sid:84737592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kjhgl.png"; depth:10; endswith; nocase; http.host; content:"chayadip.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874489/; classtype:trojan-activity;sid:84737589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=10tjumz7wfvneb23uabg9anqmgiwrgrkp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874490/; classtype:trojan-activity;sid:84737590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuvbsuvtfwdqpdpwneqwtiiy49.bin"; depth:31; endswith; nocase; http.host; content:"pub-364c6b3011ca492cab2354176cfaf3f0.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874487/; classtype:trojan-activity;sid:84737587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skrivem.ocx"; depth:12; endswith; nocase; http.host; content:"pub-364c6b3011ca492cab2354176cfaf3f0.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874488/; classtype:trojan-activity;sid:84737588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dauzhsh6c6crvrfn_1fexszwzazbto-c"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874484/; classtype:trojan-activity;sid:84737584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11ikhhvbecrxqda9a2rj8jrytsrufrspk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874485/; classtype:trojan-activity;sid:84737585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3x8a-dnvi-pdbo-ij36/img_ppk8bt.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874486/; classtype:trojan-activity;sid:84737586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cpbzbcb7zpagfgdwfyjlghgc8hfb0dfh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874483/; classtype:trojan-activity;sid:84737583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1b0pghvrgyztii2exegimja9evlgsz8z5"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874481/; classtype:trojan-activity;sid:84737581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hi6c_o2qikubsb17ehzh5kux7l6rk9_b"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874482/; classtype:trojan-activity;sid:84737582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3x8a-dnvi-pdbo-ij36/img_swerkg.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874480/; classtype:trojan-activity;sid:84737580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etagevasks.mso"; depth:15; endswith; nocase; http.host; content:"pub-364c6b3011ca492cab2354176cfaf3f0.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874479/; classtype:trojan-activity;sid:84737579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k2"; depth:6; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874478/; classtype:trojan-activity;sid:84737578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm_soft3"; depth:10; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874472/; classtype:trojan-activity;sid:84737572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874473/; classtype:trojan-activity;sid:84737573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874474/; classtype:trojan-activity;sid:84737574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel2"; depth:8; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874475/; classtype:trojan-activity;sid:84737575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874476/; classtype:trojan-activity;sid:84737576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm_soft2"; depth:10; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874477/; classtype:trojan-activity;sid:84737577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874469/; classtype:trojan-activity;sid:84737569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874470/; classtype:trojan-activity;sid:84737570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm_soft"; depth:9; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874471/; classtype:trojan-activity;sid:84737571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874466/; classtype:trojan-activity;sid:84737566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874467/; classtype:trojan-activity;sid:84737567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc2"; depth:5; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874468/; classtype:trojan-activity;sid:84737568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.7.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874464/; classtype:trojan-activity;sid:84737564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.137.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874465/; classtype:trojan-activity;sid:84737565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tpo-g4n0-u714-l9kx/img_8bcbsz.png"; depth:35; endswith; nocase; http.host; content:"blue-paper-f69f.acrypters.workers.dev"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874463/; classtype:trojan-activity;sid:84737563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fowap"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874462/; classtype:trojan-activity;sid:84737562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.147.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874461/; classtype:trojan-activity;sid:84737561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/djorigin.png"; depth:18; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874460/; classtype:trojan-activity;sid:84737560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"max-add-mobile.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874457/; classtype:trojan-activity;sid:84737557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"police2206work.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874458/; classtype:trojan-activity;sid:84737558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ogodii.png"; depth:11; endswith; nocase; http.host; content:"gaiadeqi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874459/; classtype:trojan-activity;sid:84737559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3/ipmhdfm.txt"; depth:14; endswith; nocase; http.host; content:"216.9.224.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874456/; classtype:trojan-activity;sid:84737556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.54.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874455/; classtype:trojan-activity;sid:84737555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/schi.png"; depth:9; endswith; nocase; http.host; content:"pub-1900be17f2994b5580d602f23eb7fb93.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874452/; classtype:trojan-activity;sid:84737552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/actv.png"; depth:9; endswith; nocase; http.host; content:"pub-1900be17f2994b5580d602f23eb7fb93.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874453/; classtype:trojan-activity;sid:84737553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bidiasd.png"; depth:12; endswith; nocase; http.host; content:"pub-493b0aca469342c292decf02cdb24f6d.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874454/; classtype:trojan-activity;sid:84737554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saucvvg.png"; depth:12; endswith; nocase; http.host; content:"pub-8d59738861b849e5a38b795cc17b1019.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874451/; classtype:trojan-activity;sid:84737551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/config/stubz.ps1"; depth:17; endswith; nocase; http.host; content:"ventnor.com.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874450/; classtype:trojan-activity;sid:84737550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjbmu"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874449/; classtype:trojan-activity;sid:84737549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aww.png"; depth:8; endswith; nocase; http.host; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874448/; classtype:trojan-activity;sid:84737548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.114.178.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874447/; classtype:trojan-activity;sid:84737547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.44.136.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874446/; classtype:trojan-activity;sid:84737546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.221.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874445/; classtype:trojan-activity;sid:84737545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"107.191.60.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874444/; classtype:trojan-activity;sid:84737544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.sh"; depth:5; endswith; nocase; http.host; content:"107.191.60.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874443/; classtype:trojan-activity;sid:84737543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c"; depth:2; endswith; nocase; http.host; content:"107.191.60.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874441/; classtype:trojan-activity;sid:84737541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"107.191.60.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874442/; classtype:trojan-activity;sid:84737542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auto.sh"; depth:8; endswith; nocase; http.host; content:"107.191.60.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874440/; classtype:trojan-activity;sid:84737540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.7.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874439/; classtype:trojan-activity;sid:84737539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.115.102.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874438/; classtype:trojan-activity;sid:84737538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bak.sh"; depth:7; endswith; nocase; http.host; content:"91.92.241.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874437/; classtype:trojan-activity;sid:84737537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"91.92.241.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874433/; classtype:trojan-activity;sid:84737533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d"; depth:2; endswith; nocase; http.host; content:"91.92.241.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874434/; classtype:trojan-activity;sid:84737534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c"; depth:2; endswith; nocase; http.host; content:"91.92.241.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874435/; classtype:trojan-activity;sid:84737535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"91.92.241.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874436/; classtype:trojan-activity;sid:84737536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocde/1.jpg"; depth:11; endswith; nocase; http.host; content:"brantfordconventioncentre.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874431/; classtype:trojan-activity;sid:84737531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3/sfgrska.txt"; depth:14; endswith; nocase; http.host; content:"216.9.224.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874432/; classtype:trojan-activity;sid:84737532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d6532cf8de02f986.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874430/; classtype:trojan-activity;sid:84737530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/optimized_une22.png"; depth:24; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874429/; classtype:trojan-activity;sid:84737529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/acme-challenge/images/thisweekisnlessedwithriches.png"; depth:66; endswith; nocase; http.host; content:"www.controliumbt.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874427/; classtype:trojan-activity;sid:84737527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/yu2weeks.png"; depth:17; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874428/; classtype:trojan-activity;sid:84737528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/acme-challenge/images/thenewweekisblessed.png"; depth:58; endswith; nocase; http.host; content:"kits.frog.tw"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874426/; classtype:trojan-activity;sid:84737526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rmx12.exe"; depth:10; endswith; nocase; http.host; content:"cliquelogistics.com.pk"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874425/; classtype:trojan-activity;sid:84737525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.168.120"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874424/; classtype:trojan-activity;sid:84737524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.53.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874423/; classtype:trojan-activity;sid:84737523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/text/diff/engine/thimble.exe"; depth:41; endswith; nocase; http.host; content:"cronicasdelcentro.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874422/; classtype:trojan-activity;sid:84737522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index.ps1"; depth:10; endswith; nocase; http.host; content:"193.143.1.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874421/; classtype:trojan-activity;sid:84737521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.145.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874420/; classtype:trojan-activity;sid:84737520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"217.60.241.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874419/; classtype:trojan-activity;sid:84737519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.248.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874418/; classtype:trojan-activity;sid:84737518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.125.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874417/; classtype:trojan-activity;sid:84737517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.199.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874416/; classtype:trojan-activity;sid:84737516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/88/givenbestthingswithbetterplacesinotknowbetter.hta"; depth:53; endswith; nocase; http.host; content:"46.183.223.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874413/; classtype:trojan-activity;sid:84737513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/ecv/sweetnessgivenmebestthingsforever.hta"; depth:45; endswith; nocase; http.host; content:"46.183.223.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874414/; classtype:trojan-activity;sid:84737514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/wegivingbestsolutionsforbetterplaces.js"; depth:43; endswith; nocase; http.host; content:"46.183.223.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874415/; classtype:trojan-activity;sid:84737515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874412/; classtype:trojan-activity;sid:84737512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.162.197.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874411/; classtype:trojan-activity;sid:84737511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.248.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874410/; classtype:trojan-activity;sid:84737510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874409/; classtype:trojan-activity;sid:84737509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d5331822-c203-44c0-9ec7-03ef8fac86f9"; depth:47; endswith; nocase; http.host; content:"25yiumhh.rahnemayenegaresh.site"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874408/; classtype:trojan-activity;sid:84737508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"192.142.54.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874407/; classtype:trojan-activity;sid:84737507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.53.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874405/; classtype:trojan-activity;sid:84737505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"192.142.54.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874406/; classtype:trojan-activity;sid:84737506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"108.61.136.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874404/; classtype:trojan-activity;sid:84737504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"104.238.186.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874403/; classtype:trojan-activity;sid:84737503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"104.238.186.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874402/; classtype:trojan-activity;sid:84737502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874401/; classtype:trojan-activity;sid:84737501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bg/xl.ps1"; depth:10; endswith; nocase; http.host; content:"onyx-ae.cc"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874400/; classtype:trojan-activity;sid:84737500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bg/stub.ps1"; depth:12; endswith; nocase; http.host; content:"onyx-ae.cc"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874399/; classtype:trojan-activity;sid:84737499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bg/la.ps1"; depth:10; endswith; nocase; http.host; content:"onyx-ae.cc"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874398/; classtype:trojan-activity;sid:84737498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.162.197.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874397/; classtype:trojan-activity;sid:84737497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"107.191.37.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874396/; classtype:trojan-activity;sid:84737496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/ovrydnwekzvqonwzqkivykyn28.bin"; depth:40; endswith; nocase; http.host; content:"vaneijkprojecten.nl"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874394/; classtype:trojan-activity;sid:84737494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alkhudarigroupuae/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:100; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874395/; classtype:trojan-activity;sid:84737495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helena-maia/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874381/; classtype:trojan-activity;sid:84737481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seh4835/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874382/; classtype:trojan-activity;sid:84737482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abhishek-dungen/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874383/; classtype:trojan-activity;sid:84737483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khinekhinelin/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:96; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874384/; classtype:trojan-activity;sid:84737484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/githublsy/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:92; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874385/; classtype:trojan-activity;sid:84737485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/priyanshu14077/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874386/; classtype:trojan-activity;sid:84737486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theabhishekar/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:96; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874387/; classtype:trojan-activity;sid:84737487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enriquefgf86/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:95; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874388/; classtype:trojan-activity;sid:84737488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kewayne/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874389/; classtype:trojan-activity;sid:84737489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbddevos/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874390/; classtype:trojan-activity;sid:84737490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muneeb1097m/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874391/; classtype:trojan-activity;sid:84737491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/captain236/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:93; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874392/; classtype:trojan-activity;sid:84737492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugbeh/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874393/; classtype:trojan-activity;sid:84737493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haruharuharuby/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874373/; classtype:trojan-activity;sid:84737473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackchen-code/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:96; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874374/; classtype:trojan-activity;sid:84737474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javidrashid/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874375/; classtype:trojan-activity;sid:84737475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harsukh21/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:92; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874376/; classtype:trojan-activity;sid:84737476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abizerjafferjee/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874377/; classtype:trojan-activity;sid:84737477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edouard-larroche/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:99; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874378/; classtype:trojan-activity;sid:84737478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/costenar0/miaozhu/main/frontend/src/api/software-1.0.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874379/; classtype:trojan-activity;sid:84737479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leejtom/paralives-ultimate-trainer-2026/releases/download/v1.0/paralivestrainer_setup.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874380/; classtype:trojan-activity;sid:84737480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/romanticisationphallales546/openrgb-scripts/main/staphylinid/scripts-openrgb-2.2-alpha.2.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874372/; classtype:trojan-activity;sid:84737472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3abb1aba-8942-43f3-ae09-edb228b3c253"; depth:47; endswith; nocase; http.host; content:"um4y0jp5.megaparicom.casino"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874371/; classtype:trojan-activity;sid:84737471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unavowed-easternchurch142/telegram-to-obsidian/main/config/workspace/skills/obsidian/obsidian_to_telegram_1.3.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874363/; classtype:trojan-activity;sid:84737463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waweruv170/by-binds-yourself/main/completions/by-binds-yourself_1.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874364/; classtype:trojan-activity;sid:84737464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tradmousebutton692/flussonic-exporter/main/deploy/prometheus/flussonic_exporter_1.8.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874365/; classtype:trojan-activity;sid:84737465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hacker193/cmtat-icma-tokenized-bonds/main/contracts/cmtat_tokenized_icma_bonds_3.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874366/; classtype:trojan-activity;sid:84737466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alpercepni/gommit/main/internal/install/software-2.1.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874367/; classtype:trojan-activity;sid:84737467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/holocentrusascensionisbadegg868/pantheon/main/patterns/carve-at-joints/adapters/software_1.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874368/; classtype:trojan-activity;sid:84737468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rotund-episcopate534/hotkeys/main/flowerpecker/software_2.8.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874369/; classtype:trojan-activity;sid:84737469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krissiesmudgy575/aip-foundry-themis-starter/main/scripts/aip-themis-foundry-starter-1.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874370/; classtype:trojan-activity;sid:84737470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luiselius/streamd/main/diglottist/software_v1.5.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874348/; classtype:trojan-activity;sid:84737448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaydenplayz/agent-skills-guide/main/aportoise/guide-skills-agent-1.7.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874349/; classtype:trojan-activity;sid:84737449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indrasurya12/theme_changing_template/main/components/card/theme_changing_template_2.6.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874350/; classtype:trojan-activity;sid:84737450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sah-arch/legalysis/main/legalysis/software-3.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874351/; classtype:trojan-activity;sid:84737451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timesukkumnerd/resonant-archive/main/skills/archive_resonant_3.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874352/; classtype:trojan-activity;sid:84737452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65y6650/hermes-lcm/main/scripts/hermes_lcm_v1.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874353/; classtype:trojan-activity;sid:84737453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ammarahmed12/ai-resume-analyzer/main/puparium/ai_analyzer_resume_1.9.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874354/; classtype:trojan-activity;sid:84737454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rainbowlight-pixel/claude-cowork-content-plugin/main/content-repurposing/skills/twitter-thread/content-plugin-claude-cowork-v1.1-beta.1.zip"; depth:140; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874355/; classtype:trojan-activity;sid:84737455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isletkreisler490/rawq/main/upwell/software-3.7-beta.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874356/; classtype:trojan-activity;sid:84737456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fauniethermal3522/agentic-dart/main/examples/sample-evidence/web/var/www/html/agentic_dart_v3.4.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874357/; classtype:trojan-activity;sid:84737457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elpit0grande/awesome-free-movies/main/ramfeezled/movies-awesome-free-v2.9.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874358/; classtype:trojan-activity;sid:84737458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filiberto97/iptv-streamwatcher/main/src/iptv_monitor/watcher-ipt-stream-2.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874359/; classtype:trojan-activity;sid:84737459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resolvable-glia938/annexa/main/iceland/software_2.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874360/; classtype:trojan-activity;sid:84737460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gittysb10/movie_recommend/main/data/recommend_movie_v3.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874361/; classtype:trojan-activity;sid:84737461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashu1436/amazon-scraper/main/ogum/scraper-amazon-1.8.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874362/; classtype:trojan-activity;sid:84737462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naltalib/isumsoft-cloner-repack/main/preinsert/i_cloner_sumsoft_repack_v2.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874343/; classtype:trojan-activity;sid:84737443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwwsegunogundeji11-stack/gpt-voyager/main/src/content/gp-voyager-v1.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874344/; classtype:trojan-activity;sid:84737444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pachydermatous-teuton9386/api-manager/main/rules/api_manager_v2.2-beta.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874345/; classtype:trojan-activity;sid:84737445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twylatrumpetlike730/pi-psst/main/extensions/psst_pi_v1.8.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874346/; classtype:trojan-activity;sid:84737446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lannascreaming580/flowscroll/main/flowscroll/locales/scroll-flow-v1.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874347/; classtype:trojan-activity;sid:84737447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daynastraight594/portfolio-template/main/screenshots/portfolio_template_1.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874342/; classtype:trojan-activity;sid:84737442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/senjusenpai18/javascript-interview/main/undesirousness/javascript_interview_v3.6.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874341/; classtype:trojan-activity;sid:84737441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/misterioul/jobs/main/src/api/services/software-v3.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874340/; classtype:trojan-activity;sid:84737440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rust8709/tourino/main/src/software_1.8-beta.4.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874338/; classtype:trojan-activity;sid:84737438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/socrates19/cloudflare-hono-starter/main/node_modules/reveal.js/test/starter_cloudflare_hono_1.3.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874339/; classtype:trojan-activity;sid:84737439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smmdalavi/trezor-wallet-suite-core-hardware-mcu-desing-adress-validator/main/trezor-wallet/nuget/wallet_trezor_suite_core_adress_mcu_hardware_desing_validator_v2.3-beta.2.zip"; depth:175; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874335/; classtype:trojan-activity;sid:84737435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afefnayeem/menustow/main/menustow/menubar/search/software_v3.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874336/; classtype:trojan-activity;sid:84737436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zohaib-0/computer-vision-deep-learning-stack/main/implead/deep-computer-vision-learning-stack-2.7.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874337/; classtype:trojan-activity;sid:84737437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osbertbilled424/macros-log/main/celibacy/log-macros-v2.7.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874329/; classtype:trojan-activity;sid:84737429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connieverbal484/anthropic_hackathon/main/spongoid/hackathon_anthropic_v2.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874330/; classtype:trojan-activity;sid:84737430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svmiizzz/conventional-commit-batcher/main/agents/batcher-commit-conventional-v1.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874331/; classtype:trojan-activity;sid:84737431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unwatchful-conservativism274/personaplex/main/client/src/pages/conversation/components/software_v1.9.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874332/; classtype:trojan-activity;sid:84737432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.66.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874333/; classtype:trojan-activity;sid:84737433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maumanto/jenkins-mcp-server/main/laborant/mcp-server-jenkins-3.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874334/; classtype:trojan-activity;sid:84737434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rampant-zionism337/phoenix-framework/main/src/core/phoenix-framework-v3.7-alpha.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874328/; classtype:trojan-activity;sid:84737428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/purpletrainwreck/complete-guide-for-secure-boot-on-arch-linux-with-refind/main/summons/arch_ind_with_secure_guide_ef_linux_boot_r_complete_for_on_v3.8-alpha.1.zip"; depth:163; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874327/; classtype:trojan-activity;sid:84737427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucas-camilo-dados/linkme/main/themes/software_1.5.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874323/; classtype:trojan-activity;sid:84737423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigcola2020/openclaw-jarvis-memory/main/skills/mem-redis/openclaw_memory_jarvis_2.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874324/; classtype:trojan-activity;sid:84737424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ordered-tincture209/open-zeu/main/ui/open_zeu_3.6.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874325/; classtype:trojan-activity;sid:84737425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shadowy-screed33/mindful-trail/main/laang/trail-mindful-1.1-alpha.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874326/; classtype:trojan-activity;sid:84737426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdhsdfgjh/nestify-project/main/public/css/nestify_project_1.0.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874319/; classtype:trojan-activity;sid:84737419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/catengue/stillepost/main/python_code/software-v3.0.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874320/; classtype:trojan-activity;sid:84737420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neocortical-one877/ts-quality/main/packages/legitimacy/ts-quality-v3.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874321/; classtype:trojan-activity;sid:84737421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justdvp/claude-code-templates/main/cli-tool/src/analytics/utils/templates_code_claude_1.8.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874322/; classtype:trojan-activity;sid:84737422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secretresell/ai-finance-trading-agent/main/oppugnant/agent_trading_finance_ai_v2.8.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874315/; classtype:trojan-activity;sid:84737415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bayvapourisable154/stratum/main/klipfish/software_v2.4-alpha.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874316/; classtype:trojan-activity;sid:84737416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rudge0/dynamo-rl/main/examples/sft/multiturn/dyna-m-rl-v1.2-alpha.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874317/; classtype:trojan-activity;sid:84737417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oscine-mustercall181/advanced-excel-retail-sales-analysis/main/cutworm/advanced-sales-analysis-retail-excel-v3.6.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874318/; classtype:trojan-activity;sid:84737418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kermithermit/agentic-commerce-protocol/main/changelog/agentic_commerce_protocol_v3.6-beta.5.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874310/; classtype:trojan-activity;sid:84737410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikramahmadmemon13/grant-thinking-skill/main/agents/skill_thinking_grant_v3.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874311/; classtype:trojan-activity;sid:84737411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lakshmi2655/myclaw/main/assets/my_claw_1.6.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874312/; classtype:trojan-activity;sid:84737412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/annonymouskali10/redbookskills/main/nucleohyaloplasma/red_book_skills_2.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874313/; classtype:trojan-activity;sid:84737413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bachekuni/ohshit.spc"; depth:21; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874314/; classtype:trojan-activity;sid:84737414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aloneboyktk1/medical-resource-simulator/main/.devcontainer/medical-resource-simulator-v1.7.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874308/; classtype:trojan-activity;sid:84737408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scorjr1/envirowatch/main/components/ui/watch-enviro-v3.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874309/; classtype:trojan-activity;sid:84737409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benxt512/bsutils/main/stream/utils-bs-2.5.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874307/; classtype:trojan-activity;sid:84737407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dessert9431/awesome-ai-friendly-cli/main/presuperficially/friendly-awesome-ai-cli-v2.9.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874302/; classtype:trojan-activity;sid:84737402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbk-man/claude-code-owasp/main/.claude/skills/owasp_code_claude_v1.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874303/; classtype:trojan-activity;sid:84737403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alzoube103/openkit/main/examples/styles/software_v3.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874304/; classtype:trojan-activity;sid:84737404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uncorrected-nova574/playtranslate/main/app/src/main/res/software-v3.1-alpha.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874305/; classtype:trojan-activity;sid:84737405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duahmcclean/erp-selenium-qa/main/docs/qa_selenium_erp_1.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874306/; classtype:trojan-activity;sid:84737406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helanzhiyi/audio-annotation-platform/main/examples/audio_platform_annotation_v2.4-beta.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874297/; classtype:trojan-activity;sid:84737397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arigotek/auto_cythonizer_tests/main/cython_cache/build_lib/fibonacci/auto_cythonizer_tests_2.7-alpha.3.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874298/; classtype:trojan-activity;sid:84737398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notboiii/walletgpt-ai-copilot-for-wallets/main/repineful/for-wallet-wallets-gp-copilot-a-v3.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874299/; classtype:trojan-activity;sid:84737399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jjvm2000/terminal-mcp/main/src/terminal/terminal_mcp_2.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874300/; classtype:trojan-activity;sid:84737400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chance6969-hue/__2025_07_08_tvdi_crawler__/main/lesson7/tvdi-crawler-v3.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874301/; classtype:trojan-activity;sid:84737401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anathi-c/backup-linux/main/troutflower/linux-backup-3.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874295/; classtype:trojan-activity;sid:84737395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/footbathfungusgnat32/ghostty-cursor-shaders/main/isodurene/ghostty-cursor-shaders-1.3-beta.1.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874296/; classtype:trojan-activity;sid:84737396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toonjn123456789/constants-float16-eulergamma/main/docs/types/constants-eulergamma-float-v3.8.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874292/; classtype:trojan-activity;sid:84737392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tophole-alphabetizer167/fino/main/client/src/test/software-v2.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874293/; classtype:trojan-activity;sid:84737393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prentisskiplingesque84/focustask/main/public/task_focus_1.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874294/; classtype:trojan-activity;sid:84737394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/denis-arc/is4310-232m4_user_manual/main/rovet/manual_i_user_v1.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874290/; classtype:trojan-activity;sid:84737390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filearsip/wapp/main/helices/software_v3.5-beta.2.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874291/; classtype:trojan-activity;sid:84737391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qboosttt/awesome-openclaw/main/docs/blog/openclaw-awesome-3.5-alpha.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874288/; classtype:trojan-activity;sid:84737388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ramaritacreations/sql-injection-attack-detection/main/dataset/sql_attack_detection_injection_v1.8.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874289/; classtype:trojan-activity;sid:84737389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amansuthar0/microapi-hub/main/clients/web/lib/hub_microapi_2.2-beta.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874285/; classtype:trojan-activity;sid:84737385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ra7701/aulite/main/dashboard/src/lib/software_1.6.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874286/; classtype:trojan-activity;sid:84737386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conceited-watergillyflower311/meilisearch-desktop/main/src/pages/project/meilisearch-desktop-2.6.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874287/; classtype:trojan-activity;sid:84737387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/montycongolese277/awesome-ai-pulse-georgia/main/assets/awesome_ai_pulse_georgia_2.1-beta.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874284/; classtype:trojan-activity;sid:84737384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koxov/comfyui-ayang_node/main/undescribably/node-comfyui-ayang-v1.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874279/; classtype:trojan-activity;sid:84737379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ozii-z/zx-ddos/main/file/do_z_d_s_v2.4.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874280/; classtype:trojan-activity;sid:84737380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marizdacusan/slopsmith/main/tests/software_2.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874281/; classtype:trojan-activity;sid:84737381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucasoil1234799/online-course-pricing-eda-analysis/main/poly/analysis-online-pricing-course-eda-v3.2.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874282/; classtype:trojan-activity;sid:84737382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jesnn123/vibe/main/examples/software-v2.7.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874283/; classtype:trojan-activity;sid:84737383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marinhodomingosm/post-stroke-aphasia-risk-analysis/main/github-pages/src/.observablehq/cache/_npm/aphasia-stroke-analysis-post-risk-1.4-beta.3.zip"; depth:147; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874277/; classtype:trojan-activity;sid:84737377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akroutabdelrrezak/dht11/main/guiser/dh_v3.8.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874278/; classtype:trojan-activity;sid:84737378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phongvthanh/discord-bot/main/startlingly/bot_discord_v2.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874273/; classtype:trojan-activity;sid:84737373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fastks/wedding-photography-web/main/griffade/web_wedding_photography_v2.0.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874274/; classtype:trojan-activity;sid:84737374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emperormode/starus-data-restore-pack-latest-patch/main/berrugate/latest-patch-restore-starus-pack-data-v2.2.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874275/; classtype:trojan-activity;sid:84737375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eror5/visionos-ui-framework/main/documentation/u_o_framework_vision_v2.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874276/; classtype:trojan-activity;sid:84737376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/immunogenic-prismspectroscope589/blender_mcp/main/scripts/quality/mcp-blender-v1.7.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874265/; classtype:trojan-activity;sid:84737365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unfavorable-sutra74/apl-evs/main/headchair/apl-evs_1.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874266/; classtype:trojan-activity;sid:84737366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cane4ka777/qwer/main/.devcontainer/software-v1.3.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874267/; classtype:trojan-activity;sid:84737367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeynepornek/.github/main/profile/github_v1.8-beta.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874268/; classtype:trojan-activity;sid:84737368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adidashyperspace-lab/geosilo/main/scripts/software_v2.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874269/; classtype:trojan-activity;sid:84737369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gitovamb/trackers/main/logo/software_v1.1.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874270/; classtype:trojan-activity;sid:84737370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amynedev/ai-gesture-christmas-tree/main/decarbonization/christmas_tree_gesture_ai_v2.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874271/; classtype:trojan-activity;sid:84737371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logiiiii/unity-agent-skills/main/skills/jahro-logging/skills-agent-unity-v3.9-alpha.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874272/; classtype:trojan-activity;sid:84737372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paul-selvi/impellersharp/main/build/scripts/impeller_sharp_1.5-alpha.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874262/; classtype:trojan-activity;sid:84737362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ieroglifgd/notabeen-ai-email-assistant/main/src/app/privacy-policy/ai_notabeen_assistant_email_3.0.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874263/; classtype:trojan-activity;sid:84737363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klkape6358/mouse-p.i.-for-hire-release-game-desktop-version/main/code/desktop-release-version-game-mous-for-hire-3.3-beta.1.zip"; depth:128; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874264/; classtype:trojan-activity;sid:84737364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mr-mrs-xx1/claude-watch/main/dashboard/claude-watch-1.5.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874261/; classtype:trojan-activity;sid:84737361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvuz/django-multi-tenant-saas-starter-template/main/apps/authentication/tests/template-multi-saa-starter-django-tenant-1.9.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874260/; classtype:trojan-activity;sid:84737360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thainereflecting360/otexum-pulse/main/properties/publishprofiles/otexum_pulse_v1.8-alpha.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874255/; classtype:trojan-activity;sid:84737355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhuiyan17/ai-novel-editor/main/src/gui/viewer/novel-ai-editor-v1.8-beta.3.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874256/; classtype:trojan-activity;sid:84737356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caudalappendagemarmite540/tarantool-bzw/main/jun/tarantool-bzw_v1.0.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874257/; classtype:trojan-activity;sid:84737357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/significancemoloch680/driftcheck/main/internal/driftcheck/software-v3.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874258/; classtype:trojan-activity;sid:84737358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1nashiw2/nioh3-trainer-2026/main/src/trainer-nioh-v1.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874259/; classtype:trojan-activity;sid:84737359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isabre5796/mlb-the-show-26-pc/main/portable-port/ml-show-pc-the-3.4-beta.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874254/; classtype:trojan-activity;sid:84737354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/panoptic-septuagenarian481/oscp-notes/main/autodiffusion/notes_osc_2.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874251/; classtype:trojan-activity;sid:84737351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cldestiny/key-maestro/main/growingupness/key-maestro-2.3-alpha.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874252/; classtype:trojan-activity;sid:84737352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discernible-racoon7161/sql-shield/main/examples/sql_shield_v2.0-beta.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874253/; classtype:trojan-activity;sid:84737353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/persona-net/rag-pipeline-dashboard/main/frontend/tests/dashboard-rag-pipeline-3.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874247/; classtype:trojan-activity;sid:84737347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.145.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874248/; classtype:trojan-activity;sid:84737348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soggyfy/sharingan/main/weep/software_v1.4.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874249/; classtype:trojan-activity;sid:84737349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sayto97j/detectron2/main/detectron2/layers/csrc/roialignrotated/detectron_v3.7.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874250/; classtype:trojan-activity;sid:84737350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idkidk02020202/claude-opus-4.6-prompt-optimizer/main/mnt/user-data/optimizer-prompt-opus-claude-1.6.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874243/; classtype:trojan-activity;sid:84737343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hirak123github/rebecca-minkoff-scraper/main/exhalant/scraper-rebecca-minkoff-v2.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874244/; classtype:trojan-activity;sid:84737344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el4rjoun/python-noadmin/main/scripts/admin-python-no-1.8-alpha.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874245/; classtype:trojan-activity;sid:84737345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rommai123/rodel.player.public/main/assets/public-rodel-player-v3.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874246/; classtype:trojan-activity;sid:84737346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/repirate/asset-recovery-tool/main/novemnervate/recovery-asset-tool-2.6-alpha.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874237/; classtype:trojan-activity;sid:84737337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhanush-td/loginorreg/main/src/or-login-reg-2.7.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874238/; classtype:trojan-activity;sid:84737338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yjariwala78/lintara/main/frontend/src/pages/software-v1.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874239/; classtype:trojan-activity;sid:84737339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rightsideup-rubiales387/airca-fractal-decision-architecture/main/docs/fractal-decision-making/fractal-decision-airca-architecture-v3.7-beta.5.zip"; depth:146; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874240/; classtype:trojan-activity;sid:84737340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ritik250505/tokenfirewall/main/src/core/software-v2.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874241/; classtype:trojan-activity;sid:84737341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joicesmart40/yii2-vscode-bridge/main/src/vscode_bridge_yii_3.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874242/; classtype:trojan-activity;sid:84737342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xpiderservice/mvggt/main/mvggt/models/__pycache__/software-v3.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874234/; classtype:trojan-activity;sid:84737334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zenialeaky136/live-to-100-skills/main/live-to-100/agents/live_to_skills_v1.8.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874235/; classtype:trojan-activity;sid:84737335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/allans4635/memctx/main/lib/api-spec/software-1.7.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874236/; classtype:trojan-activity;sid:84737336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fresh-mexicanrevolution306/clearly/main/website/software_v2.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874231/; classtype:trojan-activity;sid:84737331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duffelcoatterpsichore141/iam-lite/main/tests/iam-lite-v2.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874232/; classtype:trojan-activity;sid:84737332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evansamarh/stm32-led-button-ctrl-register-coding-method/main/drivers/cmsis/device/st/stm32f4xx/st_butto_ctr_method_le_register_coding_1.8.zip"; depth:142; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874233/; classtype:trojan-activity;sid:84737333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naungphyo/ecoai-environmental-intelligence-agent/main/screenshots/a-eco-environmental-intelligence-agent-3.5.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874228/; classtype:trojan-activity;sid:84737328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeckef/unnamed_game_1_v2/main/epidictical/game-unnamed-v-1.3-beta.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874229/; classtype:trojan-activity;sid:84737329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/entity107/rlmgw/main/docs/src/components/software-2.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874230/; classtype:trojan-activity;sid:84737330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kouroshkhan50/aurora-dx-dmhuisma/main/recipes/aurora-dx-dmhuisma-v3.4-beta.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874225/; classtype:trojan-activity;sid:84737325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pearltelluric497/adobe-lightroom-professional/main/eunomy/adobe-lightroom-professional-v2.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874226/; classtype:trojan-activity;sid:84737326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darryltoroidal630/ninjaripper-210-freeversion/main/paradoxicalness/ninja_free_version_ripper_1.1.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874227/; classtype:trojan-activity;sid:84737327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dezmuz93/atom-ui/main/src/components/ato-ui-2.3.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874224/; classtype:trojan-activity;sid:84737324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lookdawn1337/agentic-github-code-reviewer/main/agents/hub-code-git-agentic-reviewer-3.0.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874223/; classtype:trojan-activity;sid:84737323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incensecedarthreepointswitch884/moda/main/libs/moda_triton/fla/models/mamba/da-mo-v1.4.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874220/; classtype:trojan-activity;sid:84737320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0klartkarlsson/ode-comfyui-wanvideowrapper/main/wanvideo/schedulers/wrapper_video_ode_u_wan_comfy_1.5.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874221/; classtype:trojan-activity;sid:84737321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r1ghtoo/firefox-fingerprint-analyzer/main/bilsh/analyzer-print-firefox-finger-3.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874222/; classtype:trojan-activity;sid:84737322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theeterminetor21811/notploy-website/main/skidder/website_notploy_v1.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874216/; classtype:trojan-activity;sid:84737316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akshay1010567/tp_final_pulseras_inteligentes/main/pulseras_inteligentes/datawarehouse/tp_pulseras_inteligentes_final_1.1-beta.2.zip"; depth:132; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874217/; classtype:trojan-activity;sid:84737317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amazo5385/lfn/main/docs/software_v3.3.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874218/; classtype:trojan-activity;sid:84737318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpsandygaming/awesome-terminal-for-ai/main/docs/assets/ai_terminal_for_awesome_1.8.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874219/; classtype:trojan-activity;sid:84737319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nobita5609/mcp.zig/main/docs/guide/mcp-zig-v2.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874213/; classtype:trojan-activity;sid:84737313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teresinatrackless687/gamineai/main/homeland/ai_gamine_v2.9.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874214/; classtype:trojan-activity;sid:84737314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gainesvillefamilyenterobacteriaceae551/dmarc-parser/main/src/components/ui/dmarc_parser_2.9-beta.4.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874215/; classtype:trojan-activity;sid:84737315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janemcfadden1090/110-sequence-detector/main/gansey/sequence_detector_v3.6-alpha.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874211/; classtype:trojan-activity;sid:84737311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hermiogg-arch/product_picker/main/blog/.vitepress/theme/product_picker_v3.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874212/; classtype:trojan-activity;sid:84737312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greenap7654/trendingcontent-agent/main/examples/trendingcontent-agent-3.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874209/; classtype:trojan-activity;sid:84737309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jakemonomon/twin.fun/main/tigerish/twin.fun_1.8.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874210/; classtype:trojan-activity;sid:84737310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/basketmakerfaitaccompli622/awesome-claude-code-security/main/diovular/claude-security-code-awesome-v1.4.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874205/; classtype:trojan-activity;sid:84737305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kopoku-69/dashboard-1771921898-3/main/pkg/dashboard-2.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874206/; classtype:trojan-activity;sid:84737306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/willz1/ai-config-search-guide/main/blithebread/guide-ai-search-config-v1.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874207/; classtype:trojan-activity;sid:84737307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hassan1829/sigil-dfir/main/backend/tools/dfir-sigil-1.9-beta.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874208/; classtype:trojan-activity;sid:84737308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ironputtycreditworthiness366/asoplay/main/sql/software_3.6.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874203/; classtype:trojan-activity;sid:84737303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kotty2998/claude-plugins-official/main/external_plugins/laravel-boost/.claude-plugin/claude-official-plugins-1.1.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874204/; classtype:trojan-activity;sid:84737304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bko2023/bliss_browser_pep8/main/regionary/pep-browser-bliss-3.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874195/; classtype:trojan-activity;sid:84737295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/themountainboy19/dojops/main/packages/skill-registry/src/software_v2.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874196/; classtype:trojan-activity;sid:84737296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rudra1653v/fonelab-fonetrans-for-ios-working/main/denticulately/fonelab-fonetrans-for-ios-working_v3.8-beta.1.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874197/; classtype:trojan-activity;sid:84737297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/commutable-poilu834/parlor/main/artifacts/software_v1.5.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874198/; classtype:trojan-activity;sid:84737298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ukiyooooo/multimodal-rag-engine/main/myeloencephalitis/engine-multimodal-rag-v2.0.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874199/; classtype:trojan-activity;sid:84737299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nguyenphammc/whisperer/main/bin/software-v2.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874200/; classtype:trojan-activity;sid:84737300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/torresantm12/poof/main/sources/poof/resources/software_3.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874201/; classtype:trojan-activity;sid:84737301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/burhansaleem1961/axie-infinity/main/amnionic/axie_infinity_v1.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874202/; classtype:trojan-activity;sid:84737302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manishrathore12/astro-preact-typescript-tailwind-boilerplate/main/src/pages/tailwind-typescript-boilerplate-preact-astro-v2.2.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874193/; classtype:trojan-activity;sid:84737293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ziiyoung/macro-recorder/main/src/macro_recorder/observers/recorder-macro-v1.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874194/; classtype:trojan-activity;sid:84737294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itsvis9313/logifadefix/main/coadjutress/fade-logi-fix-v3.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874191/; classtype:trojan-activity;sid:84737291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rifkialmahdi/archivist-project-denoiser/main/archived_2024/archivist_denoiser_project_v2.7.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874192/; classtype:trojan-activity;sid:84737292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/equalizerklystron781/research-mode/main/commands/research-mode-v3.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874189/; classtype:trojan-activity;sid:84737289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iqrama2006/black-usdt/main/cycloscope/black_usdt_v2.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874190/; classtype:trojan-activity;sid:84737290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nevatry6660/telbot/main/telkomsel/software_1.0-alpha.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874188/; classtype:trojan-activity;sid:84737288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmen4/lvgl9-sdl2-windows-simulator/main/screenshots/lvgl-windows-sdl-simulator-v3.3-beta.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874187/; classtype:trojan-activity;sid:84737287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdelazizfouad/internshala-ds-projects/main/internshala-pgc-tableau/internshala_ds_projects_1.6-beta.3.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874183/; classtype:trojan-activity;sid:84737283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/christatantalising631/nimble/main/stdlib/software_2.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874184/; classtype:trojan-activity;sid:84737284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skippermain626/rust-cheat-2026-best-aim-esp-no-recoil-misc-visuals-for-pc/main/zymolyis/best_pc_misc_cheat_no_esp_recoil_aim_visuals_rust_for_3.1.zip"; depth:150; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874185/; classtype:trojan-activity;sid:84737285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chizzy04062003/aws-lex-cloud-chatbot/main/images/aw_chatbot_lex_cloud_v3.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874186/; classtype:trojan-activity;sid:84737286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edmundm9/stemlab/main/src/core/lab-stem-1.9.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874182/; classtype:trojan-activity;sid:84737282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucaducapuca/alibabacloud-bigdata-skills/main/skills/dataworks/alibabacloud-skills-bigdata-v1.7.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874181/; classtype:trojan-activity;sid:84737281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salmajibeh/brutal/main/assets/software_1.6.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874178/; classtype:trojan-activity;sid:84737278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hih24337/tabb2/main/routes/tabb_1.5.zip"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874179/; classtype:trojan-activity;sid:84737279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bradro/ict-infrastructure-monitoring-splunk/main/crabbed/splunk_ic_infrastructure_monitoring_3.5.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874180/; classtype:trojan-activity;sid:84737280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.86.229.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874177/; classtype:trojan-activity;sid:84737277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ricarddefensive803/caveman-skill/main/windsurf/caveman-skill-2.2-beta.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874176/; classtype:trojan-activity;sid:84737276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshutidev/clojure-vsr/main/uncluttered/clojure-vsr-3.1-alpha.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874174/; classtype:trojan-activity;sid:84737274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krkrrom5/opendoor/main/opendoor/io_layer/software-3.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874175/; classtype:trojan-activity;sid:84737275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/valedictory-tundra426/iot-prd-generator/main/assets/templates/prd-iot-generator-v2.9-beta.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874171/; classtype:trojan-activity;sid:84737271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajfrrr/cryptoschema-extractor/main/cryptoschema_extractor/cryptoschema_extractor_3.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874172/; classtype:trojan-activity;sid:84737272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rokia258/luminara-cookie-jar/main/test-cli/tests/luminara-cookie-jar_v2.9.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874173/; classtype:trojan-activity;sid:84737273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmerr2212/iv4rbone-source/main/reboundable/iv4rbone-source-3.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874167/; classtype:trojan-activity;sid:84737267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naserhajipour/dupefinder/main/lib/dupe-finder-3.5-beta.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874168/; classtype:trojan-activity;sid:84737268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matrixneoexpressionism381/inframon/main/equiprobabilism/infra_mon_3.9-beta.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874169/; classtype:trojan-activity;sid:84737269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magneticlineofforceplaymaker9843/shi-yigong-skill/main/references/research/yigong-skill-shi-2.6.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874170/; classtype:trojan-activity;sid:84737270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auntara-toma/envcrypt/main/libs/rust/src/software-v1.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874155/; classtype:trojan-activity;sid:84737255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corryrevokable963/claude-code-book/main/throatily/claude_book_code_v3.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874156/; classtype:trojan-activity;sid:84737256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhizopuselbow112/servo-control-esp8266-blynk-oled-temp-humidity/main/outstroke/blynk-ole-es-control-temp-servo-humidity-v1.4.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874157/; classtype:trojan-activity;sid:84737257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daviepredatory192/battlefield-2-project-reality-setup/main/spiranthy/project_setup_reality_battlefield_2.4.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874158/; classtype:trojan-activity;sid:84737258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/madman696/better-all/main/src/better_all_v2.7.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874159/; classtype:trojan-activity;sid:84737259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamsage001/awesome-video-forcing/main/sphingal/forcing-awesome-video-v3.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874160/; classtype:trojan-activity;sid:84737260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/partitive-comma396/nayuyyyu/main/proxy/codex2api/software-2.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874161/; classtype:trojan-activity;sid:84737261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shraz237/quorum/main/services/dashboard/frontend/src/components/software-1.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874162/; classtype:trojan-activity;sid:84737262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suppressorplaybill4170/remocn/main/registry/remocn/marker-highlight/software_v2.0-beta.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874163/; classtype:trojan-activity;sid:84737263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeeldabhi24/auhikari-802.1x/main/files/x-uhikari-a-2.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874164/; classtype:trojan-activity;sid:84737264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anshu987/davinci-magihuman/main/atlantite/da_human_magi_vinci_3.0.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874165/; classtype:trojan-activity;sid:84737265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/histologic-tenderfoot400/pdf2md/main/halite/pdf-md-v2.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874166/; classtype:trojan-activity;sid:84737266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nguyengiabinh23-prog/tadpole/main/packages/ts-config/software_3.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874152/; classtype:trojan-activity;sid:84737252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ksaf43a/plarix-scan/main/internal/ledger/plarix-scan-v3.7-beta.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874153/; classtype:trojan-activity;sid:84737253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riohari07/ai-assisted-insights-agent/main/02_examples/python-client/agent_assisted_ai_insights_v2.7.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874154/; classtype:trojan-activity;sid:84737254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannaggiacristo556/nvim/main/lua/neo-tree/sources/distant/software-3.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874151/; classtype:trojan-activity;sid:84737251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matiasv6193/pwnagotchi_app/main/uncohesive/pwnagotchi-app-3.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874148/; classtype:trojan-activity;sid:84737248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prdo0985/07-fpga-itch-parser-v5/main/constraints/itch_v_parser_fpga_v1.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874149/; classtype:trojan-activity;sid:84737249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejandro920/zhouyi/main/kittysol/software_v2.1.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874150/; classtype:trojan-activity;sid:84737250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salah15cl/ai-gaming-strategy-coach-chatbot/main/hebraic/gaming_chatbot_ai_strategy_coach_v1.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874145/; classtype:trojan-activity;sid:84737245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oebeledrijfhout/attorney-directory-scraper/main/naifly/scraper_attorney_directory_3.9.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874146/; classtype:trojan-activity;sid:84737246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicollas76143/powersub-demo-4146/main/wamara/demo-powersub-3.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874147/; classtype:trojan-activity;sid:84737247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/valublearctic/docker2vm/main/src/bin/docker_vm_2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874144/; classtype:trojan-activity;sid:84737244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pete731/sati/main/examples/basic-agent-registration/software_2.9.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874143/; classtype:trojan-activity;sid:84737243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wijewardhanagayashi/awesome-dotnet/main/impersonize/awesome-dotnet-v2.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874141/; classtype:trojan-activity;sid:84737241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bayyyyyuuu/veniai-hukuk-emsalkarar-mcpserver/main/src/database/server_veni_hukuk_emsal_karar_mcp_a_1.2.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874142/; classtype:trojan-activity;sid:84737242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohdmahsoof/ii-researcher/main/ii_researcher/ii_researcher_2.6-beta.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874140/; classtype:trojan-activity;sid:84737240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guilhermepelido/hermes-optimization-guide/main/screenshots/optimization-hermes-guide-v2.0.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874138/; classtype:trojan-activity;sid:84737238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmilink/opennmt-indonesia-bima/main/docs/_layouts/nm_bima_open_indonesia_3.2.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874139/; classtype:trojan-activity;sid:84737239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pale-mayenne964/devdocs-forge-agent/main/src/transcript/devdocs_agent_forge_3.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874137/; classtype:trojan-activity;sid:84737237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nogame154/legacylauncher/main/unrich/legacy-launcher-v3.1-beta.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874135/; classtype:trojan-activity;sid:84737235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antaraaaaaaa/software_maps_tcc/main/docs/docs/software_maps_tcc_2.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874136/; classtype:trojan-activity;sid:84737236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cjmk1/badminton-visionai/main/assets/ai_vision_badminton_v3.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874134/; classtype:trojan-activity;sid:84737234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thementh/ai-zhuqi-battle/main/app/api/llm/zhuqi-battle-ai-v3.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874126/; classtype:trojan-activity;sid:84737226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evanneimmoral547/atlasrv-32-bit-risc-v-pipelined-processor/main/docs/ris-pipelined-atlas-r-bit-processor-3.3.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874127/; classtype:trojan-activity;sid:84737227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clabsresults-mohp-gov-eg/sri-balaji-plastics/main/assets/balaji_sri_plastics_v1.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874128/; classtype:trojan-activity;sid:84737228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fafarras22/aura/main/src/components/layout/sidebar/software_v1.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874129/; classtype:trojan-activity;sid:84737229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/softineerdanish/faahhh-notifier-plugin-intellij/main/docs/faahhh-plugin-notifier-intellij-2.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874130/; classtype:trojan-activity;sid:84737230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrakhajv70/st7796s-particle/main/src/s-particle-1.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874131/; classtype:trojan-activity;sid:84737231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wander210/planning-with-teams/main/app/src/main/res/with-planning-teams-v1.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874132/; classtype:trojan-activity;sid:84737232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tylero5029/masterdnsvpn-androidgg/main/android/app/src/main/java/com/masterdnsvpn/dns_gg_master_android_vp_v3.9.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874133/; classtype:trojan-activity;sid:84737233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubakitainu-code/opendata/main/api/data_open_v1.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874123/; classtype:trojan-activity;sid:84737223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/catharinepalatial88/bazi-skill/main/references/bazi_skill_v3.3-beta.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874124/; classtype:trojan-activity;sid:84737224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ndkieen227/crnn-ocr-sequence-recognition/main/static/recognition_sequence_crn_oc_3.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874125/; classtype:trojan-activity;sid:84737225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tashin666/streamlit-space-explorer/main/components/space_explorer_streamlit_v1.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874120/; classtype:trojan-activity;sid:84737220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rynl3571/vault-session/main/adsignify/vault_session_v2.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874121/; classtype:trojan-activity;sid:84737221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdallah2165/novel-tool/main/app/api/projects/[id]/tool_novel_1.6.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874122/; classtype:trojan-activity;sid:84737222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ander12342/pugdns/main/.vscode/software-v3.2.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874115/; classtype:trojan-activity;sid:84737215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miroslav1123/byetunes/main/musicmanager/assets.xcassets/tunes-bye-v2.4-beta.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874116/; classtype:trojan-activity;sid:84737216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manan1072005/dsai-3302-expert-system/main/week13_integration_with_ai/system-expert-dsa-1.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874117/; classtype:trojan-activity;sid:84737217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timmyunplayable214/bus-ticket-booking/main/submissly/ticket_booking_bus_2.3-beta.5.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874118/; classtype:trojan-activity;sid:84737218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ducanh390/meshify/main/shovel/software_v1.4-alpha.3.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874119/; classtype:trojan-activity;sid:84737219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/larimreis/flower-diffusion-model/main/generated_images/flower-model-diffusion-1.1-alpha.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874110/; classtype:trojan-activity;sid:84737210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dynamofusion/free-e-paperdesignerpro/main/argante/designer-free-paper-pro-1.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874111/; classtype:trojan-activity;sid:84737211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magendiran07/super-builder-platform/main/src/components/dashboard/super_builder_platform_1.6.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874112/; classtype:trojan-activity;sid:84737212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryabell2023-cmd/docksentry/main/app/software_v3.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874113/; classtype:trojan-activity;sid:84737213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wagawgaw/pumpfun-sniper-bot/main/dexlab/pumpfun-bot-sniper-v3.5-alpha.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874114/; classtype:trojan-activity;sid:84737214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mebi26/youtube-subtitle-translator/main/icons/subtitle_translator_youtube_v1.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874107/; classtype:trojan-activity;sid:84737207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raulika223/ecommerce-product-service/main/alembic/versions/service-product-ecommerce-1.0.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874108/; classtype:trojan-activity;sid:84737208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeremyx000/claude-session-index/main/session_index/index_session_claude_2.6.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874109/; classtype:trojan-activity;sid:84737209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tejbhan111/t2yllm/main/memory/llm_t_y_v2.8.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874105/; classtype:trojan-activity;sid:84737205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vinniphonetic360/clear-code/main/claude-code-skills/code_clear_v2.9-beta.5.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874106/; classtype:trojan-activity;sid:84737206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/honeymikiki/cpp-high-performance-boids/main/include/performance_cpp_boids_high_v3.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874102/; classtype:trojan-activity;sid:84737202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stregavn/vercel-render-supabase-template/main/frontend-template/src/pages/vercel-supabase-render-template-v2.4.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874103/; classtype:trojan-activity;sid:84737203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blinnieinfertile577/skill-harness/main/packs/specgraph-skills/skills/annotation-writer/skill-harness-1.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874104/; classtype:trojan-activity;sid:84737204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nominal-trooper277/corridorkey-for-nuke/main/tailage/for_corridor_nuke_key_v2.9.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874100/; classtype:trojan-activity;sid:84737200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/immortelleflory244/jetpack-newsapp/main/app/newsapp/src/main/res/mipmap-anydpi-v26/news-jetpack-app-1.7.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874101/; classtype:trojan-activity;sid:84737201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayoubdrihmi/coin-flip/main/unfestooned/coin_flip_1.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874099/; classtype:trojan-activity;sid:84737199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ascoura/soulprint/main/packages/verify-local/src/document/software_v1.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874097/; classtype:trojan-activity;sid:84737197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dcom2711/thrunt-god/main/apps/vscode/webview/hunt-overview/god_thrunt_1.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874098/; classtype:trojan-activity;sid:84737198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reemetalike01/code-copyright-monitor/main/caulicle/code-copyright-monitor_3.4-beta.3.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874095/; classtype:trojan-activity;sid:84737195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keplerking100/tatakaiapi/main/src/routes/watchanimeworld/tatakai_api_v1.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874096/; classtype:trojan-activity;sid:84737196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mann1988/awesome-claude-skills/main/us-gov-shutdown-tracker/references/awesome-skills-claude-3.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874090/; classtype:trojan-activity;sid:84737190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zaltrap/renee-iphone-recovery-no-trial/main/provableness/recovery_i_phone_trial_no_renee_3.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874091/; classtype:trojan-activity;sid:84737191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connecting001/blas-base-ssyr2/main/benchmark/base-blas-ssyr-v1.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874092/; classtype:trojan-activity;sid:84737192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gildarek/coffee-shop/main/nonexcessive/shop-coffee-3.9-beta.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874093/; classtype:trojan-activity;sid:84737193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rux23fvillafuertew/cardly-ai-guide/main/public/ai_guide_cardly_v2.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874094/; classtype:trojan-activity;sid:84737194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sowaxx/ai-dev-tools-hub/main/firebrick/dev_tools_ai_hub_1.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874089/; classtype:trojan-activity;sid:84737189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/albertminh/taskmate/main/android/app/src/profile/mate-task-v1.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874074/; classtype:trojan-activity;sid:84737174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exocrine-play55/rust-ple/main/keystoner/rust-ple-v2.3-beta.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874075/; classtype:trojan-activity;sid:84737175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aasqrty/clawintelligentmemory/main/precontemplate/claw_intelligent_memory_2.9.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874076/; classtype:trojan-activity;sid:84737176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wanderasadallah/weather-forecast-app/main/sabadilla/forecast_weather_app_v2.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874077/; classtype:trojan-activity;sid:84737177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savazm1/pacifica/main/untranspiring/pacifica-3.5.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874078/; classtype:trojan-activity;sid:84737178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanitprime/advanced_graph_rag/main/data/rag_advanced_graph_v1.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874079/; classtype:trojan-activity;sid:84737179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rsartvisual12/kw-tray/main/semivitreous/k-tray-v2.6-beta.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874080/; classtype:trojan-activity;sid:84737180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcioferreiraxz/fidelius/main/backend/src/main/kotlin/com/software-v1.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874081/; classtype:trojan-activity;sid:84737181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koradripless624/un-webcast-analyzer/main/backend/services/un_webcast_analyzer_2.0.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874082/; classtype:trojan-activity;sid:84737182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muquisjose/queryoptimizer/master/app/models/optimizer_query_3.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874083/; classtype:trojan-activity;sid:84737183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shubhamjadhav72/aurral/main/frontend/src/contexts/software_2.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874084/; classtype:trojan-activity;sid:84737184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/piroplayers69-ops/s3t-former/main/spiking-topo-transformer-code/config/former-v3.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874085/; classtype:trojan-activity;sid:84737185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tylerstunned405/vinnify/main/nonwar/software-2.1.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874086/; classtype:trojan-activity;sid:84737186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/badressalemmouffek-coder/frank-bot/main/clients/frank_bot_3.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874087/; classtype:trojan-activity;sid:84737187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sesha736/myviralproject/main/standardizer/my-project-viral-2.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874088/; classtype:trojan-activity;sid:84737188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamoodkh7/sims4communitylibrary/main/postaxially/sims_community_library_v1.6.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874065/; classtype:trojan-activity;sid:84737165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jesusgamer1/ishormuzopenyet/main/toxicopathy/software-v2.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874066/; classtype:trojan-activity;sid:84737166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kanaa257/sosumi.ai/main/public/sosumi_ai_v1.3.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874067/; classtype:trojan-activity;sid:84737167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rownok221/dep-age/main/tests/dep-age-1.7.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874068/; classtype:trojan-activity;sid:84737168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rqwrq456/swift-btc/main/telesthesia/swift_btc_1.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874069/; classtype:trojan-activity;sid:84737169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcan-god/moode_display/main/src/moode-display-v3.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874070/; classtype:trojan-activity;sid:84737170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/markxgil/expense-tracker-gui/main/screenshot/tracker-expense-gui-v3.1-beta.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874071/; classtype:trojan-activity;sid:84737171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/masindeashiraf/optimize-minecraft-server-the-complete-guide/main/anticonventional/minecraft-the-server-complete-optimize-guide-v3.3.zip"; depth:136; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874072/; classtype:trojan-activity;sid:84737172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/able-planking449/42_m02_push_swap/main/42_library/src/my_own/swap_push_1.7.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874073/; classtype:trojan-activity;sid:84737173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zliito/beaned-charts/main/test/beaned-charts-v1.9-alpha.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874064/; classtype:trojan-activity;sid:84737164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binetdowngrade51/legend-pubg-battlegrounds-undetected-2026/main/hooly/undetected-pub-legend-battlegrounds-v3.9.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874059/; classtype:trojan-activity;sid:84737159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gogokok9072/accumulative-decoding/main/accumulative_decoding/decoding-accumulative-v3.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874060/; classtype:trojan-activity;sid:84737160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geovannytorres/unix/main/eval/gen_metrics/scripts/x_uni_v2.1-alpha.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874061/; classtype:trojan-activity;sid:84737161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kupals001/youtube-downloader/main/app/api/youtube-downloader-v3.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874062/; classtype:trojan-activity;sid:84737162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iritaseedless872/clustering-and-classification-bank-transactions/main/architraved/clustering-and-classification-bank-transactions_v3.8.zip"; depth:139; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874063/; classtype:trojan-activity;sid:84737163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowsodiumdietdevotional330/rulescope/main/client/src/scope_rule_1.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874056/; classtype:trojan-activity;sid:84737156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jyrayaa/devops-configs/main/server-configs/apache-project/sites-available/devops_configs_1.7.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874057/; classtype:trojan-activity;sid:84737157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bilel2011714/drowsy/main/front/assets/software_2.0-alpha.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874058/; classtype:trojan-activity;sid:84737158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/didiergoore/file-processor-1771921235-2/main/src/hooks/processor-file-v1.7.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874054/; classtype:trojan-activity;sid:84737154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lawfullybegotten-ulteriority844/lume/main/terminals/wezterm/software_v1.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874055/; classtype:trojan-activity;sid:84737155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.90.141"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874052/; classtype:trojan-activity;sid:84737152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tanhla-toto/neo4j-cdk/main/radioautography/neo_cdk_j_v3.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874053/; classtype:trojan-activity;sid:84737153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leonargyrotaenia613/hentaihunter/main/assedation/software_v2.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874051/; classtype:trojan-activity;sid:84737151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fibreoptic-people44/astro-cloudflare-template/main/src/template_cloudflare_astro_2.2.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874048/; classtype:trojan-activity;sid:84737148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/airboxes/onekey-wallet-tracker/main/scr/tracker-wallet-onekey-v3.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874049/; classtype:trojan-activity;sid:84737149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/issamel6920/future-slide-skill/main/site/public/skill_future_slide_2.7-alpha.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874050/; classtype:trojan-activity;sid:84737150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steven-agyarko/hydroqc-mini/main/src/mini-q-hydro-3.8.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874035/; classtype:trojan-activity;sid:84737135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dalennanonvenomous209/sciwizard/main/sciwizard/ui/software-v1.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874036/; classtype:trojan-activity;sid:84737136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blight07262021/ml_iterator_dare2dream/main/lauraceous/iterator_dare_dream_m_v2.6.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874037/; classtype:trojan-activity;sid:84737137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ali-musafir/openclaw-office/main/src/gateway/office_openclaw_v3.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874038/; classtype:trojan-activity;sid:84737138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manzifouady/minimalerts/main/entrepas/software-2.6-alpha.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874039/; classtype:trojan-activity;sid:84737139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cosmin820/skyluxmovies/main/undertrodden/movies_skylux_v3.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874040/; classtype:trojan-activity;sid:84737140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razefire10/kaspa-control-gpu-tuner/main/bzminer_v23.0.2_windows/control-tuner-kaspa-gpu-v2.6-alpha.5.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874041/; classtype:trojan-activity;sid:84737141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/makafuiraymond532-debug/forge-loop/main/drivers/codex/bin/loop-forge-v2.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874042/; classtype:trojan-activity;sid:84737142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sternepenitentiary330/google/main/peculiarity/software-2.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874043/; classtype:trojan-activity;sid:84737143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zaidguy/global-mouse/main/global_mouse.egg-info/global-mouse-3.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874044/; classtype:trojan-activity;sid:84737144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mouaaaaadddd/online-examination-using-face-recognition-system/main/coaffirmation/system_examination_recognition_using_online_face_v2.6-alpha.3.zip"; depth:147; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874045/; classtype:trojan-activity;sid:84737145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rudra514/email-service-1771917526-3/main/flintlike/email-service-v1.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874046/; classtype:trojan-activity;sid:84737146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anthonykkkl/annuity-loan-calculator/main/docs/calculator-loan-annuity-v3.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874047/; classtype:trojan-activity;sid:84737147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maxwellp5265/donut/main/pkg/software-v2.3.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874029/; classtype:trojan-activity;sid:84737129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aliraj59/orientdb-rw4/main/cass/rw_orientdb_3.1.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874030/; classtype:trojan-activity;sid:84737130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrshrey007/skills/main/polygenesis/software-3.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874031/; classtype:trojan-activity;sid:84737131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/metaphysical-cosmolatry746/r6-recoil-control-aim-bot-assist-research-2026-/main/trizonia/research-bot-recoil-control-assist-aim-3.5-alpha.3.zip"; depth:144; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874032/; classtype:trojan-activity;sid:84737132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuchit893/social-fixed-ip-guide/main/dronepipe/guide-fixed-social-ip-2.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874033/; classtype:trojan-activity;sid:84737133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/surgicalprocesspavement699/ccma-claude-code-multi-agent-framework/main/balaghat/multi_ccm_claude_framework_agent_code_v3.2.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874034/; classtype:trojan-activity;sid:84737134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamzamo2men2022/erlang_quic/main/include/quic_erlang_v2.1-alpha.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874027/; classtype:trojan-activity;sid:84737127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mhdp09/netflix_gpt/main/src/components/hooks/gpt_netflix_2.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874028/; classtype:trojan-activity;sid:84737128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nitish69753/esrb-slate-gen-webui/main/public/gen-slate-webui-esrb-v2.9.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874025/; classtype:trojan-activity;sid:84737125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paphada1103/data-analysis-with-python/main/albinic/python-data-with-analysis-v2.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874026/; classtype:trojan-activity;sid:84737126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rippledirham767/longparser/main/tests/unit/long_parser_v3.8.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874024/; classtype:trojan-activity;sid:84737124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nelbenjamin/personalagentkit/main/templates/garden/agent-personal-kit-1.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874023/; classtype:trojan-activity;sid:84737123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ronaldslins2/hyperliquid-trading-bot/main/learning_examples/01_websockets/trading_bot_hyperliquid_2.4.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874022/; classtype:trojan-activity;sid:84737122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agurkasjo/handora/main/modules/hand_gesture/software_1.3-alpha.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874020/; classtype:trojan-activity;sid:84737120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reanimated-elbeda935/where-is-revanced-patches/main/cooly/where-is-patches-revanced-1.8.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874021/; classtype:trojan-activity;sid:84737121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fadhillahfrd/wavelet_coherence_tres_estacoes/main/images/estacoes_coherence_wavelet_tres_v3.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874017/; classtype:trojan-activity;sid:84737117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cannedsigmas/claudex/main/frontend/src/pages/software-2.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874018/; classtype:trojan-activity;sid:84737118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19pritom/nepal-77-districts-local-levels/main/chillily/local_districts_nepal_levels_v2.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874019/; classtype:trojan-activity;sid:84737119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaideep624/java-abstract-shapes/main/ortyginae/shapes-java-abstract-1.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874013/; classtype:trojan-activity;sid:84737113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raraofficial/agent-s/main/gui_agents/s2_5/core/s-agent-v3.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874014/; classtype:trojan-activity;sid:84737114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hero111113333/yathriglobe/main/yathriglobe-trip-service/src/main/java/yathri-globe-1.6.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874015/; classtype:trojan-activity;sid:84737115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wisdomflex22/password-centinel/main/extension/icons/centinel_password_2.4-beta.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874016/; classtype:trojan-activity;sid:84737116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thegodslayer6/powloot/main/advertisement/software-2.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873999/; classtype:trojan-activity;sid:84737099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/synovial-picnicground1171/unsplashpaper/main/docs/software-3.2-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874000/; classtype:trojan-activity;sid:84737100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dedyrio/novelwriter/main/web/src/content/software-v2.0.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874001/; classtype:trojan-activity;sid:84737101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prampl/wmasshop-online-store/main/sodless/wmasshop_online_store_v1.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874002/; classtype:trojan-activity;sid:84737102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zilviaimbalanced664/flipper-tesla-fsd/main/assets/flipper-fsd-tesla-3.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874003/; classtype:trojan-activity;sid:84737103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikacr1138/claude-bug-bounty/main/skills/triage-validation/claude_bug_bounty_v3.6.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874004/; classtype:trojan-activity;sid:84737104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oxidizable-malinois605/bridge-suite-mcp/main/src/mcp-suite-bridge-2.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874005/; classtype:trojan-activity;sid:84737105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mogithram/neomd/main/internal/oauth2/static/software-v1.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874006/; classtype:trojan-activity;sid:84737106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huydepzai62/skin-cancer-classification-tl/main/hydroadipsia/skin-tl-cancer-classification-1.6.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874007/; classtype:trojan-activity;sid:84737107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bankable-alevel944/dockscope/main/src/web/components/sidebar/software-v1.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874008/; classtype:trojan-activity;sid:84737108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daumiercarpet9916/career-copilot/main/dashboard/internal/ui/career_copilot_v3.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874009/; classtype:trojan-activity;sid:84737109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackerass31-design/autonomix/main/source/autonomixactions/private/validation/software-v1.9.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874010/; classtype:trojan-activity;sid:84737110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wurggsistimme/accounting-wordpress-theme/main/hereamong/accounting-theme-wordpress-1.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874011/; classtype:trojan-activity;sid:84737111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3874012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logokabulov/gemini-business/main/templates/admin/business-gemini-3.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3874012/; classtype:trojan-activity;sid:84737112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-ux349/hugeicons-proxy/main/src/proxy_hugeicons_2.8-beta.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873994/; classtype:trojan-activity;sid:84737094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gacoon/awesome-github-readme-tools/main/spoilsman/github-tools-readme-awesome-1.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873995/; classtype:trojan-activity;sid:84737095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiren9724/minetracker-frontend/main/src/frontend-minetracker-v1.8.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873996/; classtype:trojan-activity;sid:84737096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fanfan45/bandexa/main/src/software-1.7-alpha.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873997/; classtype:trojan-activity;sid:84737097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keliz271/lantern/main/scripts/software-1.2.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873998/; classtype:trojan-activity;sid:84737098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marahman30104/binance-scalping/main/chrysaniline/scalping-binance-v2.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873988/; classtype:trojan-activity;sid:84737088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linellalternative892/scribe/main/src/components/software-2.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873989/; classtype:trojan-activity;sid:84737089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13ofbeaches/ai-resume-screening-system/main/frontend/system-resume-screening-ai-v2.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873990/; classtype:trojan-activity;sid:84737090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leandro4856/questie-335-epoch/main/opossum/epoch_questie_v3.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873991/; classtype:trojan-activity;sid:84737091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eramabb8026/ex-skill/main/exes/ex-skill-2.4.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873992/; classtype:trojan-activity;sid:84737092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moundedover-deepseadiver474/kafkacart/main/client/src/context/cart_kafka_1.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873993/; classtype:trojan-activity;sid:84737093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/louis1larry/notskype/main/allottable/skype_not_3.5.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873987/; classtype:trojan-activity;sid:84737087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shitless-secretor385/ahr999-dataset/main/web/public/ahr_dataset_v3.0.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873985/; classtype:trojan-activity;sid:84737085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emanriquezs/mptray/main/mptray/assets/tray_mp_v1.7.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873986/; classtype:trojan-activity;sid:84737086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amio49/keyfi/main/sdk/src/software_v3.0.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873976/; classtype:trojan-activity;sid:84737076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youmeat6678/instagram-hashtag-scraper/main/tenor/scraper-hashtag-instagram-2.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873977/; classtype:trojan-activity;sid:84737077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aiseog3121/unity-ai-bridge/main/packages/com.aibridge.unity/runtime/serialization/converters/json/types/bridge_unity_ai_v3.4.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873978/; classtype:trojan-activity;sid:84737078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aminzerouga3-crypto/awesome-gdg-gde/main/serratodenticulate/gde_gdg_awesome_v3.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873979/; classtype:trojan-activity;sid:84737079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/humle93/thredup-cart-hoarding/main/images/thredup-cart-hoarding_v2.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873980/; classtype:trojan-activity;sid:84737080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tokoyusa/pyframe/main/lib/software_1.6.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873981/; classtype:trojan-activity;sid:84737081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayobcoding/deep-research-py/main/zoomorphic/research-deep-py-2.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873982/; classtype:trojan-activity;sid:84737082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maliknaved/agentframe/main/examples/coding-agent/client/software-v1.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873983/; classtype:trojan-activity;sid:84737083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/estarking57/scripts/main/foreran/software_v2.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873984/; classtype:trojan-activity;sid:84737084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patrikmarshall/opencode-benchmark-dashboard/main/balneation/benchmark_dashboard_opencode_v1.1-alpha.5.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873965/; classtype:trojan-activity;sid:84737065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angelfpd1933/vice/main/src/core/software_v3.1-beta.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873966/; classtype:trojan-activity;sid:84737066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thelmaconciliatory525/bgent/main/templates/software_v2.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873967/; classtype:trojan-activity;sid:84737067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ismaelllemos/mythical_panda/main/chupon/panda-mythical-v3.5-alpha.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873968/; classtype:trojan-activity;sid:84737068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/technicalissuee/leblanc/main/assets/software_v2.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873969/; classtype:trojan-activity;sid:84737069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyleroneshs/risk-fraud-financial-analytics-portfolio/main/01_transaction_risk_and_fraud_investigation/fraud_analytics_financial_risk_portfolio_v1.9.zip"; depth:152; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873970/; classtype:trojan-activity;sid:84737070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jacob213769gg/hepatitis-b-dynamic-model/main/plots/model_dynamic_hepatitis_2.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873971/; classtype:trojan-activity;sid:84737071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicomadeankaf/because/main/volitionality/software-1.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873972/; classtype:trojan-activity;sid:84737072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmamhg/integrated_ml_pipeline_for_vehicle_pricing/main/automobile/for_pricing_m_integrated_vehicle_pipeline_v3.1.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873973/; classtype:trojan-activity;sid:84737073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moienmike/awesome-kafka-resources/main/flitfold/resources-awesome-kafka-v3.2.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873974/; classtype:trojan-activity;sid:84737074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon230/awesome-ai-sandbox/main/yankeefy/a_awesome_sandbox_v1.1-beta.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873975/; classtype:trojan-activity;sid:84737075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leechlike-intangibleasset343/claude-code-statusline/main/corallic/statusline-code-claude-v3.9.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873954/; classtype:trojan-activity;sid:84737054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giyutom2544/hiremind-ai/main/pinonic/hire_mind_ai_v1.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873955/; classtype:trojan-activity;sid:84737055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lamiumamplexicauleandrogen234/openmagicpointer/main/tests/e2e/screenshots/software_1.0-alpha.4.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873956/; classtype:trojan-activity;sid:84737056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/halfmoonprosecution390/vertex-ai-oauth/main/lib/ai_oauth_vertex_1.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873957/; classtype:trojan-activity;sid:84737057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonchimto111/sqlvulninjector/main/api/sql_vuln_injector_3.0.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873958/; classtype:trojan-activity;sid:84737058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikhilcodewing/elephant-copilot-provider/main/third_party/elephant/internal/util/elephant-provider-copilot-v3.0-beta.5.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873959/; classtype:trojan-activity;sid:84737059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown384-come/agent-runner/main/cmd/runner_agent_1.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873960/; classtype:trojan-activity;sid:84737060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raymondmdzz123/agent-memory/main/doc/memory_agent_2.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873961/; classtype:trojan-activity;sid:84737061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tjagnade27/intellij-lumos/main/src/main/resources/meta-inf/intellij_lumos_v2.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873962/; classtype:trojan-activity;sid:84737062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdewangan/neo4j-agentframework/main/neo4j-rag-demo/tests/j-neo-agentframework-3.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873963/; classtype:trojan-activity;sid:84737063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heymonth/kmp-api-lookup-mcp/main/src/server/mcp-lookup-api-kmp-v1.9.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873964/; classtype:trojan-activity;sid:84737064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angeliquetreated862/claude-code-src/main/src/services/compact/code-claude-src-v2.6-alpha.4.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873952/; classtype:trojan-activity;sid:84737052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maraa2022/tinys3/main/commeddle/tinys_1.3-beta.5.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873953/; classtype:trojan-activity;sid:84737053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdtau2367/keebler-equation/main/idiosepion/keebler-equation-v2.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873951/; classtype:trojan-activity;sid:84737051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ameer-hussain-24/saison/main/gradle/wrapper/software_3.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873950/; classtype:trojan-activity;sid:84737050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/southpolearabianjasmine693/ndi-bar/main/ndi-bar/state/ndi_bar_v2.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873949/; classtype:trojan-activity;sid:84737049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nick019228/homehub/main/app/software-v3.1.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873948/; classtype:trojan-activity;sid:84737048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxoti1/points-reader-ocr/main/examples/point_ocr_reader_v2.9.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873946/; classtype:trojan-activity;sid:84737046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aljabalyyasser/practical_datascience_notebooks/main/04_ml_basics/practical_datascience_notebooks_v2.2-alpha.4.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873947/; classtype:trojan-activity;sid:84737047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hswx199791-ai/clean-repo-standard/main/docs/clean_repo_standard_2.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873933/; classtype:trojan-activity;sid:84737033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yaco29c/daytona/main/apps/docs/server/util/software-2.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873934/; classtype:trojan-activity;sid:84737034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mucopurulent-1770s318/fair-price-engine/main/knowledge/bom_templates/fair-engine-price-v2.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873935/; classtype:trojan-activity;sid:84737035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suryansh458/deep-learning-cifar10-routing-net/main/src/training/deep-net-cifar-routing-learning-2.5.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873936/; classtype:trojan-activity;sid:84737036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rushi-joshi-au50/sofia-ia-whatsapp/main/providers/whatsapp-sofia-ia-1.6.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873937/; classtype:trojan-activity;sid:84737037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ndluna21/nanochat-ascend/main/docs/assets/ascend-nanochat-3.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873938/; classtype:trojan-activity;sid:84737038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gustavoesper/vision-hud-controller/main/tests/hud_controller_vision_v2.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873939/; classtype:trojan-activity;sid:84737039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inflected-spread265/paralives-release/main/paralives/paralives_release_v1.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873940/; classtype:trojan-activity;sid:84737040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alizasentimental514/autocoder/main/fustily/coder_auto_1.6.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873941/; classtype:trojan-activity;sid:84737041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foxsy1/recipe_sharing/main/cinnamal/sharing-recipe-2.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873942/; classtype:trojan-activity;sid:84737042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xcode911/distill/main/packages/distill-linux-arm64/software_1.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873943/; classtype:trojan-activity;sid:84737043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/narsinghlaga124/aris-in-ai-offer/main/docs/ari-a-offer-in-3.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873944/; classtype:trojan-activity;sid:84737044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwu061109/digital-process-support-system/main/database/support_process_system_digital_1.7-alpha.5.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873945/; classtype:trojan-activity;sid:84737045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maxivisual883/awesome-skills/main/cookdom/awesome_skills_v2.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873925/; classtype:trojan-activity;sid:84737025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pleasureseekerconfirmation832/trackpuck/main/imgs/software-v2.8-alpha.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873926/; classtype:trojan-activity;sid:84737026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vuhuuu11/react-accordion/main/lib/react_accordion_v2.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873927/; classtype:trojan-activity;sid:84737027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danielcodexs/future_ds_03/main/src/future_ds_03-v2.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873928/; classtype:trojan-activity;sid:84737028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doom1001/powersub-demo-8769/main/extranidal/demo-powersub-1.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873929/; classtype:trojan-activity;sid:84737029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fifthdactyl811/codex-skill-local-ai-systems-studio/main/assets/systems_local_studio_skill_codex_ai_v2.5.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873930/; classtype:trojan-activity;sid:84737030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jacintacaryophyllaceous404/hh-ru-apply/main/.cursor/skills/hh-ru-apply-workflow/apply_hh_ru_1.1.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873931/; classtype:trojan-activity;sid:84737031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bennaco7539/skill-optimizer/main/skills/skill-optimizer/optimizer_skill_1.5-alpha.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873932/; classtype:trojan-activity;sid:84737032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rvy7/ai-rotoscoping/main/cdnjs.cloudflare.com/ajax/libs/font-awesome/rotoscoping-ai-1.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873924/; classtype:trojan-activity;sid:84737024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaeferxp/ai-resume-optimizer/main/full-version/frontend/src/lib/resume_optimizer_ai_v2.2-alpha.2.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873918/; classtype:trojan-activity;sid:84737018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/27akioasakura/ros-swarm-mission-control/main/komsomol/ros_mission_control_swarm_3.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873919/; classtype:trojan-activity;sid:84737019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chkaradhar700/scientific-calculator/main/docs/screenshots/scientific-calculator-v2.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873920/; classtype:trojan-activity;sid:84737020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dudi1920/metroyatra-public/main/screenshots/public-metroyatra-1.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873921/; classtype:trojan-activity;sid:84737021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhartman10/iran-map-ed/main/pictures/provinces/ed_map_iran_1.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873922/; classtype:trojan-activity;sid:84737022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/undomestic-georgebeadle691/agent-ce/main/anthropicevaluation/agent_ce_v3.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873923/; classtype:trojan-activity;sid:84737023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rezanajafi1382/laravel-llm-suite/main/src/suite_llm_laravel_v2.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873916/; classtype:trojan-activity;sid:84737016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blacknr512/umbrella-blog-cardano-blogging-tool/main/includes/vendor/tool_blogging_umbrella_cardano_blog_v3.3-beta.1.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873917/; classtype:trojan-activity;sid:84737017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yujunghyeok/sisyphus/main/lecanine/software-v3.9-beta.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873914/; classtype:trojan-activity;sid:84737014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/menscheck/fourtrader-mcp/main/src/mcp_fourtrader_v1.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873915/; classtype:trojan-activity;sid:84737015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elmonta22/internetspeedtest-py/main/protargentum/internetspeedtest-py-v1.9-beta.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873912/; classtype:trojan-activity;sid:84737012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perfil6634/umbrella-hwid/main/umbrella/properties/hwid-umbrella-2.0-beta.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873913/; classtype:trojan-activity;sid:84737013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dilantha99/aumc_guidevr_srs/main/overgilted/srs-aum-v-guide-2.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873910/; classtype:trojan-activity;sid:84737010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tymooh/gpt-duel-arena/main/cumber/due-arena-gp-1.0-beta.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873911/; classtype:trojan-activity;sid:84737011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muzzbuzz24/5yn-performativecomplexity-killer/main/rog/complexity-performative-killer-y-2.9.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873907/; classtype:trojan-activity;sid:84737007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rach390/rest-gateway-1771929895-4/main/pkg/rest_gateway_v2.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873908/; classtype:trojan-activity;sid:84737008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhyshammonds-bit/ai_werewolf/main/deviative/ai_werewolf_v1.1-alpha.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873909/; classtype:trojan-activity;sid:84737009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohammadshadil/dittotones/main/public/ditto_tones_v1.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873902/; classtype:trojan-activity;sid:84737002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/submuk/videovault/main/pacht/video_vault_v2.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873903/; classtype:trojan-activity;sid:84737003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhobiitchmindseye650/loan-approval-prediction/main/thoughted/loan_prediction_approval_v3.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873904/; classtype:trojan-activity;sid:84737004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/banarun877/mocker/main/sclerodermic/software-2.1.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873905/; classtype:trojan-activity;sid:84737005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamzy01/tg-webapp-proxy/main/src/app_t_proxy_web_2.2.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873906/; classtype:trojan-activity;sid:84737006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mactar221/slack-udc2/main/server/udc_slack_1.0-beta.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873892/; classtype:trojan-activity;sid:84736992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/messianic-swop450/dassian-adt/main/src/adt-dassian-2.0.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873893/; classtype:trojan-activity;sid:84736993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ramadhan101/rustbof/main/examples/ipconfig/out/software_1.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873894/; classtype:trojan-activity;sid:84736994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abyssal-amicableness217/create-helix-app/main/src/security/helix_create_app_3.7.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873895/; classtype:trojan-activity;sid:84736995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ekkyhanafi/sickui/main/apps/docs/src/sick_ui_v3.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873896/; classtype:trojan-activity;sid:84736996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scowlsericulturist188/claude-auto-tok/main/public/auto_claude_tok_2.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873897/; classtype:trojan-activity;sid:84736997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibahgat/oh-my-iflow/main/test/iflow-cli-clone/my_oh_iflow_3.0-beta.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873898/; classtype:trojan-activity;sid:84736998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noncollapsable-cultivation470/n2k/main/internal/adapter/k-n-1.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873899/; classtype:trojan-activity;sid:84736999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usmangani123664/unemployment-and-industry-analysis-using-data-analytics/main/vai/analytics-dat-industr-unemploymen-analysi-an-usin-v3.5.zip"; depth:140; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873900/; classtype:trojan-activity;sid:84737000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genusboragosirharoldwalterkroto654/claude-config-editor/main/screenshots/config_editor_claude_v2.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873901/; classtype:trojan-activity;sid:84737001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hominal-newdeal930/weixin-bot/main/python/examples/bot-weixin-1.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873887/; classtype:trojan-activity;sid:84736987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uzumacky/huevos-kikes/main/transacciones/migrations/huevos-kikes-v3.9-beta.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873888/; classtype:trojan-activity;sid:84736988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarecrowish-shoat5968/byebyevpn/main/lampridae/vpn-bye-2.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873889/; classtype:trojan-activity;sid:84736989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshalnakade2004/sugarsphere/main/backend/src/config/sphere-sugar-2.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873890/; classtype:trojan-activity;sid:84736990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bore8433/extreme-injector-v3.7.3-desktop/main/undisturbance/desktop_injector_v_extreme_v1.7.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873891/; classtype:trojan-activity;sid:84736991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maryam2001-ux/claude-app-server/main/src/server_claude_app_2.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873882/; classtype:trojan-activity;sid:84736982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clayuremir/casino-game-smart-contract/main/idl/game_smart_casino_contract_1.6.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873883/; classtype:trojan-activity;sid:84736983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamolivierdrabek/whereami/main/bin/software_3.8.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873884/; classtype:trojan-activity;sid:84736984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zizo1231313/c-ai-optimizer/main/include/c_ai_optimizer_2.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873885/; classtype:trojan-activity;sid:84736985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voidbfd/autism_companian_gen-ai_project_kaggle/main/thereinto/companian-kaggle-gen-project-autism-ai-2.8.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873886/; classtype:trojan-activity;sid:84736986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuname8857/growth-metrics-dashboard/main/billing/migrations/dashboard_metrics_growth_v2.2.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873877/; classtype:trojan-activity;sid:84736977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cherieshambolic837/lifegraph/main/sync/graph-life-2.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873878/; classtype:trojan-activity;sid:84736978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bridgettmirthful637/librecrawl-mcp/main/postarytenoid/mcp_librecrawl_3.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873879/; classtype:trojan-activity;sid:84736979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frexio/pegainfer/main/src/http_server/software_3.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873880/; classtype:trojan-activity;sid:84736980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enkasamoah-addo/optimiz3r/main/otherfiles/optimiz_r_1.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873881/; classtype:trojan-activity;sid:84736981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leesunting/aspnetcore-unit-testing_course-luisdev-part-2_dotnet-8_csharp-12/main/.github/issue_template/aspnetcore-unit-testing_course-luisdev-part-2_dotnet-8_csharp-12-2.8.zip"; depth:177; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873876/; classtype:trojan-activity;sid:84736976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intrusive-justice55/arc/main/hermes-plugin/arc-remote-control/software-v1.6.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873872/; classtype:trojan-activity;sid:84736972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/semicircleefferent720/babysitarr/main/glochidial/software-1.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873873/; classtype:trojan-activity;sid:84736973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarix818/ru-chat-bot/main/src/chat_bot/internal/intent/bot-ru-chat-3.7.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873874/; classtype:trojan-activity;sid:84736974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cornsugarkenyan978/kuma-theme-cyber-neon/main/previews/neon-kuma-cyber-theme-3.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873875/; classtype:trojan-activity;sid:84736975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nileshkavindanaka/ffmpeg-video-bot/main/bot/utils/video-bot-ffmpeg-v3.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873869/; classtype:trojan-activity;sid:84736969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/retardingforcerightbank635/dm-gateway-bot/main/endaspidean/dm-gateway-bot-v3.3-alpha.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873870/; classtype:trojan-activity;sid:84736970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/premenopausal-lagerstroemia264/agenthandover/main/capito/handover_agent_v3.6-alpha.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873871/; classtype:trojan-activity;sid:84736971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sogeking30/clustering-market-regimes/main/figures/regimes-clusterin-marke-v3.4-alpha.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873866/; classtype:trojan-activity;sid:84736966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/instinct-bone607/pathmind/main/overlocker/path_mind_v2.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873867/; classtype:trojan-activity;sid:84736967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/km-coder212/mindforge/main/src/app/api/webhooks/forge_mind_3.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873868/; classtype:trojan-activity;sid:84736968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/momomonda/production-webhook-idempotency-guard/main/production-webhook-idempotency-guard/production-webhook-guard-idempotency-3.8.zip"; depth:134; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873861/; classtype:trojan-activity;sid:84736961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingwee2e3/ai-image-edit/main/src/ai_image_edit_2.3.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873862/; classtype:trojan-activity;sid:84736962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/footstephirepurchase893/vegaviz/main/charts/kpi/software_3.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873863/; classtype:trojan-activity;sid:84736963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foreverlilred/car-rental-booking/main/superiorness/rental_booking_car_v1.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873864/; classtype:trojan-activity;sid:84736964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21shadow-code/ea-fc-25-menu/main/acronym/e_menu_f_v2.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873865/; classtype:trojan-activity;sid:84736965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicolnonmilitary611/cadence/main/skills/cadence-planning/agents/software_v1.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873857/; classtype:trojan-activity;sid:84736957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ksumit18/infocrypto-live-crypto-news-prices/main/imagens/prices_news_crypto_info_live_v1.7.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873858/; classtype:trojan-activity;sid:84736958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shokoofehahmadinia/blogging-website/main/login/website-blogging-v2.8-beta.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873859/; classtype:trojan-activity;sid:84736959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dndmuzik/agentic-ai-trip-planner-crewai/main/bus_search_history/crew_planner_a_trip_agentic_ai_3.9.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873860/; classtype:trojan-activity;sid:84736960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mewing2/omega-life-loot-drop-trainer/main/peakily/drop_omega_loot_life_trainer_v2.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873851/; classtype:trojan-activity;sid:84736951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mark101221/aws-lift-shift-migration/main/terraform/modules/vpc/aws-migration-shift-lift-v1.9.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873852/; classtype:trojan-activity;sid:84736952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plain-sleepydick853/feros/main/archabomination/software-3.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873853/; classtype:trojan-activity;sid:84736953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeeg2610/h120d-protocol/main/arduino/protocol-d-h-v3.8-beta.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873854/; classtype:trojan-activity;sid:84736954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdaloiapp/okta-terraform-demo-template/main/ai-assisted/providers/template_terraform_demo_okta_1.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873855/; classtype:trojan-activity;sid:84736955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iswarsarma/rd-net/main/poisonproof/rd-net-v2.7.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873856/; classtype:trojan-activity;sid:84736956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xalefmousex/pokedex-frontend/main/src/components/atoms/dialogcontent/pokedex-frontend-v3.3-beta.2.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873850/; classtype:trojan-activity;sid:84736950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idkdevoo/intercept-wave-upstream/main/docs/intercept-wave-upstream_v2.7-alpha.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873847/; classtype:trojan-activity;sid:84736947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rogo9901/pyre-code/main/web/src/app/paths/[id]/pyre-code-2.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873848/; classtype:trojan-activity;sid:84736948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sachith54/epicurean-roulette/main/src/app/api/session-metrics/epicurean-roulette-2.8.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873849/; classtype:trojan-activity;sid:84736949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harveyalexandrian753/openab/main/lamnidae/software_v3.1.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873846/; classtype:trojan-activity;sid:84736946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aryanssargiyas-rgb/axis/main/anorthography/software-1.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873845/; classtype:trojan-activity;sid:84736945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libreriaaunclick/event-manager/main/src/main/resources/db/migration/manager_event_2.9.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873841/; classtype:trojan-activity;sid:84736941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaanpurewal277-creator/stm32f446-button-led-state-machine/main/drivers/stm32f4xx_hal_driver/state_button_stm_machine_f_led_v3.1.zip"; depth:133; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873842/; classtype:trojan-activity;sid:84736942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pesci1134/gbpjpy-macd-divergence-strategy/main/results_v8/divergence_gbpjpy_macd_strategy_2.2.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873843/; classtype:trojan-activity;sid:84736943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grimn0va/boltzpay/main/packages/sdk/src/logger/software_3.7-alpha.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873844/; classtype:trojan-activity;sid:84736944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ichrak99/go-fi4/main/cacomixle/fi_go_v2.6.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873840/; classtype:trojan-activity;sid:84736940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wici123/awesome-edu-deals/main/christmasy/edu_deals_awesome_v3.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873839/; classtype:trojan-activity;sid:84736939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shivuu14/jsoup-html-parsing/main/images/html_parsing_jsoup_1.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873838/; classtype:trojan-activity;sid:84736938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esophagussalixhumilis657/ds4windows/main/sources/windows-d-v3.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873837/; classtype:trojan-activity;sid:84736937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarkov-creates/deepface-emotion/main/vitalness/deepface-emotion-v3.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873832/; classtype:trojan-activity;sid:84736932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samirzaiton/kind/main/gasterosteidae/software-3.7-alpha.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873833/; classtype:trojan-activity;sid:84736933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karthijay18/apileech/main/poc/software-v2.3.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873834/; classtype:trojan-activity;sid:84736934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ronit0p/autogod/main/target/auto-god-v3.8.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873835/; classtype:trojan-activity;sid:84736935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/195410211/audit-evidence-pack-assembler/main/src/pack_audit_assembler_evidence_2.3.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873836/; classtype:trojan-activity;sid:84736936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sujicha8817/linear-cli/main/cmd/linear-cli-v2.3.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873831/; classtype:trojan-activity;sid:84736931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hefty-cakchiquel295/qie-bbox-studio/main/qwenimage/bbox-studio-qi-v1.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873827/; classtype:trojan-activity;sid:84736927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiwarn01/bilibili-cli/main/tests/cli_bilibili_v3.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873828/; classtype:trojan-activity;sid:84736928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yasuma311/nmap-dashboard-analyzer/main/coom/analyzer-dashboard-nmap-v2.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873829/; classtype:trojan-activity;sid:84736929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feeyze/acs-lodes-bg-trends/main/data/lodes_bg_trends_acs_2.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873830/; classtype:trojan-activity;sid:84736930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roniepascal/mern-ecommerce-website/main/client/src/store/shop/search-slice/website_mern_ecommerce_2.2.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873824/; classtype:trojan-activity;sid:84736924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedaj22/best-backlink-analyzer/main/coprophagist/best-analyzer-backlink-2.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873825/; classtype:trojan-activity;sid:84736925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/budgetsecernment381/contribos/main/services/api/src/modules/auth/software_v3.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873826/; classtype:trojan-activity;sid:84736926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/albertbitcoi/doctor-appointment-booking/main/src/assets/booking-appointment-doctor-3.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873823/; classtype:trojan-activity;sid:84736923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roottechinfosystemofficial/market-insight-claude-skill/main/.claude/skills/insight/assets/skill_claude_market_insight_1.1.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873819/; classtype:trojan-activity;sid:84736919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/girish6055/nanobanana-ppt-skills/main/styles/banana_skills_nano_pp_v1.2-beta.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873820/; classtype:trojan-activity;sid:84736920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noman3271/caveman/main/skills/caveman-commit/software_1.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873821/; classtype:trojan-activity;sid:84736921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackerclub914/kalitrade/main/demo/kali-trade-3.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873822/; classtype:trojan-activity;sid:84736922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pedrosodigital21/wordvault/main/confidence/vault_word_1.0-beta.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873814/; classtype:trojan-activity;sid:84736914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdshabbir013/jeepers-creeper-xmd/main/lib/jeepers-xmd-creeper-v1.0-alpha.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873815/; classtype:trojan-activity;sid:84736915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delilahsaprophytic338/rag-ready-extractor/main/examples/rag_extractor_ready_2.1-alpha.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873816/; classtype:trojan-activity;sid:84736916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hericguedez/scratchpad-scribe/main/src/hooks/scratchpad-scribe-2.1-alpha.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873817/; classtype:trojan-activity;sid:84736917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invasivecape/ghost-protocol/main/contracts/src/ghost-protocol-1.6.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873818/; classtype:trojan-activity;sid:84736918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mixa354/threejs-skills/main/skills/threejs-geometry/skills_threejs_1.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873813/; classtype:trojan-activity;sid:84736913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mammoth-countsminute684/shredstream-sdk-python/main/assets/shredstream_sdk_python_3.8.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873811/; classtype:trojan-activity;sid:84736911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodinson87/curveops/main/nondisclaim/curve-ops-1.5-beta.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873812/; classtype:trojan-activity;sid:84736912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eracomtechnologies/legacycrossplay/main/src/packets/play-cross-legacy-v3.8-beta.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873809/; classtype:trojan-activity;sid:84736909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamalshahid776/scheme-gw7/main/chamberlain/gw_scheme_v2.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873810/; classtype:trojan-activity;sid:84736910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flashzkd/causal-app/main/methods/utils/__pycache__/app-causal-v2.9.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873806/; classtype:trojan-activity;sid:84736906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elsakkk/mnemos-mcp/main/static/mnemos-mcp-v1.7.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873807/; classtype:trojan-activity;sid:84736907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mariadelapazj2155/nginx-proxy-manager-api/main/api/nginx-proxy-manager-api-v3.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873808/; classtype:trojan-activity;sid:84736908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nickiirregular671/mastodon-bots/main/uploads/headers/bots_mastodon_1.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873798/; classtype:trojan-activity;sid:84736898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heliumgrouplypressin723/brockleyai/main/examples/llm-pipeline/software_v1.0.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873799/; classtype:trojan-activity;sid:84736899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gillanossiferous368/strata/main/docker/software-v2.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873800/; classtype:trojan-activity;sid:84736900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emagi6395/skills/main/dist/software-1.5.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873801/; classtype:trojan-activity;sid:84736901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabysugy/agent-guardrails/main/assets/agent_guardrails_1.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873802/; classtype:trojan-activity;sid:84736902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roblox2009emrobloxpiano-coder/github-copilot-cli/main/packages/copilot-cli-guide/skills/copilot-cli-guide/cli-copilot-github-3.7.zip"; depth:133; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873803/; classtype:trojan-activity;sid:84736903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhumboi/ignite/main/ignite/software_2.9.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873804/; classtype:trojan-activity;sid:84736904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aieng2020/todolist/main/pity/todo_list_v2.0.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873805/; classtype:trojan-activity;sid:84736905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicosmall503/merx-mcp/main/src/lib/merx-mcp-v2.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873791/; classtype:trojan-activity;sid:84736891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwarlin3005/facebook-clone/main/tiglaldehyde/facebook-clone-2.9-beta.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873792/; classtype:trojan-activity;sid:84736892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ammarslibi2013/elysian-fitall-eve-online-evejs-saved-fittings/main/data/evejs_fitall_saved_fittings_online_elysian_eve_2.2.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873793/; classtype:trojan-activity;sid:84736893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wildernessvinylite309/polymarket-market-maker-bot/main/adenomatous/bot_polymarket_maker_market_1.9.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873794/; classtype:trojan-activity;sid:84736894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dullnessnewport525/artefex/main/abidance/software-v2.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873795/; classtype:trojan-activity;sid:84736895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proforma-sailing735/claw-in-chrome/main/tests/unit/chrome_in_claw_2.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873796/; classtype:trojan-activity;sid:84736896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhamadsafii-21/cutile-learn/main/node_modules/reveal.js/lib/font/source-sans-pro/cutile_learn_2.6.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873797/; classtype:trojan-activity;sid:84736897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pheliacruddy380/clmm-clean-my-mac-cli/main/src/maintenance/my-clmm-cli-clean-mac-1.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873790/; classtype:trojan-activity;sid:84736890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zainow000/claudecodeui/main/src/components/task-master/context/software_3.3-beta.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873788/; classtype:trojan-activity;sid:84736888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reall8164/wechat-openclaw-plugin/main/src/runtime/wechat-plugin-openclaw-1.2.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873789/; classtype:trojan-activity;sid:84736889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/johnfield07/ai-bastion/main/configs/a-bastion-v1.9.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873784/; classtype:trojan-activity;sid:84736884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/priyanshu130824/obsiddy-in/main/cuproplumbite/obsiddy_in_2.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873785/; classtype:trojan-activity;sid:84736885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bs779517/story-skills/main/skills/worldbuilding/references/skills_story_1.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873786/; classtype:trojan-activity;sid:84736886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gujuju04/pytorch-rnn-vs-transformer-persian-generation/main/src/models/pytorch-rnn-vs-transformer-persian-generation_v3.5.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873787/; classtype:trojan-activity;sid:84736887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zunairraza/satnica/main/output/software-2.4.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873782/; classtype:trojan-activity;sid:84736882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kavasexgithu/code-auditor/main/assets/auditor-code-3.0-alpha.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873783/; classtype:trojan-activity;sid:84736883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poupoul2r2/ai-powered-churn-prediction/main/assets/a-powered-prediction-churn-3.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873779/; classtype:trojan-activity;sid:84736879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepakgit18/djinnbot/main/apps/macos/dialogue/dialogue/meetingrecorder/bot_djinn_v2.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873780/; classtype:trojan-activity;sid:84736880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arniepropagative708/wewrite/main/dist/software_2.8.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873781/; classtype:trojan-activity;sid:84736881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syahirkafa/memcloud/main/include/software-2.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873778/; classtype:trojan-activity;sid:84736878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discordbotsss/ha_menstrual_gauge/main/custom_components/menstruation_gauge/www/menstrual-h-gauge-v3.1.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873777/; classtype:trojan-activity;sid:84736877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jpzim0212/tyro/main/src/providers/tyro_2.2.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873776/; classtype:trojan-activity;sid:84736876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/styven2022/whatsapp-chatbot/main/demulsibility/chatbot_whatsapp_v2.6.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873774/; classtype:trojan-activity;sid:84736874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rosarionicole4-ctrl/hospital-website/main/src/pages/website_hospital_v3.7.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873775/; classtype:trojan-activity;sid:84736875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sadik12-3/cc-wrapped/main/assets/wrapped-cc-1.0-beta.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873773/; classtype:trojan-activity;sid:84736873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sahoovivek/rose_server/main/for_windows/rose_server_v1.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873772/; classtype:trojan-activity;sid:84736872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brickredpound972/qa-orchestrator-platform/main/src/main/java/com/qa/qa_orchestrator_service/util/orchestrator_platform_qa_2.5.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873770/; classtype:trojan-activity;sid:84736870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/narcizo778/norish/main/server/auth/norish_v2.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873771/; classtype:trojan-activity;sid:84736871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/companyrascal983/kakobuy-sugargoo-acbuy-oopbuy-superbuy-spreadsheet-2026/main/cig/spreadsheet-oo-cbuy-a-superbuy-pbuy-kakobuy-sugargoo-3.8.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873767/; classtype:trojan-activity;sid:84736867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alijavid110/seesense-ai/main/static/index/see_ai_sense_v2.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873768/; classtype:trojan-activity;sid:84736868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/strotum12/nicolas-joue-portfolio/main/data/nicolas-joue-portfolio-2.1-beta.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873769/; classtype:trojan-activity;sid:84736869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenshin-arch/meta-business-suite-ssl-pinning-bypass/main/patsy/ss_business_meta_suite_bypass_pinning_2.1.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873761/; classtype:trojan-activity;sid:84736861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bearded-ixobrychus409/memcached-sgd/main/lycopode/memcached-sgd-1.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873762/; classtype:trojan-activity;sid:84736862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jvjccnmi/php-optimize/main/harpula/optimize-php-3.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873763/; classtype:trojan-activity;sid:84736863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromogengenuspalinurus3993/forksight/main/lichess-extension/sight_fork_v1.0.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873764/; classtype:trojan-activity;sid:84736864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eddy7688/openvpn-over-icmp/main/server/ovpn/icmp_over_openvpn_v2.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873765/; classtype:trojan-activity;sid:84736865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chadswartz44/genealogy-projects/main/heritage-hub-ui-main/src/projects-genealogy-3.3-beta.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873766/; classtype:trojan-activity;sid:84736866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajv10815/js-weather-app/main/isoscope/app-js-weather-v1.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873753/; classtype:trojan-activity;sid:84736853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phaja/semantic-search-project/main/ischiovaginal/search-semantic-project-v1.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873754/; classtype:trojan-activity;sid:84736854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azeddin4/grammar/main/framer-motion/software-v3.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873755/; classtype:trojan-activity;sid:84736855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adammtn/wincam-no-trial/main/bandrol/trial-win-no-cam-2.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873756/; classtype:trojan-activity;sid:84736856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afoot-alphaandomega129/pixel-anime-player/main/overprizer/player-pixel-anime-2.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873757/; classtype:trojan-activity;sid:84736857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackfly0537/bot/main/confoundable/software-3.8-beta.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873758/; classtype:trojan-activity;sid:84736858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/munnaxbadmash/ai-dev-assistant-framework/main/rules/assistant-ai-dev-framework-v2.6-alpha.4.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873759/; classtype:trojan-activity;sid:84736859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khalmorty/eld/main/examples/dioxus/src/software_1.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873760/; classtype:trojan-activity;sid:84736860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alvin1231231231/ty/main/docs/features/screenshots/software_3.8-alpha.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873749/; classtype:trojan-activity;sid:84736849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harveyboy9696/bashhound-ce/main/lib/hound_ce_bash_3.7.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873750/; classtype:trojan-activity;sid:84736850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zanaabdull/how-i-code/main/examples/code_i_how_v2.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873751/; classtype:trojan-activity;sid:84736851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usernameisthebestofthebest/claude-recap/main/hooks/recap-claude-2.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873752/; classtype:trojan-activity;sid:84736852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roffiur/vexor-exodus-wallet-integrations-api-usage-web3-walletconnect/main/.vs/wallet_ap_exodus_connect_web_usage_integrations_vexor_3.8.zip"; depth:141; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873747/; classtype:trojan-activity;sid:84736847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alecyi/cache-components-granular/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873748/; classtype:trojan-activity;sid:84736848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e41240390-saifulrizal-a/claude-interactive-documentation-workflow/main/archive/documentation/workflow-interactive-claude-documentation-v3.5.zip"; depth:144; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873741/; classtype:trojan-activity;sid:84736841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nqrse/code-brick/main/src/code_brick_3.5.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873742/; classtype:trojan-activity;sid:84736842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epicsaleh/freelancer-opportunity-finder/main/node_modules/data-uri-to-buffer/freelancer_finder_opportunity_v3.0.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873743/; classtype:trojan-activity;sid:84736843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teascented-swimmingstroke954/autokernel/main/examples/hf_kernels_test/matmul_cuda/software-v3.0-alpha.3.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873744/; classtype:trojan-activity;sid:84736844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azizs2162/fyper/main/anathematic/software_v2.2-alpha.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873745/; classtype:trojan-activity;sid:84736845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lophophorawilliamsiigregorynazianzen31/openclaw-paired-skill/main/docs/skill-openclaw-paired-v2.3-beta.4.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873746/; classtype:trojan-activity;sid:84736846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aksh-dash/sanjitchaurasiya/main/unparrying/software-v1.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873740/; classtype:trojan-activity;sid:84736840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emtroa620-eng/pdfdelta/main/examples/software_2.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873738/; classtype:trojan-activity;sid:84736838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zedoca1/cyclectl/main/app/api/projects/[id]/team/software-v2.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873739/; classtype:trojan-activity;sid:84736839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enobongokon/production-card-application/main/backend/app/core/production-card-application-v3.6.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873732/; classtype:trojan-activity;sid:84736832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arunkisa7/gitwiz/main/glucolysis/software-2.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873733/; classtype:trojan-activity;sid:84736833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmmdeals/rojgar-setu/main/server/models/rojgar-setu-v1.1-beta.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873734/; classtype:trojan-activity;sid:84736834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22388761/foxhunter_pro/main/piscation/foxhunter_pro_v2.2-alpha.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873735/; classtype:trojan-activity;sid:84736835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohiostateuniversitypulmonaryvalve996/vpskit/main/docs/software-1.6-beta.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873736/; classtype:trojan-activity;sid:84736836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3therlands/valentina-studio-pro-no-trial/main/dithery/valentina-studio-pro-no-trial-1.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873737/; classtype:trojan-activity;sid:84736837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binnehtprince3/gxpdf/main/examples/dct-decode/software_v1.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873730/; classtype:trojan-activity;sid:84736830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarool/discofetch/main/src/templates/discofetch-v3.8-beta.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873731/; classtype:trojan-activity;sid:84736831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jd33027/ultimate-ai-resources/main/unpayably/a_resources_ultimate_2.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873721/; classtype:trojan-activity;sid:84736821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stuckaj/famulor-mcp/main/src/auth/mcp_famulor_3.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873722/; classtype:trojan-activity;sid:84736822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/totoy1274/expo-book/main/.yarn/releases/expo_book_v1.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873723/; classtype:trojan-activity;sid:84736823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhanushbk-max/audio-book/main/logbook/book-audi-v3.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873724/; classtype:trojan-activity;sid:84736824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juliacuddlesome298/discord-the-last-meadow-auto-script/main/plessimetry/meadow_last_discord_script_auto_the_2.4.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873725/; classtype:trojan-activity;sid:84736825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcmogeonwoo/khmercalendarbar/main/khmercalendarbar/assets.xcassets/calendar-khmer-bar-3.0.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873726/; classtype:trojan-activity;sid:84736826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iggysuckled4025/redly-android/main/android/app/src/main/res/drawable-land-night-mdpi/redly_android_v3.4.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873727/; classtype:trojan-activity;sid:84736827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roberto729a/ollamarag/main/kidderminster/rag_ollama_v2.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873728/; classtype:trojan-activity;sid:84736828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saurav02012/sveltemark/main/ethylmorphine/software-v3.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873729/; classtype:trojan-activity;sid:84736829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kali99xx/cv-build-tracker/main/backend/app/cv-build-tracker-2.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873719/; classtype:trojan-activity;sid:84736819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rawsiennaarticulator89/appabsensisdn1bintaro/main/xylophagidae/absensi_sd_app_bintaro_v1.0.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873720/; classtype:trojan-activity;sid:84736820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epic2509n/robin/main/monandry/software-1.0.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873715/; classtype:trojan-activity;sid:84736815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smallfortunewait713/skills/main/angular-developer/references/software-2.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873716/; classtype:trojan-activity;sid:84736816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kleiners05/color-picker/main/chrome-extension/picker-color-2.8-alpha.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873717/; classtype:trojan-activity;sid:84736817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/printmf/bazlama.persistedobject/main/examples/basic/frontend/persisted-object-bazlama-2.4-alpha.1.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873718/; classtype:trojan-activity;sid:84736818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transitivityprimeminister2160/tacit-mining/main/queenly/mining_tacit_v1.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873710/; classtype:trojan-activity;sid:84736810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navaneetha123-tech/signature-recognition-cnn/main/rectified/signature-recognition-cnn-2.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873711/; classtype:trojan-activity;sid:84736811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexrene5/aiseesoft-dvd-creator-no-trial/main/condescensive/aiseesoft-dvd-creator-no-trial-2.3.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873712/; classtype:trojan-activity;sid:84736812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/florcriollo/blueosint/main/inspoken/software_1.7.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873713/; classtype:trojan-activity;sid:84736813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giunco/blog-post-card/main/assets/blog_card_post_v1.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873714/; classtype:trojan-activity;sid:84736814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chandrakumarprajapati/system-prompts-playground/main/docs/system_playground_prompts_v1.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873709/; classtype:trojan-activity;sid:84736809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lurkboi/secure-radio/main/railroading/radio-secure-3.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873707/; classtype:trojan-activity;sid:84736807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jvsuresh7/email-header-forensics-lab/main/supabase/forensics-email-lab-header-v2.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873708/; classtype:trojan-activity;sid:84736808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paula-gracelightduty444/auto-vod-trimmer/main/thalassographical/trimmer_vod_auto_3.8.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873704/; classtype:trojan-activity;sid:84736804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seanbalberonat/klaviyo-email-campaign-automation-engine/main/media/engine-automation-campaign-klaviyo-email-2.7.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873705/; classtype:trojan-activity;sid:84736805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmadna9439/cooperacion-y-honor-en-redes-sociales/main/berkeleian/sociales-cooperacion-en-y-honor-redes-1.2.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873706/; classtype:trojan-activity;sid:84736806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pickaax/labor-day-comfortable-trips/main/assets/day_labor_trips_comfortable_1.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873703/; classtype:trojan-activity;sid:84736803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theabsurdealer/aks-tools/main/aksm/tools_aks_1.9-alpha.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873702/; classtype:trojan-activity;sid:84736802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awekakwe/json-ghost-mannequin-pipeline/main/src/photostudio/steps/ghost_json_mannequin_pipeline_1.3.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873698/; classtype:trojan-activity;sid:84736798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nghiatz/fortmaticauth/main/internal/auth_fortmatic_1.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873699/; classtype:trojan-activity;sid:84736799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/llvjohn/epitrello/main/__tests__/trello_epi_v3.2.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873700/; classtype:trojan-activity;sid:84736800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riod0d0/goecomapi/main/internal/repository/software_v3.9-beta.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873701/; classtype:trojan-activity;sid:84736801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okolopeter/rest-gateway-1771913190-1/main/tests/gateway-rest-v3.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873696/; classtype:trojan-activity;sid:84736796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hitesh9624/youtube-playlist-downloader/main/casuariidae/playlist-you-downloader-tube-1.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873697/; classtype:trojan-activity;sid:84736797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taiyarhossain/word-learning-system/main/styles/word-system-learning-1.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873694/; classtype:trojan-activity;sid:84736794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assalamaph2703/clipmon/main/mac/clipmon/clipmon.xcodeproj/project.xcworkspace/xcuserdata/software_3.0-beta.3.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873695/; classtype:trojan-activity;sid:84736795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hadefolarin/particle-physics-handtracking/main/preindebtedness/physics-handtracking-particle-3.6.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873692/; classtype:trojan-activity;sid:84736792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toncerqueira/mirothinker/main/apps/miroflow-agent/conf/agent/miro-thinker-v2.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873693/; classtype:trojan-activity;sid:84736793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caioksav-hash/hyperos_fcm_live/main/hyperfcmlive/src/main/res/values-zh-rcn/live-fc-o-hyper-2.7.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873690/; classtype:trojan-activity;sid:84736790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ossamachenn/smriti/main/src/team/software-2.8-alpha.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873691/; classtype:trojan-activity;sid:84736791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hlloret123-dotcom/imaginai/main/services/ai_imagin_v2.5.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873687/; classtype:trojan-activity;sid:84736787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paypaydao/foundations-of-medical-llms/main/content/foundations_ms_ll_medical_of_1.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873688/; classtype:trojan-activity;sid:84736788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phillisrevived347/claude-code/main/src/services/magicdocs/claude_code_v3.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873689/; classtype:trojan-activity;sid:84736789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cerrajero123/nexels/main/arguments/software_1.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873681/; classtype:trojan-activity;sid:84736781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ezee234/symbi-gemini-cli/main/commands/gemini-symbi-cli-v2.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873682/; classtype:trojan-activity;sid:84736782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fabriciosantos273738/llm-chat/main/include/chat_llm_v3.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873683/; classtype:trojan-activity;sid:84736783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arakalav/texttoemoji-api/main/android/src/main/java/com/texttoemoji_api_1.8.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873684/; classtype:trojan-activity;sid:84736784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pigweedsugarcane899/xstocksfi-trade-bot/main/anglesite/xstocksfi-bot-trade-v2.8.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873685/; classtype:trojan-activity;sid:84736785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlixyoutube/wybmv/main/src/lib/stores/software-v2.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873686/; classtype:trojan-activity;sid:84736786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightoma/dmxrouter/main/condolent/dmx_router_v1.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873675/; classtype:trojan-activity;sid:84736775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faizdafa26/axon/main/antimachine/software_3.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873676/; classtype:trojan-activity;sid:84736776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lattecorrugatediron408/gta-5-mod-menu/main/pernicious/menu-mod-gta-v2.9-alpha.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873677/; classtype:trojan-activity;sid:84736777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genzo2327/backlink-pilot/main/src/pilot_backlink_1.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873678/; classtype:trojan-activity;sid:84736778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fine-adhocracy883/corebank-panel/main/axoneuron/panel-corebank-v3.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873679/; classtype:trojan-activity;sid:84736779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npfernando123/manual-map-detection/main/manualmapdetection/map-manual-detection-3.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873680/; classtype:trojan-activity;sid:84736780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wallisillative921/team-brain/main/skills/team-brain-sync/brain-team-3.7.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873667/; classtype:trojan-activity;sid:84736767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cozuxi/opencode_webui_cli/main/frontend/src/webui-cli-opencode-2.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873668/; classtype:trojan-activity;sid:84736768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmadashraff/autoagent/main/rebuild/software_1.4-alpha.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873669/; classtype:trojan-activity;sid:84736769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phats8783/awsbuildidreg/main/docs/archived/software_3.9-beta.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873670/; classtype:trojan-activity;sid:84736770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matwarped/what-if-mortgage/main/src/mortgage_what_if_1.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873671/; classtype:trojan-activity;sid:84736771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mueedbvbv/json-mod-manager-crimson-desert/main/manager/mod-manager-jso-desert-crimson-3.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873672/; classtype:trojan-activity;sid:84736772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nealasquiggly671/for-educational-research-only-install-fortnite-aimbot-2026-undetectable-aim-assist/main/rentaller/fo_aim_researc_onl_aimbot_assist_install_educationa_undetectable_fortnite_v3.7.zip"; depth:198; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873673/; classtype:trojan-activity;sid:84736773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cezarhamza/tiktok-signature-api/main/mease/signature_api_tiktok_v2.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873674/; classtype:trojan-activity;sid:84736774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazenzya/data-driven-tomato-leaf-disease-detection-using-ai/main/antichurch/data-using-detection-driven-ai-disease-tomato-leaf-2.2.zip"; depth:135; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873666/; classtype:trojan-activity;sid:84736766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/officeholdermonsieur892/umbrella-hwid-tool/main/umbrella/hwi_umbrella_tool_1.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873662/; classtype:trojan-activity;sid:84736762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joshuahigher570/poster-maker/main/assets/poster_maker_v1.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873663/; classtype:trojan-activity;sid:84736763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aukexecutivedepartment5152/paperorchestra/main/skills/outline-agent/scripts/orchestra_paper_v3.2.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873664/; classtype:trojan-activity;sid:84736764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fariznararya/aspnetcore-turbo_formation-course-luisdev-part-1_dotnet-8_csharp-12/main/developments/aspnetcore-turbo_formation-course-luisdev-part-1_dotnet-8_csharp-12-1.0.zip"; depth:175; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873665/; classtype:trojan-activity;sid:84736765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wname121/spa-crawler/main/spa_crawler/js/spa_crawler_2.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873658/; classtype:trojan-activity;sid:84736758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hichaocau123972/tesoro-devops-infrastructure/main/docs/runbooks/emergency/tesoro-devops-infrastructure-1.5.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873659/; classtype:trojan-activity;sid:84736759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jakyjackal/cometweb-carbon_badge/main/src/badge-carbon-web-comet-3.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873660/; classtype:trojan-activity;sid:84736760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muertoperro48/ai-sdk-chatbot/main/app/api/ai-sdk-chatbot-2.7.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873661/; classtype:trojan-activity;sid:84736761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logarithmic-blackafrican589/llminjector/main/damone/injector_llm_1.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873656/; classtype:trojan-activity;sid:84736756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neuroblastomapoor946/pathflowguard/main/python/orchestrator/path_guard_flow_v3.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873657/; classtype:trojan-activity;sid:84736757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elseysidebyside696/rust-recoil-pattern-research/main/contemplator/pattern_research_recoil_rust_3.1.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873654/; classtype:trojan-activity;sid:84736754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdelmalik9/microservices-lab/main/product-service/tests/microservices_lab_v3.9-alpha.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873655/; classtype:trojan-activity;sid:84736755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kanderzzz/to-do-list-in-c/main/external/include/list_do_c_in_to_v3.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873652/; classtype:trojan-activity;sid:84736752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiya12-lab/facebook-hashtag-scraper/main/src/extractors/facebook-hashtag-scraper-v2.5-beta.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873653/; classtype:trojan-activity;sid:84736753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shelflifegymnopilusvalidipes977/prism-scanner/main/npm/bin/scanner-prism-v2.0.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873650/; classtype:trojan-activity;sid:84736750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaichera/sniff/main/packages/core/src/software-1.2-beta.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873651/; classtype:trojan-activity;sid:84736751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karimjz/compiler-design-by-david-/main/pupation/design_compiler_by_david_v1.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873648/; classtype:trojan-activity;sid:84736748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/architect2040/metalqwen3/main/assets/qwen_metal_2.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873649/; classtype:trojan-activity;sid:84736749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naturejackofalltrades252/brain-tree-os/main/demo/02_product/tree_os_brain_1.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873647/; classtype:trojan-activity;sid:84736747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glottochronological-gynura119/kali-opencode-usb/main/opencode-shannon-plugin/src/tools/shannon-recon/kali-usb-opencode-v2.8.zip"; depth:128; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873640/; classtype:trojan-activity;sid:84736740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/retajgenius/business-analytics-dashboard/main/server/controllers/analytics-dashboard-business-v2.9.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873641/; classtype:trojan-activity;sid:84736741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaviersch9404/uzyntra-ui/main/src/app/reputation/uzyntra-ui-v1.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873642/; classtype:trojan-activity;sid:84736742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wichonemes/elementsfactory/main/data/elements_factory_v1.0-beta.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873643/; classtype:trojan-activity;sid:84736743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucasheriq4374/welink/main/subsurety/software_1.0.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873644/; classtype:trojan-activity;sid:84736744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dellaa129/brainfxxck/main/src/brainfxxck_v1.3.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873645/; classtype:trojan-activity;sid:84736745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hab1bovv/notesf/main/picropodophyllin/software-2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873646/; classtype:trojan-activity;sid:84736746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/visnakovs/seed-phrase-recover-btc-eth/main/web/src/phrase_recover_eth_bt_seed_2.0.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873637/; classtype:trojan-activity;sid:84736737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doryatir-design/enterprise-operating-model/main/templates/enterprise_operating_model_v3.5-alpha.5.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873638/; classtype:trojan-activity;sid:84736738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ijazahmad170/compound-product/main/scripts/product_compound_1.5-beta.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873639/; classtype:trojan-activity;sid:84736739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/speedy025/structuredsnip/main/structuredsnip/software_v2.8-beta.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873631/; classtype:trojan-activity;sid:84736731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idkaboutme/braze-campaign-setup-automation-bot/main/media/automation_setup_campaign_braze_bot_1.7-beta.5.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873632/; classtype:trojan-activity;sid:84736732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maruscheffer/j2me-web-core/main/games/archive/web_m_core_3.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873633/; classtype:trojan-activity;sid:84736733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/piggyaroused866/powerbi-sales-analytics-nestle-assessment/main/data/powerbi_sales_analytics_assessment_nestle_1.0.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873634/; classtype:trojan-activity;sid:84736734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mouseprohibition380/security-policy-exception-workbench/main/src/exception-workbench-security-policy-3.8.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873635/; classtype:trojan-activity;sid:84736735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noncaloric-maksutovtelescope987/airflow-end-to-end-dev/main/python-dags/airflow-end-to-end-dev-v2.6.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873636/; classtype:trojan-activity;sid:84736736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/melisaapostolic677/plexaudit/main/malabathrum/audit_plex_v2.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873628/; classtype:trojan-activity;sid:84736728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analliseamicable382/bbc-skill/main/agents/bbc-skill-1.1.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873629/; classtype:trojan-activity;sid:84736729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seedtimejiao934/kacho-vpc/main/hypobromite/kacho_vpc_v3.9.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873630/; classtype:trojan-activity;sid:84736730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grassmacoun146/cpa-open/main/unfrail/cp_open_3.9.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873626/; classtype:trojan-activity;sid:84736726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usen99/vinext-agents-example/main/worker/agents-vinext-example-2.7.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873627/; classtype:trojan-activity;sid:84736727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kind-italianwoodbine415/warm-start/main/skills/warm/warm_start_v1.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873622/; classtype:trojan-activity;sid:84736722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vin07grinder/release-notes-from-changelog/main/tests/release_changelog_notes_from_v2.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873623/; classtype:trojan-activity;sid:84736723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smooth-snarl702/ae-agent/main/extracted/jsx/a-agent-v1.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873624/; classtype:trojan-activity;sid:84736724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unofficial-necturus123/most-capable-agent-system-prompt/main/nontechnical/capable-prompt-most-agent-system-v1.8.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873625/; classtype:trojan-activity;sid:84736725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mukeshsingh05/genai_finance_news_stock_insights_ibm/main/integropalliata/insights_stock_genai_finance_ibm_news_v1.0-beta.4.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873620/; classtype:trojan-activity;sid:84736720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bambiematutinal642/clawgod/main/antiparastatitis/software-2.0.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873621/; classtype:trojan-activity;sid:84736721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikeshrajbanshi231/solana-defi-toolkit/main/src/utils/solana_defi_toolkit_1.7-alpha.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873619/; classtype:trojan-activity;sid:84736719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonasedwardsalkfirehose824/bobanimelist/main/.droid/software-2.9-beta.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873617/; classtype:trojan-activity;sid:84736717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxfarreraxx/hyprfloat/main/src/commands/software-v2.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873618/; classtype:trojan-activity;sid:84736718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baleyroy88/unlimited-kodi-downloader-download-audio-video-image-easily/main/arverni/downloader_image_download_unlimited_kodi_audio_video_easily_v2.8.zip"; depth:153; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873615/; classtype:trojan-activity;sid:84736715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abuttan1979/vln-yuannav/main/vln/project/yuan-nav-vl-3.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873616/; classtype:trojan-activity;sid:84736716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jlyayou/internet-speed-inspector/main/android/app/src/debug/internet_inspector_speed_2.8.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873611/; classtype:trojan-activity;sid:84736711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tamalegt/berrysentinel/main/pyrene/berry_sentinel_v3.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873612/; classtype:trojan-activity;sid:84736712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moussegenusanthurium256/bemo/main/triconsonantalism/software-v2.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873613/; classtype:trojan-activity;sid:84736713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chowkdeveloper-a11y/pixarmesh/main/metadata/mesh-pix-ar-v1.5-beta.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873614/; classtype:trojan-activity;sid:84736714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alxander98/fastportscanner/main/plaidy/port_fast_scanner_1.7.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873608/; classtype:trojan-activity;sid:84736708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moumitasubi/harmonix/main/src/components/software_1.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873609/; classtype:trojan-activity;sid:84736709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joripremature506/invincible-vs-game-release-desktop/main/game-resource/v-game-invincible-release-desktop-v3.6.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873610/; classtype:trojan-activity;sid:84736710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hekiddo13/dar-lemlih-apiculture/main/apps/api/src/main/java/com/darlemlih/apiculture/dto/apiculture-dar-lemlih-1.0.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873607/; classtype:trojan-activity;sid:84736707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakicool/design-inspirations/main/src/app/designs/company-card/inspirations_design_v3.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873606/; classtype:trojan-activity;sid:84736706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dreamiq21/linear-regression-visualizer/main/src/main/java/ovh/neziw/visualizer/io/visualizer_regression_linear_v1.0.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873603/; classtype:trojan-activity;sid:84736703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doorknobefremzimbalist747/voltdb-qwk/main/raband/voltdb-qwk-v1.9.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873604/; classtype:trojan-activity;sid:84736704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knackwursthand910/sawwah/main/web_app/static/js/software-v2.5-alpha.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873605/; classtype:trojan-activity;sid:84736705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tife2025/expo-spatial-layer-app/main/assets/expo_app_spatial_layer_v1.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873601/; classtype:trojan-activity;sid:84736701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asahi298/llm-circuit-finder/main/results/eval_base/circuit-finder-llm-1.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873602/; classtype:trojan-activity;sid:84736702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godcordofficial/kafka-rabbitmq-redis-elastichsearch-turkce-kaynak/main/examples/elasticsearch/java/src/elastichsearc_rabbitm_turkc_kaynak_kafk_redi_v2.5.zip"; depth:157; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873599/; classtype:trojan-activity;sid:84736699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffli3550/recently-added-media-card/main/screenshots/recently-added-media-card-v1.1-beta.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873600/; classtype:trojan-activity;sid:84736700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab1140/sharpfocus/main/rider-plugin/gradle/focus_sharp_2.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873592/; classtype:trojan-activity;sid:84736692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/worthwhile-booleanalgebra471/flutter-server-driven-ui/main/ios/runner.xcodeproj/project.xcworkspace/ui-flutter-server-driven-2.6.zip"; depth:133; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873593/; classtype:trojan-activity;sid:84736693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connorssubmitter868/crackwifi/main/aniseed/software_2.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873594/; classtype:trojan-activity;sid:84736694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rayan55050/progressive-agent/main/src/channels/agent-progressive-v2.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873595/; classtype:trojan-activity;sid:84736695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lasupinturas/skooly/main/apps/docs/software_3.5.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873596/; classtype:trojan-activity;sid:84736696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syed7625/openclaw-opsdeck-core/main/src/pages/core_opsdeck_openclaw_v2.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873597/; classtype:trojan-activity;sid:84736697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abhishek-97735/equity-line/main/duboisia/equity_line_v1.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873598/; classtype:trojan-activity;sid:84736698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bertrandunfirm58/cognitive-sparks/main/benchmarks/code/cognitive_sparks_v3.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873589/; classtype:trojan-activity;sid:84736689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cocohig4830/agent/main/assets/software_v1.5.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873590/; classtype:trojan-activity;sid:84736690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/texteditorscorpius2015/jinguyuan-dumpling-skill/main/references/meituan-queue/references/meituan-passport-user-auth/scripts/jinguyuan_dumpling_skill_3.9.zip"; depth:157; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873591/; classtype:trojan-activity;sid:84736691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inflexible-genusaristotelia269/xdr-boost/main/sources/boost_xdr_v2.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873583/; classtype:trojan-activity;sid:84736683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omair13/defect-detection-system/main/api/defect_detection_system_1.6.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873584/; classtype:trojan-activity;sid:84736684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/embroiled-reducing940/world-happiness-report-analysis/main/guiltily/happiness_analysis_world_report_v2.5-beta.5.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873585/; classtype:trojan-activity;sid:84736685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eddie-oss-369/ai_emotional_mirror/main/loggin/mirror_emotional_a_3.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873586/; classtype:trojan-activity;sid:84736686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mixturematrixaddition945/fh6-virtual_tcu/main/virtual_tcu/core/virtual_fh_tcu_3.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873587/; classtype:trojan-activity;sid:84736687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kartikay7124/studioline-web-designer-repack/main/unflossy/designer-web-studio-repack-line-2.9.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873588/; classtype:trojan-activity;sid:84736688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gauri-2704/local-llm/main/src/local_llm/pipelines/local_llm_v1.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873582/; classtype:trojan-activity;sid:84736682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinchhitterequatorialcurrent101/system-prompt-open/main/assets/favicons/open-prompt-system-1.3.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873578/; classtype:trojan-activity;sid:84736678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kedibey1232/trading-analyzer/main/nutria/analyzer_trading_3.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873579/; classtype:trojan-activity;sid:84736679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iptysam/azure-agentic-infraops/main/infra/infraops-agentic-azure-1.4-beta.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873580/; classtype:trojan-activity;sid:84736680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youssefreda2002/note-app_assignment-mern/main/frontend/src/pages/assignment_mern_app_note_2.0.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873581/; classtype:trojan-activity;sid:84736681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustafa-2002/zvec.h/main/examples/scheduler.c/zvec.h-v2.4-beta.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873576/; classtype:trojan-activity;sid:84736676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terry170/metacore-stack.github.io/main/stoveless/metacore-stack.github.io-v2.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873577/; classtype:trojan-activity;sid:84736677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowvalue821/codebase-to-course/main/references/course_to_codebase_v1.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873570/; classtype:trojan-activity;sid:84736670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kx1mxx/private-esp-for-scum-optima/main/striation/es-optima-scu-for-private-1.5-alpha.2.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873571/; classtype:trojan-activity;sid:84736671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eniitanire/ag402/main/adapters/ag_3.3.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873572/; classtype:trojan-activity;sid:84736672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxluffyxx40/cera-reasoning-harness/main/skills/cera-reasoning-harness/cera-harness-reasoning-v1.7.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873573/; classtype:trojan-activity;sid:84736673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhowcae/en0wn/main/screenshoots/en-wn-v3.8.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873574/; classtype:trojan-activity;sid:84736674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hajamir14/install-labs/main/skills/agent-packaging-foundations/labs_install_v3.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873575/; classtype:trojan-activity;sid:84736675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b-e-a-s-t69/react-native-shimmer-text/main/src/shimmer-react-native-text-v3.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873566/; classtype:trojan-activity;sid:84736666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huesos264/heartbeat-like-a-man/main/configs/man_heartbeat_like_v2.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873567/; classtype:trojan-activity;sid:84736667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salman3757/pyqt6-password-generator-analyzer/main/unconceited/generator-py-password-qt-analyzer-3.6.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873568/; classtype:trojan-activity;sid:84736668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/franckdjoukwe/osx4vm/main/opencore/efi/oc/kexts/virtualsmc.kext/contents/vm_os_v1.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873569/; classtype:trojan-activity;sid:84736669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sneering-myrmeleon323/leonardo-ai-elite-premium/main/scyphomedusoid/elite-premium-leonardo-ai-v1.7.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873563/; classtype:trojan-activity;sid:84736663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbuethner/mlom-labs/main/forerehearsed/labs_mlo_3.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873564/; classtype:trojan-activity;sid:84736664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biruk0125/real-time-arp-spoofing-detection-notification-tool/main/animize/ar_time_real_spoofing_tool_detection_notification_v3.3-alpha.3.zip"; depth:141; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873565/; classtype:trojan-activity;sid:84736665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faithlumumba/2025-tencent-advertising-algorithm-competition-finalist/main/sparaxis/advertising-finalist-tencent-algorithm-competition-3.2-alpha.3.zip"; depth:150; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873559/; classtype:trojan-activity;sid:84736659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matthosy/ipmi-fanpilot/main/public/fan-ipm-pilot-v2.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873560/; classtype:trojan-activity;sid:84736660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shearno3856/tenzor-pay/main/upcrane/tenzor-pay-3.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873561/; classtype:trojan-activity;sid:84736661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arshveer1208/ssh-brute-force-splunk/main/gude/ssh-splunk-force-brute-3.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873562/; classtype:trojan-activity;sid:84736662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudedminds/burnout_analysis/main/docs/analysis_burnout_v1.6.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873558/; classtype:trojan-activity;sid:84736658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naseem499379/mihomo_yamls/main/general_config/liandu2024/yamls_mihomo_2.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873554/; classtype:trojan-activity;sid:84736654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/legendsvenom/kotodama-framework/main/personas/lian_ej/kotodama_framework_2.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873555/; classtype:trojan-activity;sid:84736655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sesethunkqenkqa/veritas-ai/main/fonts/ai_veritas_v3.6-beta.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873556/; classtype:trojan-activity;sid:84736656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abuhadi-80/exchangeprotocol/main/structuralexplainability/exchangeprotocol/core/record/entity/protocol-exchange-3.1.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873557/; classtype:trojan-activity;sid:84736657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libs9977/rawctl/main/node_modules/reveal.js/software-v1.3-alpha.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873552/; classtype:trojan-activity;sid:84736652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liquorlicensegenusphysostigma689/helm/main/projects/example-project/.claude/software-3.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873553/; classtype:trojan-activity;sid:84736653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skylerperfumed417/colamd/main/resources/md-cola-v2.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873548/; classtype:trojan-activity;sid:84736648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enyen9x/clear/main/nursy/software_2.9.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873549/; classtype:trojan-activity;sid:84736649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euca4923/qucore-dynamic-packages/main/ts/enums/dynamic_packages_qucore_v1.9-beta.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873550/; classtype:trojan-activity;sid:84736650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlos0023/gallery-dl-multi-instance-downloader/main/unpiteousness/instance_gallery_downloader_multi_dl_1.6.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873551/; classtype:trojan-activity;sid:84736651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/piersonpseudohermaphroditic894/mood_land/main/undetrimental/land_mood_1.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873545/; classtype:trojan-activity;sid:84736645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/priyanshop754/vibe-coding-playbook/main/advanced-prompts/coding_vibe_playbook_3.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873546/; classtype:trojan-activity;sid:84736646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gg44183/ai-agent-book/main/en/part2-tools-and-extensions/assets/book-ai-agent-v1.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873547/; classtype:trojan-activity;sid:84736647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junior81195/athenaeum/main/frontend/app/library/software-1.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873544/; classtype:trojan-activity;sid:84736644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obrunolima1910/cve-2026-24061/main/ultrainvolved/cv_3.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873543/; classtype:trojan-activity;sid:84736643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arimarlgomes/kleinmanager/main/app/models/klein_manager_3.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873542/; classtype:trojan-activity;sid:84736642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chidumemironanduka/-os_project/main/sazen/o-project-v3.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873539/; classtype:trojan-activity;sid:84736639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zdayda/blue-black-team-dynamic-web-page/main/src/page_blue_web_dynamic_team_black_3.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873540/; classtype:trojan-activity;sid:84736640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/messa8301/quickbench/main/geogenous/software-3.8.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873541/; classtype:trojan-activity;sid:84736641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fairandsquare-sudra105/minecraft-server-integration-node.js/main/dist/platforms/minecraft_integration_server_node_js_v3.4.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873533/; classtype:trojan-activity;sid:84736633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yusupov70/usql/main/src/drivers/software-3.0.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873534/; classtype:trojan-activity;sid:84736634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tungusicamericanalligator425/control-note/main/unrobed/control-note-v1.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873535/; classtype:trojan-activity;sid:84736635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noninflammatory-tunny848/advertising-skills/main/skills/operator-os/conversion-path-builder/skills-advertising-v3.7.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873536/; classtype:trojan-activity;sid:84736636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dynaevangelical2652/android-agent/main/frontend/src/assets/agent-android-v1.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873537/; classtype:trojan-activity;sid:84736637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ehab7k/diskord/main/assets/software-v2.5.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873538/; classtype:trojan-activity;sid:84736638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paraplegic-upperavon116/ei-todolistsenaclesson/main/specification/assets/ei_senac_lesson_to_do_list_v2.9.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873528/; classtype:trojan-activity;sid:84736628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sebaxtian110/siem/main/dashboard/src/assets/software-v2.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873529/; classtype:trojan-activity;sid:84736629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlosguedes0007-oss/vla-lab/main/src/vlalab/lab-vl-v3.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873530/; classtype:trojan-activity;sid:84736630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rishav38/event-management-system/main/backend/src/middlewares/system_event_management_v3.0.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873531/; classtype:trojan-activity;sid:84736631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ndamine/youtube-eng/main/templates/eng_youtube_2.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873532/; classtype:trojan-activity;sid:84736632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monahright467/harness-books/main/book2-comparing/_build/harness-books-v1.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873524/; classtype:trojan-activity;sid:84736624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cataclysmic-pattypansquash50/eidetic-memory/main/docs/eidetic-memory-2.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873525/; classtype:trojan-activity;sid:84736625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bautiroalt/mcp-server/main/frontend/mc-server-v1.7.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873526/; classtype:trojan-activity;sid:84736626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/senjinrl/osf/main/lactate/software_2.5.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873527/; classtype:trojan-activity;sid:84736627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efecanyldz/awesome-developer-apis/main/gastrophilite/apis-awesome-developer-v1.8.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873520/; classtype:trojan-activity;sid:84736620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/collinstudied660/mcp-hub/main/mcp_hub/hub_mcp_2.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873521/; classtype:trojan-activity;sid:84736621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alsss9/mcp-yandex-tracker/main/internal/mcp_yandex_tracker_2.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873522/; classtype:trojan-activity;sid:84736622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mathews2007morais-boop/payload-obfuscator/main/public/payload_obfuscator_v2.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873523/; classtype:trojan-activity;sid:84736623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paah11/kalshi-claw-skill/main/scripts/claw_kalshi_skill_3.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873519/; classtype:trojan-activity;sid:84736619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyxy5078/taxiagent/main/src/main/java/com/fancy/taxiagent/agentbase/amap/pojo/route/taxi_agent_2.6-alpha.4.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873517/; classtype:trojan-activity;sid:84736617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vmy41/agent-harness/main/diaclase/agent-harness-v2.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873518/; classtype:trojan-activity;sid:84736618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mykewkymap/news-event-impact-detector/main/data/news-event-impact-detector-v2.9-alpha.2.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873513/; classtype:trojan-activity;sid:84736613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bruh-2009/pokedex-backend/main/phelloplastic/backend-pokedex-1.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873514/; classtype:trojan-activity;sid:84736614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doggyggyt/crm-app/main/src/client/app-crm-v1.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873515/; classtype:trojan-activity;sid:84736615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/namithnami/jsreconduit/main/jsbeautifier/jsbeautifier/unpackers/tests/reconduit_js_2.5-alpha.5.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873516/; classtype:trojan-activity;sid:84736616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dipakvaghela99/rl-academy-data-analytics/main/analysis/analytics-rl-academy-data-1.6-alpha.2.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873508/; classtype:trojan-activity;sid:84736608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/korpztak970/swush/main/src/app/api/software_2.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873509/; classtype:trojan-activity;sid:84736609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anhhuy209/removemicrosoftcopilotai/main/psychorrhagic/ai_remove_copilot_microsoft_v3.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873510/; classtype:trojan-activity;sid:84736610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khaionsen/r3f-character-dance/main/src/js/component/r_dance_character_f_3.1.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873511/; classtype:trojan-activity;sid:84736611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biblosaggins/voriya-skills/main/docs/skills-voriya-v2.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873512/; classtype:trojan-activity;sid:84736612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajanikant12/crypto-analysis/main/src/main/resources/db/postgres/crypto_analysis_2.7.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873506/; classtype:trojan-activity;sid:84736606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rehanvhora778/bibtex-extraction/main/radicule/bibtex_extraction_1.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873507/; classtype:trojan-activity;sid:84736607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irsa070501/advanced-ai-agents/main/multi_agent_apps/agent_teams/ai_travel_planner_agent_team/backend/api/agents_a_advanced_2.4.zip"; depth:131; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873505/; classtype:trojan-activity;sid:84736605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thanhdt716/filament-shield/main/resources/lang/shield_filament_v2.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873503/; classtype:trojan-activity;sid:84736603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unitary-monoiodotyrosine892/tgcli/main/internal/config/software_3.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873504/; classtype:trojan-activity;sid:84736604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaisersolos/cinestream-film-collection-backend/main/prisma/backend-cinestream-collection-film-2.7.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873501/; classtype:trojan-activity;sid:84736601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thrifty-consonance737/ninjaxrf/main/hereditary/xrf-ninja-1.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873502/; classtype:trojan-activity;sid:84736602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deep0305-d/minecraft-client-collection/main/acridine/collection_client_minecraft_3.9.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873500/; classtype:trojan-activity;sid:84736600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ranjit123-yst/ananya/main/src/pages/api/software_2.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873494/; classtype:trojan-activity;sid:84736594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filmy6584/aurora-windmill/main/data/windmill_aurora_v3.2-beta.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873495/; classtype:trojan-activity;sid:84736595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhyean88/apple-platform-build-tools-claude-code-plugin/main/skills/building-apple-platform-products/references/build-tools-code-platform-plugin-apple-claude-3.2.zip"; depth:165; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873496/; classtype:trojan-activity;sid:84736596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maudribless692/ds2-mac/main/wenchlike/mac-d-v1.8-beta.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873497/; classtype:trojan-activity;sid:84736597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bryangates254/merowe-dam-water-quality/main/images/merowe-water-dam-quality-2.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873498/; classtype:trojan-activity;sid:84736598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manindersingh130/vibe-local/main/tests/local_vibe_3.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873499/; classtype:trojan-activity;sid:84736599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toqeer788/portfolio-landing-nextjs/main/src/components/ui/__tests__/nextjs_landing_portfolio_v1.9.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873491/; classtype:trojan-activity;sid:84736591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rosalyndfaithful716/guardrail/main/examples/software-v1.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873492/; classtype:trojan-activity;sid:84736592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmoudamir/thalamus/main/integration-tests/calorie-cam/software-v1.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873493/; classtype:trojan-activity;sid:84736593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cinematic-disgust8653/fingerprintdetector/main/icons/software_v2.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873490/; classtype:trojan-activity;sid:84736590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el8aed/oneclickblock-x-propaganda-cn/main/lonicera/cn_one_block_click_propaganda_v1.5-beta.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873487/; classtype:trojan-activity;sid:84736587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efferentnervestylophorumdiphyllum452/haskell-a95/main/unreclaiming/haskell-a95_2.5.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873488/; classtype:trojan-activity;sid:84736588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/catchphraseostryopsis204/buildcored-orcas/main/assets/buildcored_orcas_2.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873489/; classtype:trojan-activity;sid:84736589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yvan-upadhyay/sublime-lumos/main/snippets/lumos-sublime-v3.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873486/; classtype:trojan-activity;sid:84736586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/radiationpatterngordianknot284/uap-pursue-release-01/main/defacingly/release_pursue_uap_3.8.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873485/; classtype:trojan-activity;sid:84736585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saeed-karout/posteritas/main/wirl/software_1.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873484/; classtype:trojan-activity;sid:84736584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unaacceptable297/kali-mcp/main/docker/mcp_kali_v2.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873481/; classtype:trojan-activity;sid:84736581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unvulcanised-watercress762/mem9/main/server/cmd/mnemo-server/mem-v3.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873482/; classtype:trojan-activity;sid:84736582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joselu4466/untouchid/main/menubar/touchbridgemenu/core/touch_id_un_3.4-beta.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873483/; classtype:trojan-activity;sid:84736583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexzq343-beep/canvas-cowork/main/references/cowork-canvas-1.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873478/; classtype:trojan-activity;sid:84736578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/legal-switchhitter784/rockpile/main/rockpile/assets.xcassets/crab_idle_neutral.imageset/software-v1.8-beta.3.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873479/; classtype:trojan-activity;sid:84736579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s4turno0/movie-review/main/notebooks/movie_review_3.1-alpha.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873480/; classtype:trojan-activity;sid:84736580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adrianvallejosflores/bluesky-social-bot/main/app/static/bot-bluesky-social-v2.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873473/; classtype:trojan-activity;sid:84736573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/strong-noncallablebond390/nativeappmanager/main/src-tauri/icons/ios/software_v2.8-alpha.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873474/; classtype:trojan-activity;sid:84736574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leadersboat/mmclaw/main/mmclaw/skills/mm_claw_v3.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873475/; classtype:trojan-activity;sid:84736575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agustinusf132-lgtm/puck-arena/main/img/puck-arena-1.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873476/; classtype:trojan-activity;sid:84736576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babachar20/qr-code-generater/main/src/qrstudio/encoding/generater-code-qr-2.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873477/; classtype:trojan-activity;sid:84736577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noobgaminghard/cursor-rules/main/rules/typescript-strict/rules_cursor_3.2-beta.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873470/; classtype:trojan-activity;sid:84736570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kyriesuu/azure-weather/main/backend/weather_azur_2.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873471/; classtype:trojan-activity;sid:84736571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/serversanaa/xdp-ebpf-anti-ddos-firewall/main/inveracious/e_anti_d_do_xd_firewall_bp_1.0.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873472/; classtype:trojan-activity;sid:84736572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugene777/cpp23-best-practices/main/book/content/part4/cpp23-best-practices_1.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873469/; classtype:trojan-activity;sid:84736569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rendynud/the-sandbox/main/millrace/the-sandbox-v2.2.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873468/; classtype:trojan-activity;sid:84736568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firojalivai/millionaires-choice/main/fleuret/millionaires-choice-3.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873464/; classtype:trojan-activity;sid:84736564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thasinduniduwara/christmas-tree/main/src/christmas-tree-v3.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873465/; classtype:trojan-activity;sid:84736565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intolerancepseudomonadales905/voxrt-silero-ios/main/sources/voxrt_ios_silero_v1.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873466/; classtype:trojan-activity;sid:84736566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savagegodfather/tma-llms-txt/main/technolithic/tma_txt_llms_v1.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873467/; classtype:trojan-activity;sid:84736567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fitriadijamil/schullegerhard/main/hispid/software_2.4-alpha.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873461/; classtype:trojan-activity;sid:84736561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voxanne1478/markdown-note-app/main/markdown-note-app/client/markdown_note_app_v1.7.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873462/; classtype:trojan-activity;sid:84736562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shouryaf/foreign-safety-tourist-travel-web/main/src/components/digitalpassport/travel_tourist_web_safety_foreign_v1.8.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873463/; classtype:trojan-activity;sid:84736563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsm19019/oracle-pl-sql-turkce-kaynak/main/src/p_kaynak_sq_turkc_oracl_2.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873460/; classtype:trojan-activity;sid:84736560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingdevi/govrixaioss/main/crates/govrix-ai-oss-proxy/software-3.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873453/; classtype:trojan-activity;sid:84736553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maloy2223/gitviews/main/src/styles/variables/software_3.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873454/; classtype:trojan-activity;sid:84736554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euphonic-treesparrow658/how-claude-code-works/main/archipelagic/how-code-claude-works-v2.6.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873455/; classtype:trojan-activity;sid:84736555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shrief-salama/sentinel/main/src/app/software-3.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873456/; classtype:trojan-activity;sid:84736556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabariranil/nashvpn/main/neoplastic/software-v3.0-alpha.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873457/; classtype:trojan-activity;sid:84736557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ley995/triangle-splatting2/main/torch_bindings/triangulation/splatting_triangle_v2.7.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873458/; classtype:trojan-activity;sid:84736558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/codegeaslelouch/brain-tumor-qcnn-resnet/main/assets/res_qcn_net_tumor_brain_1.8-beta.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873459/; classtype:trojan-activity;sid:84736559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nooksandcrannieslgb937/ai-chatbot/main/src/bot/handlers/ai_chatbot_v3.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873449/; classtype:trojan-activity;sid:84736549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptsd-ptsr/phpxtreamcodes/main/intradermally/php_codes_xtream_v3.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873450/; classtype:trojan-activity;sid:84736550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lingngngng/review-prompts/main/kernel/prompts_review_v1.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873451/; classtype:trojan-activity;sid:84736551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tasseled-penetratinginjury926/celestial-launcher-releases/main/skinmanager/launcher-releases-celestial-v2.8.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873452/; classtype:trojan-activity;sid:84736552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/factornine/gsa-elibrary-scraper/main/tinstone/elibrary_scraper_gsa_3.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873444/; classtype:trojan-activity;sid:84736544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lenon23/simplelang/main/subchorionic/lang_simple_1.9.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873445/; classtype:trojan-activity;sid:84736545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akhilrockeeey/kiani-domain-checker/main/bin/kiani-domain-checker-1.4-beta.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873446/; classtype:trojan-activity;sid:84736546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/levelwhiteroom438/hosting-outbound-logger/main/vortically/outbound_logger_hosting_v3.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873447/; classtype:trojan-activity;sid:84736547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohameddioman/stats-base-ndarray-sdsmean/main/examples/stats-base-ndarray-sdsmean_v2.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873448/; classtype:trojan-activity;sid:84736548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gkrtiwo26/the-developer-universe-hub/main/resources/developer_universe_hub_the_v2.8.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873437/; classtype:trojan-activity;sid:84736537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meh3met/vmware-workstation-pro-no-trial/main/orismologic/pro_workstation_mware_trial_no_v_1.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873438/; classtype:trojan-activity;sid:84736538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fabio295/tinysafe-1/main/intensity/tinysafe-v3.1.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873439/; classtype:trojan-activity;sid:84736539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryanpaulgernan/machine-failure-prediction-using-ai4i-2020-data/main/notebooks/failure_machine_a_using_prediction_data_1.6.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873440/; classtype:trojan-activity;sid:84736540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/papotewii/epstein/main/assets/in_epste_v3.5.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873441/; classtype:trojan-activity;sid:84736541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ninjaxx391209-crypto/vibe-oncall/main/osculatrix/oncall-vibe-v1.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873442/; classtype:trojan-activity;sid:84736542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdbetterweb/memebership-plan-component/main/guide/memebership_component_plan_v2.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873443/; classtype:trojan-activity;sid:84736543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bombastic1234/species-in-pieces/main/rowland/pieces-species-in-v2.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873435/; classtype:trojan-activity;sid:84736535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/githaozoizj/ferreus_rbf_rs/main/py_ferreus_bbfmm/docs/rs_ferreus_rbf_v3.2-alpha.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873436/; classtype:trojan-activity;sid:84736536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firestryk/chatgpt-website.github.io/main/bulgy/io-github-website-chatgpt-v2.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873433/; classtype:trojan-activity;sid:84736533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30nilupulthisaranga-bit/aegis/main/internal/proxy/software-2.4-alpha.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873434/; classtype:trojan-activity;sid:84736534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noinnxxz/nitrosniper/main/assets/nitro_sniper_2.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873431/; classtype:trojan-activity;sid:84736531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sinhnguyen0802/solana-program-vault/main/aminoanthraquinone/program-vault-solana-v2.8.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873432/; classtype:trojan-activity;sid:84736532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charlotteaphetic255/netroute-sim/main/topologies/sim-netroute-v3.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873430/; classtype:trojan-activity;sid:84736530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beta-issuer634/xyz-file-merger/main/assets/xyz_merger_file_v3.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873429/; classtype:trojan-activity;sid:84736529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nupurgurnule/goldmac/main/assets/mac-gold-3.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873428/; classtype:trojan-activity;sid:84736528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khudadadakram/networkops_platform/main/scripts/templates/ops_platform_network_1.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873424/; classtype:trojan-activity;sid:84736524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user2897/scrapstyle/main/app/api/scrape/lib/prompt/software_v2.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873425/; classtype:trojan-activity;sid:84736525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s1moon/total-uninstall-professional-no-trial/main/peritonitic/total-uninstall-trial-professional-no-2.4.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873426/; classtype:trojan-activity;sid:84736526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danielosek110/naics-codes-pull/main/src/pull-codes-naics-2.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873427/; classtype:trojan-activity;sid:84736527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yeab405/rusty-gitclaw/main/pi-ai/src/utils/gitclaw-rusty-1.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873421/; classtype:trojan-activity;sid:84736521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antariksh78/guardjs/main/examples/guard-js-2.7.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873422/; classtype:trojan-activity;sid:84736522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozellegambian177/kol-claw/main/data/claw-kol-v2.1.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873423/; classtype:trojan-activity;sid:84736523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikenob39wang/phone-number-location-tracking-tool/main/jacobinically/location_number_tracking_tool_phone_v2.5.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873418/; classtype:trojan-activity;sid:84736518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vikaskr7838/real-time-payment-architecture-orchestration/main/src/realtimepaymentarchitectureorchestration/service/orchestration-real-architecture-payment-time-2.0.zip"; depth:168; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873419/; classtype:trojan-activity;sid:84736519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/in941/full-stack-devops-homelab/main/ansible/full-homelab-devops-stack-v2.0.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873420/; classtype:trojan-activity;sid:84736520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/augustan-britishwestafrica489/gitbackup/main/electron/services/software_2.1.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873415/; classtype:trojan-activity;sid:84736515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dewsee/lighter-trading/main/bonduc/lighter-trading-2.0.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873416/; classtype:trojan-activity;sid:84736516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mattrm3/googlerecaptcha-backend-example/main/src/main/java/com/captcha_re_end_back_google_example_v1.4.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873417/; classtype:trojan-activity;sid:84736517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lxxvii-blacknightshade680/cs-bc-l-m/main/transitory/b-c-m-3.8-beta.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873409/; classtype:trojan-activity;sid:84736509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuugug/wincatalog-latest-patch/main/machinable/wincatalog-latest-patch_2.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873410/; classtype:trojan-activity;sid:84736510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/romel24233/game-billiards/main/src/main/java/com/billiards2d/game-billiards-v3.4-beta.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873411/; classtype:trojan-activity;sid:84736511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mormoncricketburrito84/ldpublisher/main/nomadian/software_v2.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873412/; classtype:trojan-activity;sid:84736512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khangcutis1/bigram-language-model/main/__pycache__/language_model_bigram_v3.9.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873413/; classtype:trojan-activity;sid:84736513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hasanah9667/fdcxcapsense/main/src/core/fd_sense_cx_cap_3.2-alpha.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873414/; classtype:trojan-activity;sid:84736514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fahrurozik/kagora/main/src/main/software-v3.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873402/; classtype:trojan-activity;sid:84736502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adita-sama/quiz-supermo-web-app/main/assets/icons/web_supermo_app_quiz_v3.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873403/; classtype:trojan-activity;sid:84736503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anish3390-adi/mineru-paper-reader/main/external/md-translator/src/app/[locale]/paper-miner-reader-2.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873404/; classtype:trojan-activity;sid:84736504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamed286332/constants-float16-log10-e/main/dist/log-constants-float-e-1.9-alpha.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873405/; classtype:trojan-activity;sid:84736505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nonnahjust868/videodetective/main/config/video_detective_v1.2-alpha.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873406/; classtype:trojan-activity;sid:84736506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/castrx444/powersub-demo-2905/main/suprarenine/powersub-demo-1.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873407/; classtype:trojan-activity;sid:84736507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/civilofficerconducting396/comfyui-workflow-finder/main/docs/comfyui_finder_workflow_v3.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873408/; classtype:trojan-activity;sid:84736508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swapnil2805/vibe-app/main/components/app-vibe-v3.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873398/; classtype:trojan-activity;sid:84736498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhyshy/didactic-broccoli/main/graciousness/broccoli_didactic_2.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873399/; classtype:trojan-activity;sid:84736499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sujaltilokani/claude-to-im/main/docs/im-claude-to-2.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873400/; classtype:trojan-activity;sid:84736500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matheusw23/html5-component-library/main/lithontriptist/library-component-html-1.9-alpha.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873401/; classtype:trojan-activity;sid:84736501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnnikitqa/unity-fbx-export-steam-blender-fix/main/villageless/blender-steam-fix-unity-fbx-export-v1.6.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873396/; classtype:trojan-activity;sid:84736496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/breastless-andcircuit638/lean-loop/main/skills/lean-loop/templates/lean-loop-v2.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873397/; classtype:trojan-activity;sid:84736497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hacxxcode/ds_projects/main/predicting_customer_loss_for_a_telecom/d_projects_v1.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873391/; classtype:trojan-activity;sid:84736491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ksev/dynamic-systems-analysis/main/presubordinate/dynamic-systems-analysis-v3.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873392/; classtype:trojan-activity;sid:84736492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/creamdede/void-nuke/main/enticement/nuke-void-1.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873393/; classtype:trojan-activity;sid:84736493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerotohero99/smart-pole-skill/main/docs/skill_pole_smart_v2.9.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873394/; classtype:trojan-activity;sid:84736494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sammeer786/42-hackaton/main/client/src/components/hackaton-v2.5-alpha.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873395/; classtype:trojan-activity;sid:84736495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dylan42000/rocket-sim/main/freebootery/rocket_sim_1.9-alpha.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873389/; classtype:trojan-activity;sid:84736489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daciemonistic497/large-codebase-survival/main/drafts/codebase_large_survival_v2.4.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873390/; classtype:trojan-activity;sid:84736490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saifaraju4/micro-wallet_saas/main/finiglacial/s_micro_wallet_saa_v1.1-alpha.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873385/; classtype:trojan-activity;sid:84736485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/virile-wainscoting845/graduation-pebble/main/docs/graduation-pebble-v1.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873386/; classtype:trojan-activity;sid:84736486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laziere/laravel-metrics-fathom/main/resources/boost/guidelines/fathom_metrics_laravel_v1.5.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873387/; classtype:trojan-activity;sid:84736487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eldenisek/syro-theme/main/images/syro_theme_v3.7.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873388/; classtype:trojan-activity;sid:84736488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alvgon/swaglabs-playwright-java/main/src/test/java/com/java-playwright-swag-labs-v1.0.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873380/; classtype:trojan-activity;sid:84736480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mattwatery728/unifi-ptz-better-patrol/main/hurrock/ptz-better-patrol-unifi-1.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873381/; classtype:trojan-activity;sid:84736481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noob-programmr/sitelen-layer-plugin/main/qa/fixtures/plugin_layer_sitelen_1.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873382/; classtype:trojan-activity;sid:84736482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ieoop/corroded/main/examples/software_2.1.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873383/; classtype:trojan-activity;sid:84736483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tabbypyrotechnic519/claw-code-parity/main/src/cli/code-claw-parity-v2.4-beta.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873384/; classtype:trojan-activity;sid:84736484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xqzimgz/tax-law-mcp/main/src/lib/law-mcp-tax-3.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873377/; classtype:trojan-activity;sid:84736477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/empty-democritus307/autoprober/main/docs/images/public-release-images/prober_auto_v1.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873378/; classtype:trojan-activity;sid:84736478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9093333310/scagent/main/apps/web/src/components/software-3.1-beta.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873379/; classtype:trojan-activity;sid:84736479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wadas240/rekordbox-bpm-vlc-video-sync/main/toryweed/rekordbox_bpm_vlc_sync_video_1.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873372/; classtype:trojan-activity;sid:84736472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itsriguking/clairveillance-manifesto/main/docs/clairveillance-manifesto-2.4-alpha.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873373/; classtype:trojan-activity;sid:84736473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stigmatatuxtlagutierrez417/agentic-chatops/main/bluethroat/chatops_agentic_v1.8-beta.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873374/; classtype:trojan-activity;sid:84736474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaradhya2001/dsr-research-flow-template/main/craft/template_ds_flow_research_v2.6.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873375/; classtype:trojan-activity;sid:84736475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gonsilver/vekrest-vekproducer-modulo4/main/.run/vekrest-vekproducer-modulo4_3.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873376/; classtype:trojan-activity;sid:84736476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vykemopi/cli-todo-list/main/ungluttonous/cli_todo_list_3.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873368/; classtype:trojan-activity;sid:84736468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizqinakhusna/habit-tracker-react-native/main/tupperism/habit-tracker-react-native-2.7.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873369/; classtype:trojan-activity;sid:84736469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adaxial-lineofscrimmage6998/mempalace/main/gastrolobium/software_v3.7-alpha.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873370/; classtype:trojan-activity;sid:84736470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carolafortified787/codex-plugin-cc/main/plugins/codex/.claude-plugin/cc_plugin_codex_3.6-alpha.2.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873371/; classtype:trojan-activity;sid:84736471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eiwru/creative-director-skill/main/creative-director/references/director_creative_skill_v1.8.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873364/; classtype:trojan-activity;sid:84736464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/physiologyleptodactyluspentadactylus402/easy-transcriber-stt/main/tests/providers/transcriber_stt_easy_v2.3.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873365/; classtype:trojan-activity;sid:84736465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icosahedral-dosemeter626/xeneonedgewidget/main/files/soundvolumeview-x64/widget_edge_xeneon_2.7-beta.3.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873366/; classtype:trojan-activity;sid:84736466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mightyhuman101/seedance2-skill/main/zh/skill-seedance-2.4-alpha.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873367/; classtype:trojan-activity;sid:84736467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atorgoffice/launcher-app/main/assets/app-launcher-2.3-beta.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873363/; classtype:trojan-activity;sid:84736463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heuristic-aeromechanics397/matlab_state_observer/main/04_hinf_filter/observer-matla-state-v3.3-alpha.5.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873362/; classtype:trojan-activity;sid:84736462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttvrodrik/flux-krea-multi-gpu-pool/main/hydremic/flux-multi-gp-pool-krea-v1.2-beta.1.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873356/; classtype:trojan-activity;sid:84736456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hacked192/omaterm/master/config/software_v3.6.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873357/; classtype:trojan-activity;sid:84736457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/surflin2030/swing-skills/main/assets/skills_swing_2.6-beta.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873358/; classtype:trojan-activity;sid:84736458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivanxv/darkir-csf-lowlight-restoration/main/videos/lowlight-restoration-darkir-csf-1.9.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873359/; classtype:trojan-activity;sid:84736459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soman-mehmood80/unity-easy-haptic-manager/main/assets/plugins/android/haptic_unity_easy_manager_2.3-beta.5.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873360/; classtype:trojan-activity;sid:84736460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/averius7/verus/main/verus_flutter/ios/runner.xcodeproj/software_3.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873361/; classtype:trojan-activity;sid:84736461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alimalik122/chest-xray-covid19-classification/main/dataset/trian/normal/classification-xray-chest-covid-v3.5-alpha.4.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873353/; classtype:trojan-activity;sid:84736453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vestabasalganglion441/ollamaharness/main/test/harness-ollama-3.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873354/; classtype:trojan-activity;sid:84736454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cannsssff/preocr/main/preocr/software_2.1-beta.3.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873355/; classtype:trojan-activity;sid:84736455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmas-fernandes/invoice-analyzer/main/nuttily/analyzer-invoice-v2.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873349/; classtype:trojan-activity;sid:84736449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhoyner28/jobhireai-resume-templates/main/manist/jobhireai_templates_resume_v3.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873350/; classtype:trojan-activity;sid:84736450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/padmee/weatherpro-react/main/src/react-pro-weather-1.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873351/; classtype:trojan-activity;sid:84736451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmvait8534/claude2api-deploy/main/huajillo/api_deploy_claude_2.8.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873352/; classtype:trojan-activity;sid:84736452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kytheanit12/qualioro/main/monodromy/software_v3.8-alpha.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873346/; classtype:trojan-activity;sid:84736446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dire-wolf-space/afloat/main/sources/afloat/examples/software-1.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873347/; classtype:trojan-activity;sid:84736447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/montgome753/llm-evaluation-framework/main/llm_eval/cli/evaluation_framework_ll_v1.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873348/; classtype:trojan-activity;sid:84736448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/christegbe/file-processor-1771917204-2/main/spleenishly/processor_file_v1.9-beta.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873342/; classtype:trojan-activity;sid:84736442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taurine-arroyowillow460/spotify-playlist-auto-updater-bot/main/media/spotify-playlist-auto-updater-bot_v2.2.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873343/; classtype:trojan-activity;sid:84736443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waynerchen223/json-toon-converter-compact/main/src/lib/json-toon-converter-compact_v3.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873344/; classtype:trojan-activity;sid:84736444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuuverking/repo-doctor/main/src/repo_doctor/templates/doctor-repo-v2.7.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873345/; classtype:trojan-activity;sid:84736445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jimmykabobman-a11y/geo-checklist/main/counterreason/geo_checklist_2.4-beta.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873340/; classtype:trojan-activity;sid:84736440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samuray49/awesome-ai-agent-testing/main/allogeneous/testing_awesome_ai_agent_v1.9.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873341/; classtype:trojan-activity;sid:84736441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kontsaa/subendar/main/trierarchy/software-v2.4.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873336/; classtype:trojan-activity;sid:84736436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tenebrisx54/cell-id/main/templates/id-cell-3.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873337/; classtype:trojan-activity;sid:84736437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirstieuppermost767/gemini-book-translator-2.0/main/src/gemini_translator_book_2.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873338/; classtype:trojan-activity;sid:84736438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donmandela/gsc-mcp/main/taxidermize/gsc-mcp-3.4.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873339/; classtype:trojan-activity;sid:84736439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apgam1690/sklauncher-minecraft/main/mine/minecraft-sklauncher-2.3-beta.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873327/; classtype:trojan-activity;sid:84736427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noobgameur/meta-detect/main/thamesis/meta_detect_v2.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873328/; classtype:trojan-activity;sid:84736428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wakwwi/advertiser-analytics-etl/main/src/advertiser-analytics-etl_v2.8.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873329/; classtype:trojan-activity;sid:84736429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sagaz16k/qgpr-quantumgaussianprocessregression/main/tiliaceae/regression_quantum_qgp_process_gaussian_v2.6.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873330/; classtype:trojan-activity;sid:84736430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isco357/robinhood-auto-testnet/main/src/testnet_robinhood_auto_v3.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873331/; classtype:trojan-activity;sid:84736431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/growwithpresent-bit/ms-mail-fetcher/main/screenshots/mail-ms-fetcher-3.4-beta.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873332/; classtype:trojan-activity;sid:84736432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antidogmatism/optimizernxt/main/optimizernxt/handlers/optimizer-nxt-v2.2.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873333/; classtype:trojan-activity;sid:84736433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4567ht/grinder/main/grinder/software-v3.2-alpha.4.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873334/; classtype:trojan-activity;sid:84736434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armankyro/crypto-exchange-api-catalog/main/src/export/api_catalog_exchange_crypto_2.3-alpha.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873335/; classtype:trojan-activity;sid:84736435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huyairobot/neox-agent-risk-lab/main/screenshots/lab-agent-risk-neox-2.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873325/; classtype:trojan-activity;sid:84736425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hypergaminxz/todo-cli-go/main/docs/website/go_todo_cli_v1.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873326/; classtype:trojan-activity;sid:84736426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iwz3r/katana-klipper-installer/main/configs/katana_flow/klipper_installer_katan_2.2-beta.1.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873318/; classtype:trojan-activity;sid:84736418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boogyman-bot/sentinel-1-soil-moisture/main/doc/sentinel_moisture_soil_3.0.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873319/; classtype:trojan-activity;sid:84736419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevil737/meridian-finance-yield-farming/main/script/yield-meridian-farming-finance-v2.2.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873320/; classtype:trojan-activity;sid:84736420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mimic-communion7457/expertlm/main/experts/huberman/expert_lm_1.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873321/; classtype:trojan-activity;sid:84736421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jahmurian/predictive-policing-using-ai/main/experienced/predictive_using_policing_ai_v3.3-alpha.3.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873322/; classtype:trojan-activity;sid:84736422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ronalddatcher/project_synapse/main/terroristical/synapse_project_3.9.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873323/; classtype:trojan-activity;sid:84736423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hugo9k/spec-gen/main/examples/openspec-cli/openspec/specs/validation/gen-spec-v3.2-alpha.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873324/; classtype:trojan-activity;sid:84736424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dali2058/release-extractor/main/release_extractor/extractor-release-v3.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873316/; classtype:trojan-activity;sid:84736416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaushiiiii-beep/thisseemswrong/main/app/src/main/seems_this_wrong_v3.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873317/; classtype:trojan-activity;sid:84736417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loqganesh-hue/aulalibre/main/aula/software_v3.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873310/; classtype:trojan-activity;sid:84736410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junasicheater/cmd/main/src/software_1.5.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873311/; classtype:trojan-activity;sid:84736411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/denithenar327/argyph/main/crates/argyph-parse/src/languages/software-v3.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873312/; classtype:trojan-activity;sid:84736412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerbo505/security_with_file_uploads/main/src/public/uploads-with-file-security-v2.7.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873313/; classtype:trojan-activity;sid:84736413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flyngup/thereanimator/main/src/the-reanimator-1.2-beta.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873314/; classtype:trojan-activity;sid:84736414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cathedral-forwarding509/drishtiai/main/assets/ai_drishti_v2.7.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873315/; classtype:trojan-activity;sid:84736415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aliraza7925/excalibur/main/grimoire/spellbooks/web/scry_url/software-3.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873308/; classtype:trojan-activity;sid:84736408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arjun823/adrenaline/main/src/software_2.0.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873309/; classtype:trojan-activity;sid:84736409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikkiunitary185/autoimprove-cc/main/.claude/cc-autoimprove-v2.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873307/; classtype:trojan-activity;sid:84736407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zetsux999/tempora/main/tempora/management/commands/software_3.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873306/; classtype:trojan-activity;sid:84736406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/habsanprad/neon-ai-chat-ui-kit-demo/main/ios/flutter/demo_kit_neon_chat_ui_ai_1.5-alpha.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873305/; classtype:trojan-activity;sid:84736405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jolyjumbo536/awesome-persona-distill-skills/main/media/awesome-persona-skills-distill-v1.1.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873300/; classtype:trojan-activity;sid:84736400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/herculeseccrine742/apex-harvest/main/pharmacology/apex_harvest_1.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873301/; classtype:trojan-activity;sid:84736401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eklasajal/vim-rosetta/main/autoload/rosetta-vim-v1.1.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873302/; classtype:trojan-activity;sid:84736402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scryptic-official/yoap-a2a/main/my-animation/src/a_yoa_v2.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873303/; classtype:trojan-activity;sid:84736403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saeedmax0/imagecolorprofiler/main/monochloromethane/image-profiler-color-v3.8.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873304/; classtype:trojan-activity;sid:84736404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luvqwertyuiopoiuytrewqwertyuiop/aicryptosignals-bots/main/isovalerianate/crypto-signals-bots-ai-v1.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873298/; classtype:trojan-activity;sid:84736398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonasangeles/outfique/main/endofaradism/out_fique_1.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873299/; classtype:trojan-activity;sid:84736399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/straight-nyctereutes110/free-claude-code/main/src/free_code_claude_2.9.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873291/; classtype:trojan-activity;sid:84736391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanyshehata1510/roboback/main/examples/robo_back_v2.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873292/; classtype:trojan-activity;sid:84736392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kartlynigeria/hew/main/std/encoding/hex/software-3.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873293/; classtype:trojan-activity;sid:84736393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aseptic-melaguetapepper552/backtesting/main/counselee/software-2.3.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873294/; classtype:trojan-activity;sid:84736394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lavishly-deathly/energy-consumption-ml-prediction/main/ciliiferous/consumption_energy_prediction_ml_v1.2.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873295/; classtype:trojan-activity;sid:84736395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlc-bot/dizhi/main/scian/dizhi-3.0.zip"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873296/; classtype:trojan-activity;sid:84736396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/markko17/strategy-generalization-analysis/main/results/strategy_generalization_analysis_v1.7.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873297/; classtype:trojan-activity;sid:84736397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmadzman/bloodbash/main/modules/auxiliary/bash_blood_2.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873279/; classtype:trojan-activity;sid:84736379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eduardo-nt/unifeed/main/backend/src/jobs/software_3.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873280/; classtype:trojan-activity;sid:84736380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pascalslawoffluidpressuresjalousie29/prompt-to-skill/main/oxharrow/to_skill_prompt_1.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873281/; classtype:trojan-activity;sid:84736381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonyme88/github-achievement-badges/main/sophisticate/badges-achievement-github-v3.6.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873282/; classtype:trojan-activity;sid:84736382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rutledgeearly815/shredstream-decode-example/main/src/example_decode_shredstream_3.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873283/; classtype:trojan-activity;sid:84736383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanflamex/orion-enterprise-support-lab-portfolio/main/labs/lab-01-core-identity/enterprise_orion_support_lab_portfolio_3.1.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873284/; classtype:trojan-activity;sid:84736384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scoobymfdoo/stm32-7-segment-display-hal-coding-method/main/debug/drivers/coding-st-segment-display-method-ha-v3.1.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873285/; classtype:trojan-activity;sid:84736385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whilethesunsetz/deepseek-math-v2/main/figures/math-deep-seek-3.7-beta.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873286/; classtype:trojan-activity;sid:84736386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaming12325/jiamu-skills/main/video-downloader/scripts/skills_jiamu_3.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873287/; classtype:trojan-activity;sid:84736387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marashumpo/browserclaw/main/src/software-3.7-alpha.1.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873288/; classtype:trojan-activity;sid:84736388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huey1400/chromecode/main/js/software-v2.5.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873289/; classtype:trojan-activity;sid:84736389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/warden870/awesome-poe-smarthome/main/examples/poe_awesome_smarthome_v1.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873290/; classtype:trojan-activity;sid:84736390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sopha12/laravel-multicloud/main/docs/laravel_multicloud_v2.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873274/; classtype:trojan-activity;sid:84736374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carmelelie/medium/main/supervisor/software-2.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873275/; classtype:trojan-activity;sid:84736375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowresolution-heavy482/advay-portfolio-website/main/misusement/portfolio_advay_website_v3.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873276/; classtype:trojan-activity;sid:84736376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jyrki69pro/pdf-insight-agent/main/.idea/inspectionprofiles/insight-pdf-agent-1.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873277/; classtype:trojan-activity;sid:84736377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gingg7260/affiliate-skills/main/skills/analytics/conversion-tracker/skills-affiliate-3.8.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873278/; classtype:trojan-activity;sid:84736378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/domespecialpleading135/github_scraper_2026/main/github_scraper/scraper_github_v2.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873272/; classtype:trojan-activity;sid:84736372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kriid08/skillforge/main/database/skill-forge-v1.4.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873273/; classtype:trojan-activity;sid:84736373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangnhi97kg/hackles/main/hackles/queries/lateral/software-3.9-beta.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873271/; classtype:trojan-activity;sid:84736371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emann0/youtube-mp3-mp4-downloader/main/public/m_you_downloader_tube_1.6.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873270/; classtype:trojan-activity;sid:84736370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/constantwidthfontwhitecap143/fullstack-flask-logicbase/main/templates/stack_flask_full_base_logic_2.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873269/; classtype:trojan-activity;sid:84736369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filidetan597/finomaly/main/finomaly/profile/software-1.6-beta.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873267/; classtype:trojan-activity;sid:84736367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lillestump147/critical-infrastructure-threat-intel/main/config/critical-infrastructure-threat-intel-1.5.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873268/; classtype:trojan-activity;sid:84736368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/habibbedawi/claude-code-tips/main/gifs/claude-code-tips-2.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873265/; classtype:trojan-activity;sid:84736365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rodrigo1987mza/swift-ai-agent-demo/main/reactagent.xcodeproj/demo_agent_ai_swift_3.2.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873266/; classtype:trojan-activity;sid:84736366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nomohouse/promptclipboard/main/src/prompt-clipboard-2.4-alpha.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873258/; classtype:trojan-activity;sid:84736358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defiladeboarfish90/agent-memory/main/docs/agent-memory-v3.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873259/; classtype:trojan-activity;sid:84736359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashburgminion/aggregodo/main/pallid/software-2.9.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873260/; classtype:trojan-activity;sid:84736360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ismailmw7/fmznkdv.laser.v29/main/message/laser-nkdv-fmz-v1.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873261/; classtype:trojan-activity;sid:84736361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koplo2005/powersub-demo-1955/main/monopolizer/powersub_demo_3.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873262/; classtype:trojan-activity;sid:84736362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgsectional1847/talk-normal/main/regressions/normal-talk-v2.7-alpha.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873263/; classtype:trojan-activity;sid:84736363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angel010-11/laravel-agent-runner/main/src/client/runner-laravel-agent-1.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873264/; classtype:trojan-activity;sid:84736364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicky8258/content_replace/main/phylloscopus/replace-content-3.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873254/; classtype:trojan-activity;sid:84736354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thewostpro/ai-image-detector/main/outputs/ai_detector_image_v1.2-beta.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873255/; classtype:trojan-activity;sid:84736355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiminmonaco/claudebar/main/sources/app/resources/bar-claude-1.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873256/; classtype:trojan-activity;sid:84736356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leadura/stock-price-prediction/main/docx/price-stock-prediction-2.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873257/; classtype:trojan-activity;sid:84736357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ataidessss/elevare-ai-assistant-demo/main/client/app/components/elevare-assistant-a-demo-1.0.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873243/; classtype:trojan-activity;sid:84736343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanjithbolloju18/qiushi-skill/main/skills/concentrate-forces/qiushi-skill-1.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873244/; classtype:trojan-activity;sid:84736344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jana0512/steel_panda/main/assets/steel-panda-3.5.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873245/; classtype:trojan-activity;sid:84736345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/datascientist1321/aisle-guard/main/detector/aisle_guard_v3.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873246/; classtype:trojan-activity;sid:84736346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hypasmarty/sumo-mcp-server/main/doc/server_sum_mc_v1.8-beta.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873247/; classtype:trojan-activity;sid:84736347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yvonnenads-cloud/noderize_bitcoin_docker/main/.vscode/bitcoin-noderize-docker-v2.0.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873248/; classtype:trojan-activity;sid:84736348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frtim72/typescript-fitness-website/main/public/website_typescript_fitness_1.2-alpha.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873249/; classtype:trojan-activity;sid:84736349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blindlove200/sub-agents-skills/main/skills/sub-agents/scripts/agents_sub_skills_1.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873250/; classtype:trojan-activity;sid:84736350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sammygallant214/cryptodesk-ai/main/docs/architecture/decisions/crypto-desk-ai-3.9.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873251/; classtype:trojan-activity;sid:84736351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/captain4554/cve-2025-55182-scanner/main/scanner/cv-scanner-v2.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873252/; classtype:trojan-activity;sid:84736352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atakangizlenci-coder/firebasewebgl-unity/main/runtime/modules/installations/impl/firebase_web_unity_g_v3.9-beta.3.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873253/; classtype:trojan-activity;sid:84736353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dappajordan/wede/main/backend/internal/auth/software_3.2-beta.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873240/; classtype:trojan-activity;sid:84736340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aunic7/differ/main/src/store/software_v1.4.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873241/; classtype:trojan-activity;sid:84736341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djbroiscool90/github-command-center/main/src/github-command-center-v1.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873242/; classtype:trojan-activity;sid:84736342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nathanie9256/marvel_rivals_premium_menu_2026/main/modules/premium_marvel_menu_rivals_v2.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873236/; classtype:trojan-activity;sid:84736336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vamsiyarraguntla/dgraph-gho/main/cartouche/dgraph-gho-v2.0-alpha.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873237/; classtype:trojan-activity;sid:84736337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kushal0451/instagram-analytics-software/main/grudgeful/instagram-analytics-software-v3.4-alpha.4.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873238/; classtype:trojan-activity;sid:84736338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yan19999/cream/main/bb/software_2.1.zip"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873239/; classtype:trojan-activity;sid:84736339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/battaaaa/coolutils-total-xml-converter-repack/main/semeiography/coolutils_total_converter_repack_xm_v1.1.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873234/; classtype:trojan-activity;sid:84736334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/herfani04/ios-web3-wallet-framework/main/documentation/api/o-wallet-framework-web-i-2.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873235/; classtype:trojan-activity;sid:84736335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayaanmohs/asg/main/assets/software-v2.2.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873233/; classtype:trojan-activity;sid:84736333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/habijstha/omnicopy/main/__pycache__/software_v1.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873232/; classtype:trojan-activity;sid:84736332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/codepavan1/model-matchmaker/main/skills/context-monitor/model_matchmaker_v1.5-alpha.4.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873231/; classtype:trojan-activity;sid:84736331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darnay/memorable-ai/main/memorable_ai/integrations/memorable-ai-v1.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873230/; classtype:trojan-activity;sid:84736330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bxrs-afk/retool2api/main/featurely/api_retool_3.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873227/; classtype:trojan-activity;sid:84736327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tnp1411/movie-registry-prisma/main/src/models/movie_registry_prisma_v3.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873228/; classtype:trojan-activity;sid:84736328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djheberling-source/nodex-api/main/src/config/nodex_api_1.1-beta.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873229/; classtype:trojan-activity;sid:84736329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/symbolic-restaurantchain424/fsociety_operations_logs.dat/main/fibroid/operations-logs-fsociety-dat-v3.3.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873223/; classtype:trojan-activity;sid:84736323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proverbial-incommodiousness657/dresos-magisk-modules/main/aosmium-webview/meta-inf/dres_magisk_o_modules_2.0.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873224/; classtype:trojan-activity;sid:84736324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marigoldaculeate869/virtual-food-photographer/main/src/components/virtual_food_photographer_1.6.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873225/; classtype:trojan-activity;sid:84736325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yusufyusufyuf/open-queue/main/.opencode/plugin/open_queue_3.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873226/; classtype:trojan-activity;sid:84736326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elcompastreaming18-svg/prison-lift-clash-helper/main/assets/prison-clash-lift-helper-v1.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873219/; classtype:trojan-activity;sid:84736319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/night63826281/react-flower-shop-website-template/main/src/components/website-flower-shop-template-react-v2.8-beta.2.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873220/; classtype:trojan-activity;sid:84736320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armillary-italy713/smart-config-kit/main/flclash/config_kit_smart_v1.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873221/; classtype:trojan-activity;sid:84736321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sacred-movement947/scritchy-scratchy-game-windows/main/basemain/game_scritchy_windows_scratchy_1.0.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873222/; classtype:trojan-activity;sid:84736322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/remyix123/pihole-cloud-wireguard-vpn-orchestrator/main/michel/wireguard-hole-pi-cloud-vp-orchestrator-3.7.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873209/; classtype:trojan-activity;sid:84736309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reasali/mlx-swift-ts/main/libraries/mlxtimeseries/core/ml-swift-ts-1.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873210/; classtype:trojan-activity;sid:84736310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/techspireinnovation/mindact/main/examples/skills/yolov8-industrial-finetune/references/act_mind_v1.8.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873211/; classtype:trojan-activity;sid:84736311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/burned-funeraldirector608/batchit/main/src/batchit/software-3.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873212/; classtype:trojan-activity;sid:84736312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tegare/sql-parser-demo/main/hematoplast/demo-sql-parser-v1.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873213/; classtype:trojan-activity;sid:84736313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jean-loutropical739/swe-squad/main/src/sw-squad-2.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873214/; classtype:trojan-activity;sid:84736314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edgard25/collidermeshtool/main/assets/plugins/zenject/source/editor/editors/tool_collider_mesh_1.2-beta.5.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873215/; classtype:trojan-activity;sid:84736315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navveed/deva/main/app/src/main/de-va-v3.5-alpha.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873216/; classtype:trojan-activity;sid:84736316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hima84/tweaks/main/treron/software-v3.5-beta.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873217/; classtype:trojan-activity;sid:84736317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hsmd8584/sixseven-jokes/main/guardrail/sixseven-jokes-2.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873218/; classtype:trojan-activity;sid:84736318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biggercap/agentops-hub/main/backend/app/ai/agentops-hub-v1.9.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873208/; classtype:trojan-activity;sid:84736308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ezzi/ainzstack/main/src/components/ui/stack_ainz_v1.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873203/; classtype:trojan-activity;sid:84736303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rising-armoire4069/dan-koe-skill/main/references/research/dan-skill-koe-v1.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873204/; classtype:trojan-activity;sid:84736304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcapbr/pi-slideshow/main/systemd/pi-slideshow-v2.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873205/; classtype:trojan-activity;sid:84736305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/achrefboub/tradingview-to-thinkorswim/main/advenient/tradingview_to_thinkorswim_v1.8-beta.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873206/; classtype:trojan-activity;sid:84736306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arid-carrotpudding634/freequick-suite/main/anthropogenist/freequick-suite-3.3-alpha.4.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873207/; classtype:trojan-activity;sid:84736307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wifeybabyb/jquery-fancy-light-box/main/css/fancy-jquery-light-box-v1.0-alpha.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873197/; classtype:trojan-activity;sid:84736297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luizgabriels5915/ghast/main/electrobun/node_modules/@babel/types/lib/utils/react/software_1.0.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873198/; classtype:trojan-activity;sid:84736298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junctiontransistorselffertilisation783/phoenix-downloader/main/tests/downloader_phoenix_1.9.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873199/; classtype:trojan-activity;sid:84736299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haviengangan07/zeude/main/zeude/dashboard/supabase/software_1.8-alpha.1.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873200/; classtype:trojan-activity;sid:84736300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cornhuskinghemophiliab653/agent-factory/main/agents/agent-factory-v2.9.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873201/; classtype:trojan-activity;sid:84736301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hakecalamus156/job-board-microservices/main/notification-service/src/main/java/com/jobboard/notifications/dto/job-board-microservices-3.8-beta.4.zip"; depth:149; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873202/; classtype:trojan-activity;sid:84736302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elektromat433/baby-hawk-mantragenerator/main/.vscode/mantra_hawk_baby_generator_3.8.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873196/; classtype:trojan-activity;sid:84736296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marwan733701000/distributedonlineauctionsystem_ear_with_ejb_jms_etc/master/ejb/src/main/java/lk/jiat/ee/ejb/remote/distributed_jm_ej_system_ea_etc_auction_online_with_v2.2.zip"; depth:176; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873195/; classtype:trojan-activity;sid:84736295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reggy18/competitor-backlink-tool/main/falconine/backlink-competitor-tool-v1.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873192/; classtype:trojan-activity;sid:84736292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qorton4/pbak/main/lib/software-2.2.zip"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873193/; classtype:trojan-activity;sid:84736293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/octo8-debug/xurl/main/skills/xurl/software_1.8.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873194/; classtype:trojan-activity;sid:84736294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mariorachitan-svg/sportiq/main/training/iq_sport_v2.7-beta.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873184/; classtype:trojan-activity;sid:84736284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaimeunburied296/screen_cotrol_for_ubuntu/main/universalistic/cotrol_ubuntu_for_screen_v2.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873185/; classtype:trojan-activity;sid:84736285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oswelllowinterest832/book-theme/main/_layouts/theme_book_v2.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873186/; classtype:trojan-activity;sid:84736286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sha9heen/summify-release/main/summify_release/release_summify_v1.7.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873187/; classtype:trojan-activity;sid:84736287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fastbeast2023-netizen/awesome-harness-engineering/main/uncompelling/engineering-awesome-harness-v1.9.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873188/; classtype:trojan-activity;sid:84736288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alphacharlie2301/her-birthday/main/file/her_birthday_v1.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873189/; classtype:trojan-activity;sid:84736289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gcoyerk/winslopr/releases/download/26.04.04/winslopr.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873190/; classtype:trojan-activity;sid:84736290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873191/; classtype:trojan-activity;sid:84736291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ianpugfaced55/claude-code-organizer/main/tests/unit/claude_code_organizer_3.2-alpha.3.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873180/; classtype:trojan-activity;sid:84736280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unplanted-westernmeadowlark707/jordan-predictor-pro/main/data/predictor-pro-jordan-2.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873181/; classtype:trojan-activity;sid:84736281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rickchen116/hydroqc-mini/main/outputs/hydro-mini-q-v2.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873182/; classtype:trojan-activity;sid:84736282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pok1m0n/fruittree/main/.idea/dictionaries/fruittree-v2.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873183/; classtype:trojan-activity;sid:84736283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/celerycabbagedaggerboard755/open-claude-code/main/caupones/claude_code_open_v3.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873175/; classtype:trojan-activity;sid:84736275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greenroomelectrologist950/h-viberec/main/ventilating/rec-vibe-v3.7-alpha.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873176/; classtype:trojan-activity;sid:84736276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebeneze4337/cisco-basic-network-configurations/main/01-basic-switch-configuration/cisco_basic_configurations_network_v2.9.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873177/; classtype:trojan-activity;sid:84736277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sergio1758/spectrum/main/images/software_v3.3.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873178/; classtype:trojan-activity;sid:84736278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/camille7585/polybridge-mcp/main/src/adapters/llm/polybridge-mcp-2.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873179/; classtype:trojan-activity;sid:84736279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/algeripithecusminutusmoonlight570/advision/main/src/software-v2.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873168/; classtype:trojan-activity;sid:84736268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ogthheu/insightify-sentiment-api/main/sample_data/sentiment_api_insightify_1.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873169/; classtype:trojan-activity;sid:84736269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4pollo-code/powersub-demo-9620/main/wraxle/powersub-demo-3.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873170/; classtype:trojan-activity;sid:84736270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beardown-divisor113/cubrid-cookbook/main/python/celery/tasks/cookbook-cubrid-v2.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873171/; classtype:trojan-activity;sid:84736271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mato989086/ai-invoice-ocr-engine/main/recognize/oc-a-engine-invoic-3.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873172/; classtype:trojan-activity;sid:84736272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osama123446/open-builder/main/src-tauri/gen/apple/open-builder.xcodeproj/xcshareddata/builder_open_2.5.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873173/; classtype:trojan-activity;sid:84736273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/garboiluniversity170/nessus-to-excel-nte/main/semisupine/nte-nessus-excel-to-v1.6-beta.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873174/; classtype:trojan-activity;sid:84736274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/milkyway80901/oc-mnemoria/main/src/mnemoria_oc_2.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873164/; classtype:trojan-activity;sid:84736264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teliosporegenusasio343/aetherswap/main/config/swap-aether-v1.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873165/; classtype:trojan-activity;sid:84736265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ninetieth-oxygenation462/foundationdb-jch/main/subattorney/jch-foundationdb-v2.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873166/; classtype:trojan-activity;sid:84736266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duollc/predictionmarket/main/influxibly/prediction_market_v2.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873167/; classtype:trojan-activity;sid:84736267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oz134/perishable-inventory-risk-engine/main/smart-retail/backend/node_modules/escape-html/perishable-risk-inventory-engine-v2.5.zip"; depth:132; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873162/; classtype:trojan-activity;sid:84736262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmindsacademy/universalfingerprint/main/examples/04_advancedoperations/universal_fingerprint_2.1.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873163/; classtype:trojan-activity;sid:84736263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isdvsv/bug-hunter/main/skills/commit-security-scan/hunter-bug-v1.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873161/; classtype:trojan-activity;sid:84736261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shadowsomatic798/discourse-saver/main/lib/discourse-saver-v3.0-alpha.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873159/; classtype:trojan-activity;sid:84736259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sekiro009/skillsentry/main/scripts/software_v1.7.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873160/; classtype:trojan-activity;sid:84736260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salut1231/wyoming-voice-match/main/scripts/wyoming-voice-match-2.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873158/; classtype:trojan-activity;sid:84736258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tensei3san/api-header-spoofer/main/houseleek/spoofer-header-ap-v3.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873157/; classtype:trojan-activity;sid:84736257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaronnadelman/option-pricing-montecarlo/main/.vscode/pricing-montecarlo-option-v1.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873156/; classtype:trojan-activity;sid:84736256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shinkyuu48/zot/main/steigh/software-2.2.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873155/; classtype:trojan-activity;sid:84736255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ranpops/spamshield/main/.devcontainer/shield_spam_1.0-beta.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873154/; classtype:trojan-activity;sid:84736254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agencytribuneship732/any-buddy/main/src/config/buddy-any-v1.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873151/; classtype:trojan-activity;sid:84736251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cathygo801/fyxxvault/main/web/src/routes/vault/add/vault_fyxx_v1.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873152/; classtype:trojan-activity;sid:84736252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fazepraise/defenseclaw/main/pantheress/software-3.5-beta.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873153/; classtype:trojan-activity;sid:84736253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shravan-hub/arkavo-node/main/runtime/arkavo-node-v3.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873149/; classtype:trojan-activity;sid:84736249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adam-317/beatrix/main/beatrix/reporters/software-v2.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873150/; classtype:trojan-activity;sid:84736250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tanniefooted733/qemu-cpu-guide/main/uncollated/qemu-cpu-guide-v3.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873148/; classtype:trojan-activity;sid:84736248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blaynelargish66/knx-skills/main/skills/lora-trainer-guide/presets/knx-skills-2.8.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873146/; classtype:trojan-activity;sid:84736246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shady843/webxr-dev-skill/main/cryptorrhetic/webxr-dev-skill-1.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873147/; classtype:trojan-activity;sid:84736247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saurabhknp/air-gapped/main/codex-proxy/gapped-air-v3.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873140/; classtype:trojan-activity;sid:84736240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rincatpp/deepdrone/main/drone/software_1.9.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873141/; classtype:trojan-activity;sid:84736241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaurav1154/graph-neural-network-course/main/images/neural_graph_course_network_1.5.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873142/; classtype:trojan-activity;sid:84736242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pluto-echo/housing_price_prediction/main/tyloma/prediction-price-housing-v2.6.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873143/; classtype:trojan-activity;sid:84736243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cybercricket87/orrery/main/packages/core/tests/software_v2.9-beta.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873144/; classtype:trojan-activity;sid:84736244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ignazsoured466/claw-ds/main/template/ds-claw-v2.6.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873145/; classtype:trojan-activity;sid:84736245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theyenvychada/agent-skills/main/drillmaster/agent_skills_1.7.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873139/; classtype:trojan-activity;sid:84736239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jay892/secret-santa-draw-arcade/main/readme/santa_secret_draw_arcade_v1.0.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873130/; classtype:trojan-activity;sid:84736230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/balwant-chauhan-data-eng-project/stocksapp/master/app/src/test/app-stocks-3.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873131/; classtype:trojan-activity;sid:84736231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/louis-an282/clean_architecture/main/ios/runner.xcodeproj/xcshareddata/architecture_clean_2.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873132/; classtype:trojan-activity;sid:84736232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mayca369/cve-2025-55182/main/test-server/public/cv_2.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873133/; classtype:trojan-activity;sid:84736233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notorious592/shoebox/main/components/tools/software_1.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873134/; classtype:trojan-activity;sid:84736234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riccolong/hexview.nvim/main/screenshot/nvim_hexview_1.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873135/; classtype:trojan-activity;sid:84736235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blenard222/js-sensei/main/app/j-sensei-v2.6.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873136/; classtype:trojan-activity;sid:84736236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amorphousshapefelony960/neosketch/main/fractionation/sketch-neo-v2.4-alpha.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873137/; classtype:trojan-activity;sid:84736237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhxtnx/selfagent/main/chat/agent_self_3.2.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873138/; classtype:trojan-activity;sid:84736238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luis0443/convert-currency-api/main/excerptor/convert-currency-api-v1.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873127/; classtype:trojan-activity;sid:84736227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riwhbboiebdjf/devops-interview-questions/main/security/interview-devops-questions-1.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873128/; classtype:trojan-activity;sid:84736228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zaidmohd777/stockanalysis/main/output/software-v2.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873129/; classtype:trojan-activity;sid:84736229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pankajshah-3622/telegram-re.port-tool/main/messmate/re-tool-telegram-port-v1.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873124/; classtype:trojan-activity;sid:84736224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erikceballos/nano-banana-cli/main/internal/nano_cli_banana_1.9-alpha.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873125/; classtype:trojan-activity;sid:84736225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/balsacthejew666/mir4-bot-draco-farming/main/mining/__pycache__/bot-farming-mir-draco-v2.0.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873126/; classtype:trojan-activity;sid:84736226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedpython78844909i99/video-scraping-apis/main/settings/video_apis_scraping_v1.0.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873123/; classtype:trojan-activity;sid:84736223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sibbytessellated242/coraxcolabs-gap-greenautomatedplatform---gapbot/main/docs/green-pbot-la-bs-corax-automated-platform-ga-co-v1.0.zip"; depth:135; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873121/; classtype:trojan-activity;sid:84736221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trxstack/retro-bowl/main/vituperator/retro_bowl_v3.1.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873122/; classtype:trojan-activity;sid:84736222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scorpiolover/claudecodestatusline/main/antirevisionist/line-status-code-claude-v2.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873120/; classtype:trojan-activity;sid:84736220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/girish-shedge/apexflow/main/apexflow-tiff-pdf/src/main/resources/software_3.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873117/; classtype:trojan-activity;sid:84736217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/purldrachma893/iron-haven-gym/main/brackened/iron_haven_gym_v2.5-beta.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873118/; classtype:trojan-activity;sid:84736218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/penpa77/dolibarr-stock-alert/main/aspidobranchia/stock-alert-dolibarr-3.9.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873119/; classtype:trojan-activity;sid:84736219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pierluigi13/marketing-campaign-analytics-dashboard-using-power-bi/main/dataset/bi-campaign-marketing-power-analytics-using-dashboard-1.1.zip"; depth:141; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873112/; classtype:trojan-activity;sid:84736212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knight102004/ctk-login-app/main/image/login_tk_c_app_v1.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873113/; classtype:trojan-activity;sid:84736213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashkumgup/votequiz/main/static/software_v2.7.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873114/; classtype:trojan-activity;sid:84736214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huldalackadaisical179/github-planner/main/src/skills/plan-to-issues/references/github_planner_v2.6.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873115/; classtype:trojan-activity;sid:84736215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ain010010/klaviyo-sms-optin-flow-automation/main/media/automation_optin_klaviyo_flow_sms_1.1-beta.4.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873116/; classtype:trojan-activity;sid:84736216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/surging-scotandlot818/product-dev-blueprint/main/src/app/projects/blueprint-product-dev-1.1-beta.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873109/; classtype:trojan-activity;sid:84736209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samikhan78-wb/libft/main/predoubt/software_v3.0.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873110/; classtype:trojan-activity;sid:84736210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rifat-w/classification-svg-model/main/kanawari/model-sv-classification-v1.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873111/; classtype:trojan-activity;sid:84736211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/energia30-byte/better-tokio-select/main/src/select_tokio_better_1.9.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873106/; classtype:trojan-activity;sid:84736206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sneadxx/nexus-inventory/main/src/http/inventory-nexus-v1.9.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873107/; classtype:trojan-activity;sid:84736207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jameszxs/collapse/main/csl-pykernel/csl_kernel.egg-info/software-3.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873108/; classtype:trojan-activity;sid:84736208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dilligentowl1187/sense-day/main/app/api/mint/sense_day_1.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873095/; classtype:trojan-activity;sid:84736195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epsoundegypt/microservice-ecommerce/main/apps/seller-ui/src/app/utils/microservice-ecommerce-v1.6.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873096/; classtype:trojan-activity;sid:84736196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirat5504/child-mind-institute-problematic-internet-use/main/references/institute-internet-problematic-use-child-mind-3.9.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873097/; classtype:trojan-activity;sid:84736197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mayardh/bgproc/main/src/software_v1.3.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873098/; classtype:trojan-activity;sid:84736198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajaymalaviya/weather-forecast-app/main/.idea/inspectionprofiles/forecast-weather-app-v2.9-beta.5.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873099/; classtype:trojan-activity;sid:84736199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kayunangka/claude-skill/main/ast-grep/skills/ast-grep/references/claude_skill_2.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873100/; classtype:trojan-activity;sid:84736200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1sustgmboab/nexonco-mcp/main/assets/nexonco-mcp-v3.0-alpha.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873101/; classtype:trojan-activity;sid:84736201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bipintoppo/cronbeats-node/main/tests/cronbeats_node_1.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873102/; classtype:trojan-activity;sid:84736202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sigridcorrupting777/nano-claude-code/main/assets/claude_code_nano_3.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873103/; classtype:trojan-activity;sid:84736203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boundednessplanetarynebula406/mail-agent/main/packages/daemon/src/providers/fastmail/agent-mail-2.3.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873104/; classtype:trojan-activity;sid:84736204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fafffbutyes/loops-c-program/main/distractible/program_loops_2.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873105/; classtype:trojan-activity;sid:84736205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejandro5486/infestuswebapp/main/steelification/web_infestus_app_3.0-beta.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873094/; classtype:trojan-activity;sid:84736194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beardedwheatgrasswalkupapartment951/solana-skills/main/needlemonger/solana_skills_v2.4-alpha.4.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873093/; classtype:trojan-activity;sid:84736193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fahry993/github-wrapped/main/micrencephalus/wrapped_git_hub_1.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873087/; classtype:trojan-activity;sid:84736187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/athif2105/ai-driven-real-estate-staging-designers-virtual-home-staging-tool/main/disguisable/staging-driven-home-virtual-estate-a-tool-designers-real-v1.1.zip"; depth:159; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873088/; classtype:trojan-activity;sid:84736188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nirajsahu/rubrichub/main/image/rubric_hub_v2.3-alpha.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873089/; classtype:trojan-activity;sid:84736189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bojufkax/luleme/main/app/src/main/java/software_v1.5-alpha.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873090/; classtype:trojan-activity;sid:84736190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyran-kyle/c-3dr/main/bibliopolic/dr_c_3.7.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873091/; classtype:trojan-activity;sid:84736191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elbara209/welglanz/main/welglanz/wgzcore/welglanz-2.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873092/; classtype:trojan-activity;sid:84736192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alpacareticulitermeslucifugus340/rockyou_uzb/main/egomaniac/uzb_rockyou_v2.9.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873086/; classtype:trojan-activity;sid:84736186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skinned-italianpeninsula990/weclaw-proxy/main/web/public/weclaw_proxy_v3.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873083/; classtype:trojan-activity;sid:84736183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rotresistant-monotype393/grob/main/docs/errors/examples/array-index-out-of-range-in-function/software-3.2.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873084/; classtype:trojan-activity;sid:84736184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lokes224/glad/main/philoleucosis/software_3.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873085/; classtype:trojan-activity;sid:84736185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/farhan9488/cve-2025-55182-research/main/src/research_cv_2.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873082/; classtype:trojan-activity;sid:84736182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nitheshkumarkm/powersub-demo-4061/main/treadmill/powersub_demo_1.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873081/; classtype:trojan-activity;sid:84736181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jay-bosco/goofishcredentialsbot/main/docs/.vitepress/credentials-bot-goofish-v2.6.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873078/; classtype:trojan-activity;sid:84736178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkdidd/credit-card-generator-and-validator/main/src/generator_credit_and_card_validator_v2.4-alpha.1.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873079/; classtype:trojan-activity;sid:84736179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ungarbed-triggerfish318/mcp-brasil/main/src/mcp_brasil/data/tce_pi/mcp_brasil_v3.7.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873080/; classtype:trojan-activity;sid:84736180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samsaeed22/kevlar-benchmark/main/modules/critical/asi05_rce/exploits/benchmark-kevlar-v1.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873076/; classtype:trojan-activity;sid:84736176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/furyyy1570/hecate-sentinel/main/alembic/versions/sentinel_hecate_v3.6-beta.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873077/; classtype:trojan-activity;sid:84736177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kuldeepsuryawanshi56-del/pulse-ai/main/extension/src/api/pulse_ai_1.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873072/; classtype:trojan-activity;sid:84736172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juliusadroit905/rag-vs-fine-tuning/main/overfacility/rag-vs-fine-tuning_v2.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873073/; classtype:trojan-activity;sid:84736173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skyscraperfoxhound619/markdown-ui-dsl/main/examples/design-systems/markdown_dsl_ui_v1.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873074/; classtype:trojan-activity;sid:84736174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmodnoob/poker-planning/main/.husky/planning-poker-v3.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873075/; classtype:trojan-activity;sid:84736175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ablactationscent13/awesome-idtech4/main/docs/awesome_idtech_v3.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873068/; classtype:trojan-activity;sid:84736168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xd-basharat/agent-skills-directory/main/scripts/agent-directory-skills-v1.9.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873069/; classtype:trojan-activity;sid:84736169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/im-jave/openslaq/main/packages/client-core/src/api/software-3.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873070/; classtype:trojan-activity;sid:84736170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talya-dou/stabileo/main/engine/tests/validation/open_source/software_v2.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873071/; classtype:trojan-activity;sid:84736171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chiragkhan/github-repo-manager/main/patron/manager-repo-github-3.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873062/; classtype:trojan-activity;sid:84736162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eddamenace467/ai-investment-knowledge-base/main/pawdite/knowledge_investment_base_ai_3.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873063/; classtype:trojan-activity;sid:84736163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yurnero555/signal-dash/main/test/signal_dash_v2.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873064/; classtype:trojan-activity;sid:84736164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/josephelaro/worktree/main/crates/worktree-server/src/storage/software_v2.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873065/; classtype:trojan-activity;sid:84736165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sushanth7-jpg/quiz-management-system/main/server/node_modules/lodash.isstring/management_system_quiz_3.1-alpha.4.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873066/; classtype:trojan-activity;sid:84736166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ardiyan45/boo/main/themes/software_1.6.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873067/; classtype:trojan-activity;sid:84736167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alayoubiadam7-afk/nyx-docs/main/nonexhibition/nyx-docs-v2.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873058/; classtype:trojan-activity;sid:84736158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dykeruv/argus-mcp/main/lifesaving/mcp-argus-v1.7.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873059/; classtype:trojan-activity;sid:84736159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aymandg523/ai-rfq-crm-orchestration-platform/main/screenshots/orchestration_platform_ai_rfq_crm_v3.1.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873060/; classtype:trojan-activity;sid:84736160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/albrt-scripter/kshurta-reload/main/src/assets/images/logos/kshurta-reload-2.6.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873061/; classtype:trojan-activity;sid:84736161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/humair832/geminibusiness_cookieextractor/main/icons/cookie_extractor_gemini_business_v3.8.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873056/; classtype:trojan-activity;sid:84736156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alolorbazel/zero-downtime-deployment-eks/main/docs/eks_deployment_zero_downtime_1.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873057/; classtype:trojan-activity;sid:84736157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defectlameness737/suno-lab/main/sipunculida/lab_suno_1.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873055/; classtype:trojan-activity;sid:84736155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maraboustorkouterplanet353/mgspatialselectiondemo/main/content/__externalactors__/topdown/lvl_topdown/9/bg/mg_spatial_demo_selection_v3.3.zip"; depth:142; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873051/; classtype:trojan-activity;sid:84736151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiocapim/dhawk-labs/main/bloomless/dhawk-labs_2.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873052/; classtype:trojan-activity;sid:84736152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohmanilove2/thanksgiving-tech-gadgets-sale/main/assets/sale_thanksgiving_gadgets_tech_1.0-beta.2.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873053/; classtype:trojan-activity;sid:84736153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danielhs09/mock-api-project/main/backend/node_modules/range-parser/mock-api-project-2.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873054/; classtype:trojan-activity;sid:84736154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/margueritecluttered489/google-rkp-sw/main/scotographic/sw_rkp_google_3.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873049/; classtype:trojan-activity;sid:84736149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/limrd/bandicam-opti-pack/main/autoagglutination/opti_pack_bandicam_2.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873050/; classtype:trojan-activity;sid:84736150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ie7ehs/aws-saa-c03-workshop-study-guide/main/static/css/sa_study_workshop_guide_aw_3.3-beta.1.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873047/; classtype:trojan-activity;sid:84736147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tannallfired823/sep-binja/main/repo/sep_binja_v1.4-alpha.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873048/; classtype:trojan-activity;sid:84736148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vipmahesh/quantum/main/ionizer/software_2.2-beta.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873046/; classtype:trojan-activity;sid:84736146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telescoped-scat758/live-yt-translator/main/public/translator_live_y_v1.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873045/; classtype:trojan-activity;sid:84736145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edobreque/clens/main/agentic/software-3.9.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873043/; classtype:trojan-activity;sid:84736143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashok14k/fastapi-the-complete-course-2025-beginner-advanced-udemy/main/exchequer/complete-course-fast-udemy-ap-the-beginner-advanced-v2.0.zip"; depth:142; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873044/; classtype:trojan-activity;sid:84736144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wccws/ravana/main/face_swap/native/tests/software_v3.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873039/; classtype:trojan-activity;sid:84736139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disreputable-larvacide285/julia-reader/main/thaumaturgia/reader_julia_v1.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873040/; classtype:trojan-activity;sid:84736140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamnotautistic/pathfinding-visualizer/main/src/components/item/visualizer_pathfinding_v3.4-alpha.1.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873041/; classtype:trojan-activity;sid:84736141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwarfslsu-source/know-your-neta/main/src/know_neta_your_v3.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873042/; classtype:trojan-activity;sid:84736142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/makeitfree/mcp-x-web/main/src/i18n/mc_web_1.2.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873035/; classtype:trojan-activity;sid:84736135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prudencevicarious755/lightshield/main/layout/library/libsandy/software-v2.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873036/; classtype:trojan-activity;sid:84736136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kietpro58/leetcode-js-30-days/main/day-10-allow-one-call/js-leetcode-days-v1.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873037/; classtype:trojan-activity;sid:84736137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/houciene/azure-data-engineering-basic-to-advance/main/stegocephalous/basic-azure-data-engineering-to-advance-v3.2.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873038/; classtype:trojan-activity;sid:84736138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yooucef/promethium/main/src/promethium/api/schemas/software-v3.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873034/; classtype:trojan-activity;sid:84736134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mayank729/cve-2025-55182-scanner/main/statesmanship/cve-2025-55182-scanner-v2.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873033/; classtype:trojan-activity;sid:84736133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opboyz8/uav-lidar-autonomy/main/docs/autonomy-lidar-uav-3.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873030/; classtype:trojan-activity;sid:84736130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/walllmat/verdict/main/agents/software-1.3.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873031/; classtype:trojan-activity;sid:84736131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/martofine4u/next-platform-starter/main/app/starter_platform_next_v1.6-alpha.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873032/; classtype:trojan-activity;sid:84736132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jessi-2023/homebrew-tap/main/formula/tap_homebrew_v3.9-alpha.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873028/; classtype:trojan-activity;sid:84736128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omar445246/keysmasher/main/src/software-v2.5.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873029/; classtype:trojan-activity;sid:84736129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deductive-trichomanesreniforme675/midi2-hub/main/docs/midi-hub-2.7.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873024/; classtype:trojan-activity;sid:84736124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arslan53/outlook-selenium-mail-forwarding-bot/main/odontopteris/forwarding-outlook-mail-bot-selenium-3.2.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873025/; classtype:trojan-activity;sid:84736125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iceyie/pact/main/crates/pact-dispatch/src/software_2.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873026/; classtype:trojan-activity;sid:84736126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jason187luka-eng/peek/main/frontend/src/components/admin/dev/software-1.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873027/; classtype:trojan-activity;sid:84736127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antoninabated443/claude-code-wechat-channel/main/dist/wechat_claude_channel_code_1.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873022/; classtype:trojan-activity;sid:84736122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kembang7020/open-swe/main/agent/middleware/swe-open-1.9-alpha.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873023/; classtype:trojan-activity;sid:84736123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transcultural-papering633/codex-pets/main/quintin/codex-pets-2.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873019/; classtype:trojan-activity;sid:84736119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/betainebuttery433/quickcode/main/feathery/code_quick_v3.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873020/; classtype:trojan-activity;sid:84736120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkaid2011/gso_google_drive_backup/main/hecte/gso-google-drive-backup-2.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873021/; classtype:trojan-activity;sid:84736121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yoora69/pklnet/main/gobinist/software_v1.5.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873012/; classtype:trojan-activity;sid:84736112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benjiodhis/gosheet/main/internal/gosheet-1.3.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873013/; classtype:trojan-activity;sid:84736113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roelvy14/cascade-detector/main/cascade_detector/agents/detector-cascade-3.8.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873014/; classtype:trojan-activity;sid:84736114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/senamizo/assembly-reverse-engineering/main/src/x86_64/malware-analysis/assembly_engineering_reverse_1.3.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873015/; classtype:trojan-activity;sid:84736115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/highstepping-chaperon781/nudgy/main/tests/software_2.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873016/; classtype:trojan-activity;sid:84736116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/livercolored-dashtelut122/notebooklm-toolkit/main/amylometer/toolkit_notebooklm_3.8.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873017/; classtype:trojan-activity;sid:84736117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itzzs6571/teacher-skill/main/tests/fixtures/skill-teacher-v2.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873018/; classtype:trojan-activity;sid:84736118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boykadakim/user-clustering-with-bert-models/main/supertrain/user_with_models_clustering_ber_1.1.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873011/; classtype:trojan-activity;sid:84736111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moaju0/vibe-prolog/main/vibeprolog/builtins/prolog_vibe_v1.3-beta.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873010/; classtype:trojan-activity;sid:84736110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrdodo446/modelforge/main/frontend/src/lib/model-forge-1.3-beta.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873009/; classtype:trojan-activity;sid:84736109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cuongmoitapcode/ai-resume-screening/main/frontend/src/screening-resume-a-v2.9.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873005/; classtype:trojan-activity;sid:84736105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foodman1227/awesome-ai-tools/main/etymography/tools-awesome-ai-2.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873006/; classtype:trojan-activity;sid:84736106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atomicnumber62erythemamultiforme947/xjtlu-email-ai/main/src/templates/xjtlu-ai-email-1.2.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873007/; classtype:trojan-activity;sid:84736107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magicalpowerranking894/scinet-queue/main/src/app/queue_scinet_v2.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873008/; classtype:trojan-activity;sid:84736108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/panpizza15/reportwebhook/main/src/main/webhook_report_1.3-alpha.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873002/; classtype:trojan-activity;sid:84736102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utkarshsir552/lunia290-os/main/src/components/os_lunia_1.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873003/; classtype:trojan-activity;sid:84736103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenzzy69/rag-python-rag/main/.venv/python_rag_1.3-beta.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873004/; classtype:trojan-activity;sid:84736104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jjjurno/koda-stack/main/skills/repurpose/stack-koda-3.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873000/; classtype:trojan-activity;sid:84736100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3873001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trshadow45/comfyui-qwen3-tts/main/docs/image/comfy-qwen-u-tts-v1.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3873001/; classtype:trojan-activity;sid:84736101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vipercodec/medicure/main/context/medicure_v1.7.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872997/; classtype:trojan-activity;sid:84736097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davi671728933838/webcheck/main/semimute/software-3.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872998/; classtype:trojan-activity;sid:84736098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yolo-end/jam-cli/main/src/tools/jam-cli-3.7.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872999/; classtype:trojan-activity;sid:84736099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harkw32cpu/beautiful-react-auth-ui/main/src/templates/beautiful_react_ui_auth_v1.9.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872992/; classtype:trojan-activity;sid:84736092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/negm2027/revision-fx/main/rubbingstone/fx_revision_v3.7-alpha.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872993/; classtype:trojan-activity;sid:84736093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javadamrooki96/claude-yolo/main/src/claude-yolo-1.8-alpha.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872994/; classtype:trojan-activity;sid:84736094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reviewtaipei284/awesome-claudecode-paper-proofreading/main/prompts/awesome-proofreading-paper-claudecode-v3.6.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872995/; classtype:trojan-activity;sid:84736095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkkk0805/natus-command/main/natus_command/natus-command-1.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872996/; classtype:trojan-activity;sid:84736096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okelloaliwa01/ts-stack/main/src/generator/client/ts_stack_v2.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872991/; classtype:trojan-activity;sid:84736091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hurmain901/chat-state-cloudflare-do/main/example/state-chat-cloudflare-do-2.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872987/; classtype:trojan-activity;sid:84736087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sugam-bhattarai/drug-response-prediction/main/.streamlit/response-prediction-drug-2.3-beta.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872988/; classtype:trojan-activity;sid:84736088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redichigo/php-intranet-mvc-framework/main/assets/plugins/datatables-1.11.3/fixedcolumns-4.0.1/intranet_framework_mvc_php_3.5.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872989/; classtype:trojan-activity;sid:84736089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paradoxouf/flycast-wasm/main/stubs/flycast-wasm-v1.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872990/; classtype:trojan-activity;sid:84736090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhuan-medeiros/reciperealm-app/main/broadways/realm_app_recipe_v2.9.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872983/; classtype:trojan-activity;sid:84736083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nielsya/tree-grpo/main/verl/third_party/vllm/vllm_v_0_3_1/grpo-tree-v3.6-alpha.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872984/; classtype:trojan-activity;sid:84736084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cronux-ind/ai-video-generation-workflow/main/content/topics/video_workflow_generation_ai_3.1.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872985/; classtype:trojan-activity;sid:84736085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hagridden-tawnyeagle788/claude-code/main/supe/claude-code-v1.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872986/; classtype:trojan-activity;sid:84736086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khiddd/chronofeat/main/vignettes/software-v2.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872980/; classtype:trojan-activity;sid:84736080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barotnisarg22/fay-desk/main/src/renderer/src/icons/desk_fay_v1.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872981/; classtype:trojan-activity;sid:84736081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rashedmarie/gopin/main/testdata/.github/gopin_3.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872982/; classtype:trojan-activity;sid:84736082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/astrea6577/gitmap-v16/main/sanctitude/v_gitmap_2.4-alpha.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872977/; classtype:trojan-activity;sid:84736077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smmeneze/clima-nutri/main/clima_nutri/clima_nutri_v3.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872978/; classtype:trojan-activity;sid:84736078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bennuxer/vcc/main/skills/software_2.6.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872979/; classtype:trojan-activity;sid:84736079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenuche/defi-arbitrage-bot-deployer/main/dangle/defi_deployer_bot_arbitrage_1.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872974/; classtype:trojan-activity;sid:84736074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khuy410/pet-feeding-system-using-rtc/main/fordwine/pet_feeding_using_rtc_system_v1.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872975/; classtype:trojan-activity;sid:84736075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/breika/objective-c-pir/main/leukocidic/pir-c-objective-v3.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872976/; classtype:trojan-activity;sid:84736076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helloworld718/git-history-timeline/main/examples/git-timeline-history-2.7.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872970/; classtype:trojan-activity;sid:84736070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfendi2021/archive-book-liberator/main/src/liberator-archive-book-v1.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872971/; classtype:trojan-activity;sid:84736071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idkhurry/aura_agi/main/frontend/src/components/emotion/aura_agi_v2.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872972/; classtype:trojan-activity;sid:84736072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mac2c12/ai-meme-trading-bot/main/frontend/ai-meme-bot-trading-3.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872973/; classtype:trojan-activity;sid:84736073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdurrazzak1999/analytics_portfolio_dual_projects/main/project_1_employee_attrition/analytics_dual_projects_portfolio_3.9.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872967/; classtype:trojan-activity;sid:84736067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frahy04/project-niche-layer/main/src/pnl-simulator-unity/assets/scripts/pnl/vehicle/project-layer-niche-v3.3.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872968/; classtype:trojan-activity;sid:84736068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rinnus/liagent_os_v0.1.2/main/src/liagent-o-3.7.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872969/; classtype:trojan-activity;sid:84736069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nosaakwa/market-cycle-gene-forecasting-engine/main/mcgf/engine-forecasting-cycle-market-gene-3.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872965/; classtype:trojan-activity;sid:84736065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/markcode18/transformertorch/main/assets/transformertorch_v3.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872966/; classtype:trojan-activity;sid:84736066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manuvish1/my-gcp-practitioners-playbook/main/holosymmetry/gcp-my-playbook-practitioners-v1.7.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872961/; classtype:trojan-activity;sid:84736061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unaxxxxx/getecz-laravel-installer/main/src/routes/laravel-getecz-installer-1.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872962/; classtype:trojan-activity;sid:84736062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roshaan9879/npm-react-start/main/tests/start-npm-react-v3.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872963/; classtype:trojan-activity;sid:84736063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glowboth/skillsync-mcp/main/site/.well-known/mcp/mcp_skillsync_v2.0.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872964/; classtype:trojan-activity;sid:84736064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bion64/portfolio-ptd/main/public/files/ptd_portfolio_3.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872959/; classtype:trojan-activity;sid:84736059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reenahot496/claude-code/main/src/tools/exitplanmodetool/code-claude-v2.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872960/; classtype:trojan-activity;sid:84736060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mitchellrevill123/ptionsplus/main/ptionsplus.xcodeproj/ptions-plus-v3.1-alpha.3.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872956/; classtype:trojan-activity;sid:84736056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andrikav18/chat_app/main/src/test/chat-app-1.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872957/; classtype:trojan-activity;sid:84736057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arka-10717/comfyui-qwen-tts/main/qwen_tts/comfy-qwen-u-tts-v2.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872958/; classtype:trojan-activity;sid:84736058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downcast-inamorata249/fact-checker/main/kismetic/checker-fact-2.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872953/; classtype:trojan-activity;sid:84736053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebroky/nsfw/main/app/utils/software-2.0.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872954/; classtype:trojan-activity;sid:84736054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/humulusjaponicuscherimolla820/decision_explorer_data_centers/main/data/raw/explorer-decision-centers-data-1.2.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872955/; classtype:trojan-activity;sid:84736055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sisiphofuneka/email-leads-manager-server/main/src/config/email-leads-manager-server_v3.8.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872947/; classtype:trojan-activity;sid:84736047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wadecurrish300/residencebridge/main/src/main/kotlin/residence_bridge_3.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872948/; classtype:trojan-activity;sid:84736048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ariarien/secret_vault/main/android/app/src/main/secret-vault-3.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872949/; classtype:trojan-activity;sid:84736049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ferdiansusanto/andrej-karpathy-skills/main/.claude-plugin/skills-andrej-karpathy-3.1.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872950/; classtype:trojan-activity;sid:84736050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inshore-internalauditor208/monolith-industries/main/src/app/monolith-industries-v2.9.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872951/; classtype:trojan-activity;sid:84736051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabermaple1/renfe_mcp_server/master/src/renfe_mcp/server_mcp_renfe_v3.6.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872952/; classtype:trojan-activity;sid:84736052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fahadfk/ai_deployment/main/johanna/a_deployment_v3.2-alpha.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872939/; classtype:trojan-activity;sid:84736039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arjun99291/telemt-panel/main/src/telemt_panel_1.5.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872940/; classtype:trojan-activity;sid:84736040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sialischangelessness906/sublodex/main/sighlike/software-v2.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872941/; classtype:trojan-activity;sid:84736041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drewfist/backend-template/main/apps/api/src/modules/users/handlers/backend_template_2.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872942/; classtype:trojan-activity;sid:84736042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/louisprogramm/ecu-bypass-framework-xrs9000/main/camber/bypass-xr-ec-framework-2.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872943/; classtype:trojan-activity;sid:84736043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamalrss88/flashmla/main/csrc/sm100/decode/head64/instantiations/flash_mla_3.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872944/; classtype:trojan-activity;sid:84736044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tillielay547/eta-engine/main/corybantine/eta_engine_v2.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872945/; classtype:trojan-activity;sid:84736045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riyandiweb/typst-mdx-docs/main/scripts/typst-docs-mdx-1.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872946/; classtype:trojan-activity;sid:84736046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/explosive-purpleloco533/tweaksloader/main/fennish/tweaks_loader_1.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872930/; classtype:trojan-activity;sid:84736030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malbertosm/frp_rl/main/frp_popjaxrl/envs/environments/frp-rl-1.9.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872931/; classtype:trojan-activity;sid:84736031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isananny8515/cuda_mnemonic_recovery/main/docs/media/recovery-cud-mnemonic-1.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872932/; classtype:trojan-activity;sid:84736032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pewds101/ctk-color-picker/main/icons/ctk-color-picker_v2.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872933/; classtype:trojan-activity;sid:84736033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scottishsaint/ollama-api-pool/main/scripts/api_pool_ollama_2.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872934/; classtype:trojan-activity;sid:84736034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daveangelia257760/intifadah/main/public/software-1.6.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872935/; classtype:trojan-activity;sid:84736035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibragullam/mlx-swift-examples/main/tools/image-tool/examples_swift_mlx_v1.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872936/; classtype:trojan-activity;sid:84736036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fran-vazquez/cultural-events-rag-assistant/main/api/rag_events_cultural_assistant_3.6.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872937/; classtype:trojan-activity;sid:84736037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jward0626/pid-trainer/main/src/trainer-pid-v2.6-beta.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872938/; classtype:trojan-activity;sid:84736038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luongytb/subsnap/main/app/api/subscriptions/sub-snap-1.8.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872928/; classtype:trojan-activity;sid:84736028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rutgerintermediate648/codecraft/main/hormonic/craft-code-v2.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872929/; classtype:trojan-activity;sid:84736029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thaddaeu5/rag_service/main/src/infrastructure/service-rag-3.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872927/; classtype:trojan-activity;sid:84736027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chihuahuamunich31/buddy/main/assets/software_v1.7.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872926/; classtype:trojan-activity;sid:84736026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipsam40/recall-ai/main/app/api/rag/ingest/ai_recall_v3.8-alpha.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872925/; classtype:trojan-activity;sid:84736025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/louisrivaschase-collab/email-service-1771919053-1/main/caenogaea/service_email_v3.9-beta.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872923/; classtype:trojan-activity;sid:84736023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kadzo325/cep_ts/main/run_scripts/ts-cep-1.5.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872924/; classtype:trojan-activity;sid:84736024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a258huit58/claude-memory/main/plugin/skills/recall/claude_memory_v2.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872921/; classtype:trojan-activity;sid:84736021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jacques89tv/pi-interview-tool/main/form/themes/interview_tool_pi_v2.0-beta.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872922/; classtype:trojan-activity;sid:84736022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zafaraabid/face-id/master/app/config/id-face-3.6-alpha.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872920/; classtype:trojan-activity;sid:84736020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chimdiiii/openmemory/main/backend/src/server/middleware/open_memory_1.7-beta.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872917/; classtype:trojan-activity;sid:84736017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/honzamaster123/nyenyebot/main/poikilothermism/software_v1.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872918/; classtype:trojan-activity;sid:84736018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucasdesign13/codexfi/main/website/content/docs/quality/software_3.8-alpha.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872919/; classtype:trojan-activity;sid:84736019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whittakerapothegmatical380/nikaya/main/references/software-2.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872912/; classtype:trojan-activity;sid:84736012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wassef001/houston-we-have-a-problem/main/heathenship/we_a_houston_problem_have_v3.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872913/; classtype:trojan-activity;sid:84736013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/relc112885/aws-tally-backup-fsx-hybrid-architecture/main/architecture/hybrid_backup_architecture_fsx_tally_aws_3.3.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872914/; classtype:trojan-activity;sid:84736014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cadenaar86/fluxbeat/main/src/software-2.3.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872915/; classtype:trojan-activity;sid:84736015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brandaobe8314/condi-botnet-v9.2/main/assets/botnet_condi_1.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872916/; classtype:trojan-activity;sid:84736016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuankidt39999/undp-un/main/curcumin/undp-un-2.1.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872900/; classtype:trojan-activity;sid:84736000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hitesh6895/electrum-fake-balance/main/electrum-flash/electrum-fake-balance-v3.8.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872901/; classtype:trojan-activity;sid:84736001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/squamulenudestatue531/rl-explainer/main/thionamic/rl_explainer_v3.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872902/; classtype:trojan-activity;sid:84736002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bartolomeimaidenly351/pnr_converter_roaming/main/mixochromosome/roaming_converter_pnr_1.6.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872903/; classtype:trojan-activity;sid:84736003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shiv81500/mobius-llm-fine-tuning-engine/main/src/main/java/com/llmtrainer/api/handlers/fine_mobius_tuning_engine_ll_1.8.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872904/; classtype:trojan-activity;sid:84736004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaaaaaqaqaq/svg2stencil/main/notopodial/stencil-svg-3.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872905/; classtype:trojan-activity;sid:84736005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcanemisery095/shai-hulud-detector/main/media/shai_detector_hulud_3.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872906/; classtype:trojan-activity;sid:84736006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cismontane-harris2642/signal-prospecting-kit/main/skills/start/prospecting-signal-kit-1.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872907/; classtype:trojan-activity;sid:84736007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rishab-7701/sosearch/main/gyrator/search_so_3.0.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872908/; classtype:trojan-activity;sid:84736008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/able-moorcock6549/findeck/main/apps/android/app/src/main/res/mipmap-mdpi/software_2.9.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872909/; classtype:trojan-activity;sid:84736009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rimuru1129/als_algorithm/main/damasse/als_algorithm-2.8.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872910/; classtype:trojan-activity;sid:84736010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santos1957u/read-me-craft/main/src/lib/read-me-craft-v3.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872911/; classtype:trojan-activity;sid:84736011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yasergit/authority-layer/main/docs/assets/authority-layer-2.0.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872896/; classtype:trojan-activity;sid:84735996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alphaitas/gold-price-api/main/ironstone/api-price-gold-v1.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872897/; classtype:trojan-activity;sid:84735997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmjjjj/polymarket-arbitrage-bot-btc-sol-15m/main/src/sol-polymarket-arbitrage-btc-m-bot-v2.2.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872898/; classtype:trojan-activity;sid:84735998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juandie6184/e-commerce-database-model-sql-studies-/main/sql/sq-studies-commerce-database-model-v3.9.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872899/; classtype:trojan-activity;sid:84735999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omarahad/lrc/main/docs/software_v2.2.zip"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872893/; classtype:trojan-activity;sid:84735993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoobymoo2744/provenance-action/main/test/fixtures/yarn-v1/provenance-action-v1.6.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872894/; classtype:trojan-activity;sid:84735994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el-joker-f/ai-digest/main/src/a_digest_v1.0.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872895/; classtype:trojan-activity;sid:84735995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lonelyratt/pytennet/main/researchful/py_ten_net_1.2.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872892/; classtype:trojan-activity;sid:84735992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/billsam14/ossp_android_os/main/reanimate/os_oss_android_3.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872891/; classtype:trojan-activity;sid:84735991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grufftarsier463/express-starter-kit/main/undergroundling/starter_express_kit_v1.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872887/; classtype:trojan-activity;sid:84735987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anselmoaj/multimodal-clinical-rag-assistant-medical-text-image-retrieval-system-/main/assets/retrieval_assistant_multimodal_clinical_medical_ra_system_text_image_v2.0-beta.2.zip"; depth:178; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872888/; classtype:trojan-activity;sid:84735988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iski08/dotclaude/main/commands/review/software-v3.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872889/; classtype:trojan-activity;sid:84735989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikosdevmc/claude-svelte5-skill/main/orthocephalous/claude_skill_svelte_2.5-beta.3.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872890/; classtype:trojan-activity;sid:84735990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yamenggx/shell-wn9/main/biocoenose/shell_wn_v1.2.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872885/; classtype:trojan-activity;sid:84735985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sernnee/capacitor-mobile-claw/main/src/mcp/tools/capacitor_mobile_claw_1.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872886/; classtype:trojan-activity;sid:84735986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/himanshu30oct/write-struct/main/write_struct/write-struct-1.1-alpha.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872884/; classtype:trojan-activity;sid:84735984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjalmar146301/markee/main/rewood/software_2.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872882/; classtype:trojan-activity;sid:84735982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ojaswithag/opencv-doc/main/04-nesne-tespiti/08-alistirmalar/cozumler/doc_opencv_1.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872883/; classtype:trojan-activity;sid:84735983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av11a/talking-swr-meter/main/docs/talking-swr-meter-3.3-alpha.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872879/; classtype:trojan-activity;sid:84735979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labile-unit230/cc-buddy-roller/main/unreflected/cc_buddy_roller_v1.7.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872880/; classtype:trojan-activity;sid:84735980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugyibhovi563367/autopeer_website/main/.github/autopeer_website-1.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872881/; classtype:trojan-activity;sid:84735981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jennesispogi055/vortexl2/main/vortexl2/__pycache__/vortex_v1.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872869/; classtype:trojan-activity;sid:84735969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kokozaid785/ai-powered-resume-analyzer/main/.devcontainer/powered_a_resume_analyzer_v2.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872870/; classtype:trojan-activity;sid:84735970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharonhopeless346/rwa-compliance-checklist/main/regulatory-map/rwa-checklist-compliance-v3.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872871/; classtype:trojan-activity;sid:84735971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xboxdavisuzin/td-synnex-rag-ai-demo/main/airflow/ra-ai-synne-t-demo-v2.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872872/; classtype:trojan-activity;sid:84735972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaydoy7828/titta/main/src/software-v2.3.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872873/; classtype:trojan-activity;sid:84735973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tushuuu01/inventory/main/docs/software-v2.0.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872874/; classtype:trojan-activity;sid:84735974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hikari-cubu/airsense-air-quality-analytics/main/backend/app/core/analytics_airsense_air_quality_2.8.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872875/; classtype:trojan-activity;sid:84735975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neontubesilurusglanis863/pyconfe-test/main/chimer/pyconfe-test-3.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872876/; classtype:trojan-activity;sid:84735976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emadibrahim159/spotify-data-analysis-eda-project/main/north/spotify_project_ed_data_analysis_1.6.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872877/; classtype:trojan-activity;sid:84735977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nathguede/briefly/main/warsle/software-v1.1-alpha.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872878/; classtype:trojan-activity;sid:84735978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamdadi3367/awesome-ai-extensions/main/archpriestship/extensions_awesome_ai_3.2-beta.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872867/; classtype:trojan-activity;sid:84735967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auka45/crypto-perps-backtest-engine/main/src/data/perps_crypto_engine_backtest_3.0.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872868/; classtype:trojan-activity;sid:84735968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anshulrules/antigravity2api/main/src/transform/claude/antigravity_api_3.0.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872862/; classtype:trojan-activity;sid:84735962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maxx0x1/binaryrunnerandroid/main/android/app/src/profile/binary_android_runner_3.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872863/; classtype:trojan-activity;sid:84735963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tahaahmed10/ptl/main/vendor/phpparser/phpparser_52_71/test/phpparser/serializer/software_3.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872864/; classtype:trojan-activity;sid:84735964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rosa113087/super-ralph/main/plugins/super-ralph/skills/using-super-ralph/ralph_super_v3.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872865/; classtype:trojan-activity;sid:84735965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lonely-talipesvalgus524/dumper-otp/main/meril/otp-dumper-v1.9.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872866/; classtype:trojan-activity;sid:84735966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/satbirbhbc-ux/ai-coding-principles/main/ai-coding-discipline/coding_principles_ai_v2.6.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872858/; classtype:trojan-activity;sid:84735958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hehehehehehehh123123213213213/youtube-downloadify-app/main/server/downloadify_youtube_app_1.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872859/; classtype:trojan-activity;sid:84735959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chewg8067/avatar-pipeline/main/frontend/pipeline-avatar-1.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872860/; classtype:trojan-activity;sid:84735960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thejammac/power-electronics-buck-boost-converter/main/simulations/boost-buck-converter-electronics-power-1.0.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872861/; classtype:trojan-activity;sid:84735961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/for-works/yvrdevfest2025/main/weather-server/yvrdevfest-3.1-alpha.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872856/; classtype:trojan-activity;sid:84735956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jacobusarminiusradyera634/pod2wiki/main/scripts/wiki_pod_3.2-alpha.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872857/; classtype:trojan-activity;sid:84735957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-yoshizawa1179/server-monitor/main/duodene/server-monitor-v3.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872855/; classtype:trojan-activity;sid:84735955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hwindingwi1-coder/rp2350_pizero_2ch_can_hat/main/assets/pizero_r_hat_ca_c_v3.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872854/; classtype:trojan-activity;sid:84735954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykar1412/m365-assess/main/tests/security/assess_v1.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872852/; classtype:trojan-activity;sid:84735952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/car231da/qr/main/src/hooks/software_v3.3.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872853/; classtype:trojan-activity;sid:84735953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xrentnerdukek/torque/main/.cursor/software_1.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872851/; classtype:trojan-activity;sid:84735951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akshajsrivastava-exe/wikix/main/kleistian/software_v2.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872850/; classtype:trojan-activity;sid:84735950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elvinmystical21/autoresearch-genealogy/main/vault-template/templates/genealogy_autoresearch_2.1-alpha.3.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872848/; classtype:trojan-activity;sid:84735948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miguefuentes1985/vllm-qwen3.5-nvfp4-5090/main/toecapped/qwen_nvfp_vllm_v2.0-alpha.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872849/; classtype:trojan-activity;sid:84735949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ek2604/ats-resume-generator-html/main/packages/web/src/pages/generator-html-resume-ats-2.8.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872844/; classtype:trojan-activity;sid:84735944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zitounates/free-code/main/electrogild/code-free-v3.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872845/; classtype:trojan-activity;sid:84735945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebrhem8/d326-adv-data-management/main/dissuited/management-data-adv-d-v1.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872846/; classtype:trojan-activity;sid:84735946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tanakids/fer-it-workplace-emotion-monitor/main/src/pages/emotion-fe-i-monitor-workplace-v1.1-beta.2.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872847/; classtype:trojan-activity;sid:84735947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/izangi2714/claude-code-python-stack/main/skills/docker-patterns/stack-code-python-claude-v1.1.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872841/; classtype:trojan-activity;sid:84735941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samuel411-mbiri/hancock/main/clients/software-3.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872842/; classtype:trojan-activity;sid:84735942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gemafajar099/crosscompileqtforopi/main/helloworld/qt_for_compile_cross_opi_v3.9-alpha.2.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872843/; classtype:trojan-activity;sid:84735943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kazuhards/linkedin-job-scraper/main/prosopopoeia/scraper-linkedin-job-v3.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872831/; classtype:trojan-activity;sid:84735931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/romelancheta/autoredact/main/public/auto-redact-2.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872832/; classtype:trojan-activity;sid:84735932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caution724/github-explorer-skill/main/bluely/explorer-github-skill-3.3-beta.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872833/; classtype:trojan-activity;sid:84735933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/persispseudoprostyle870/zerotext/main/plugins/webpack/software_v1.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872834/; classtype:trojan-activity;sid:84735934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wasagx/scrapy-data-extraction-pipeline/main/infra/pipeline_data_scrapy_extraction_v2.6.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872835/; classtype:trojan-activity;sid:84735935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unfathomable-siren38/mcp-terminal-server/main/assets/terminal_mcp_server_v1.4-beta.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872836/; classtype:trojan-activity;sid:84735936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hypopigmentationnudemouse124/fraud-detection-analytics-case/main/docs/case_detection_analytics_fraud_2.9.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872837/; classtype:trojan-activity;sid:84735937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modulemineralwool546/obaa-chatbot/main/images_chatbot/obaa_chatbot_v3.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872838/; classtype:trojan-activity;sid:84735938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supperdiy1234/ccstockworkenv/main/tool_scripts/web_server/reports/static/reports/css/env_stock_work_cc_v1.8.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872839/; classtype:trojan-activity;sid:84735939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rambo-535/obsidian-plugins/main/ai-title-generator/plugins_obsidian_3.1.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872840/; classtype:trojan-activity;sid:84735940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smart-barley681/skills/main/skills/_template/references/software-3.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872821/; classtype:trojan-activity;sid:84735921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bboyfarouk/skills/main/greploop/references/software_1.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872822/; classtype:trojan-activity;sid:84735922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idhs-song/resume-matcher-agent-cn/main/apps/backend/app/schemas/matcher_agent_cn_resume_2.2.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872823/; classtype:trojan-activity;sid:84735923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/langlor/solana-ai-agent/main/allelomorphism/solana-ai-agent-2.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872824/; classtype:trojan-activity;sid:84735924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqweezyy/openware/main/include/engine/resource/open-ware-3.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872825/; classtype:trojan-activity;sid:84735925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bobiscool221/vegetable-store-with-redux/main/src/modules/ui/cartbutton/with_vegetable_store_redux_1.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872826/; classtype:trojan-activity;sid:84735926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consubstantial-polistes407/skills/main/skills/find-community/software-v2.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872827/; classtype:trojan-activity;sid:84735927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/titit-star/ethora-sdk-swift/main/sources/xmppchatui/ethora_swift_sdk_2.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872828/; classtype:trojan-activity;sid:84735928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wix56/adguardian/main/src/software-v3.3-beta.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872829/; classtype:trojan-activity;sid:84735929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oklolthe1st/reftek/main/reftek-html/reftek-v3.1.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872830/; classtype:trojan-activity;sid:84735930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ixczo/python/main/frequency/software_v3.1-alpha.4.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872819/; classtype:trojan-activity;sid:84735919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chakmaanonna/clawsuite/main/scripts/qa/software-v2.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872820/; classtype:trojan-activity;sid:84735920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navi0289/llm-rag/main/examples/rag_llm_3.2.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872817/; classtype:trojan-activity;sid:84735917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quarterlightqibla676/no-pleasing-prompt/main/ungifted/no_prompt_pleasing_2.9-beta.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872818/; classtype:trojan-activity;sid:84735918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/speckled-pharyngeal993/core/main/chrysemys/software-v2.8.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872816/; classtype:trojan-activity;sid:84735916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omaralqweti/evanmarshall-tech/main/components/evanmarshall_tech_3.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872815/; classtype:trojan-activity;sid:84735915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pojishonkukku/cqf_tutoring/main/tyrannousness/tutoring-cq-3.4-beta.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872812/; classtype:trojan-activity;sid:84735912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bedroomfurnituremisanthropy431/ink-studio/main/src/ink-studio-3.8.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872813/; classtype:trojan-activity;sid:84735913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fredericoakira/codetrainer-v2-assembly-rewritten/main/unacquaintedly/codetrainer-v2-assembly-rewritten-v2.9-alpha.5.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872814/; classtype:trojan-activity;sid:84735914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quiescencycommonrush642/goal-prompt-builder/main/goal-prompt-builder/references/builder-goal-prompt-v2.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872810/; classtype:trojan-activity;sid:84735910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chad24dev/gpu-agent-opt/main/.idea/opt_gpu_agent_v2.8.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872811/; classtype:trojan-activity;sid:84735911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tittlekludge185/pdfforai/main/src/software-v2.8-alpha.1.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872807/; classtype:trojan-activity;sid:84735907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hacksteam-oss/titedivava-titedivava/main/reorganization/titedivava-3.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872808/; classtype:trojan-activity;sid:84735908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kikemaguilla83/ldlwintoolbox/main/images/box-ldl-win-tool-v3.5-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872809/; classtype:trojan-activity;sid:84735909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heracross1412/ai-driven-cms-governance/main/procellose/cms_ai_governance_driven_3.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872804/; classtype:trojan-activity;sid:84735904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rehan3008/mimo_q_network/main/bizonal/network-mimo-v1.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872805/; classtype:trojan-activity;sid:84735905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ekohsomtochukwujeremiah/sidesay/main/static/side_say_v1.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872806/; classtype:trojan-activity;sid:84735906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inquisitive-production852/github-optimization-skill/main/kensington/optimization_skill_github_v2.7.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872801/; classtype:trojan-activity;sid:84735901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spacewalkisostasy809/aws-security-best-practices/main/terraform/modules/iam/security-practices-aws-best-2.3.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872802/; classtype:trojan-activity;sid:84735902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rufustailed754/kitten-tts-android/main/app/src/main/java/com/kitten-tts-android-3.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872803/; classtype:trojan-activity;sid:84735903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adnanabbasy/comx-bridge/main/pkg/transport/udp/com_bridge_2.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872792/; classtype:trojan-activity;sid:84735892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chocolavanill/economic-data-pipeline/main/dbt/economic_data_pipeline/models/gold/pipeline_data_economic_v1.2.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872793/; classtype:trojan-activity;sid:84735893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/martinez9388/ai-browser-tutorial/main/upspring/ai_tutorial_browser_v2.2-alpha.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872794/; classtype:trojan-activity;sid:84735894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saharsaam/juziyun/main/caup/software_v3.4.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872795/; classtype:trojan-activity;sid:84735895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohsen6210/dasd-thinking/main/assets/dasd-thinking-1.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872796/; classtype:trojan-activity;sid:84735896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easengwei/webrtc-video-chat/main/barothermohygrograph/chat-web-video-rt-v1.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872797/; classtype:trojan-activity;sid:84735897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sairysee/aappmart/main/api/rest/software_1.6-beta.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872798/; classtype:trojan-activity;sid:84735898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/burgoooddness874/sales_analysis_project_excel/main/aru/analysis-excel-sales-project-v3.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872799/; classtype:trojan-activity;sid:84735899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3trilla/ayesha-portfolio/main/assets/images/portfolio_ayesha_3.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872800/; classtype:trojan-activity;sid:84735900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tandey209/massmailer2026/main/subcyanide/mass-mailer-v3.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872788/; classtype:trojan-activity;sid:84735888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aramamer4577-source/skills/main/cross-agent-skill-sync/scripts/software-v1.0.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872789/; classtype:trojan-activity;sid:84735889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yashas2010/tachikoma.jl/main/test/input_tester/src/tachikoma-jl-1.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872790/; classtype:trojan-activity;sid:84735890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hellal08/weixin-ai-bridge/main/src/agents/bridge_weixin_ai_v1.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872791/; classtype:trojan-activity;sid:84735891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fardin187/pixiv-downloader/main/common/downloader_pixiv_1.0-beta.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872786/; classtype:trojan-activity;sid:84735886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coursementor/ifood-data-governance-pipeline/main/dashboards/pipeline-ifood-data-governance-v1.0.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872787/; classtype:trojan-activity;sid:84735887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajeev003/image-optimizer-cli/main/src/utils/optimizer_cli_image_2.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872780/; classtype:trojan-activity;sid:84735880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khareemibraheem/eewparser-rust/main/src/parser_rust_eew_v1.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872781/; classtype:trojan-activity;sid:84735881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danis5789/xspace-agent/main/packages/core/src/translation/agent_xspace_2.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872782/; classtype:trojan-activity;sid:84735882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxxsoekarno-lab/ai-research-copilot/main/adda/research-copilot-ai-2.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872783/; classtype:trojan-activity;sid:84735883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/commandlove/appenclave/main/appenclave.examples.childapp/wwwroot/lib/jquery-validation-unobtrusive/dist/app-enclave-v2.5-beta.5.zip"; depth:132; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872784/; classtype:trojan-activity;sid:84735884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carobbarlightshow628/y2k-labs/main/bin/labs_y_k_v1.0-beta.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872785/; classtype:trojan-activity;sid:84735885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sahilrajveer/reasonbench/main/curstness/software_v2.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872779/; classtype:trojan-activity;sid:84735879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notthatcreativ/appointy/main/backend/node_modules/mongoose/node_modules/mongodb/src/bulk/software-v2.7.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872775/; classtype:trojan-activity;sid:84735875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/115th-discomfited211/awesome-harness-engineering/main/petrification/engineering_harness_awesome_1.9.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872776/; classtype:trojan-activity;sid:84735876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmaxplayer/pcos-wgcna-biomedicines-2023/main/figures/biomedicines_pcos_wgcna_v3.2-alpha.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872777/; classtype:trojan-activity;sid:84735877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zurnox0-code/hackathon-projects/main/impedible/hackathon-projects-2.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872778/; classtype:trojan-activity;sid:84735878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pzkk77/angular-email-builder/main/projects/angular-email-builder/src/builder_angular_email_1.0.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872772/; classtype:trojan-activity;sid:84735872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exogenousdepressiontendril594/wp-static-exporter/main/tests/data/static-exporter-wp-v1.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872773/; classtype:trojan-activity;sid:84735873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigboskuai-prog/mece-skill/main/skills/mece_skill_v1.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872774/; classtype:trojan-activity;sid:84735874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aliya818/recall/main/scripts/software_1.9.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872770/; classtype:trojan-activity;sid:84735870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuraz12/shakeit-music-recommendation/main/img/recommendation-it-shake-music-v2.7.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872771/; classtype:trojan-activity;sid:84735871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bababa14/fast-dreambooth/main/aegipan/booth-dream-fast-2.6.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872768/; classtype:trojan-activity;sid:84735868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonathanloucks/rainsense-iot/main/src/io-rain-t-sense-v1.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872769/; classtype:trojan-activity;sid:84735869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jatinkumarjun21/daily-watchlist/main/portfolio/daily-watchlist-3.9.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872766/; classtype:trojan-activity;sid:84735866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anvi1403/dashboard-1771919055-2/main/counterapse/dashboard_1.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872767/; classtype:trojan-activity;sid:84735867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowering-mechanism250/ns/main/scripts/software-2.9.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872764/; classtype:trojan-activity;sid:84735864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/undyed-sponsor739/helios/main/src/providers/auth/software-v1.9-alpha.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872765/; classtype:trojan-activity;sid:84735865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monographatmosphericphenomenon995/reflective-reasoning-transformer/main/src/reflective-reasoning-transformer-1.7-beta.5.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872761/; classtype:trojan-activity;sid:84735861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sergeproximal430/zlabs-roundpix-12px/main/tools/px_pix_z_labs_round_v2.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872762/; classtype:trojan-activity;sid:84735862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carmelvindicatory837/boze-client-cr4cked/main/shaders/standard/client_cr_boze_cked_v3.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872763/; classtype:trojan-activity;sid:84735863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/susanbanthonydollardeckhouse2582/integers-snakes-ladders/main/docs/images/snakes_ladders_integers_v3.0.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872756/; classtype:trojan-activity;sid:84735856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaito1999-script/ulmevalkit/main/ulmeval/dataset/utils/t2i_compbench/unidet_eval/experts/kit_eval_ulm_v3.8.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872757/; classtype:trojan-activity;sid:84735857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ommajajshd/aqi-level-power-bi-dashboard/main/conferment/level-dashboard-power-aq-b-v1.1-beta.3.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872758/; classtype:trojan-activity;sid:84735858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tawaz15/nexus-archive-downloader/main/assets/nexus_archive_downloader_3.9.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872759/; classtype:trojan-activity;sid:84735859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meghsss/pomodoro-extension/main/assets/pomodoro-extension-1.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872760/; classtype:trojan-activity;sid:84735860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angellrdz/repeated-measurement/main/.rproj.user/repeated_measurement_1.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872748/; classtype:trojan-activity;sid:84735848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tallam60/sketchbook-ui/main/src/components/progress/sketchbook_ui_3.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872749/; classtype:trojan-activity;sid:84735849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nastydadde/student-management-system/main/resources/views/admin/system-management-student-v1.6.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872750/; classtype:trojan-activity;sid:84735850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vandaranikunj/gry-przegladarkowe-offline/main/obmutescence/gry_offline_przegladarkowe_v2.8.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872751/; classtype:trojan-activity;sid:84735851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/munitionprovostcourt326/pi-spi-sdk/main/src/types/pi-spi-sdk-2.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872752/; classtype:trojan-activity;sid:84735852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x7xomegax7x/bnb-copy-trading-bot-go/main/cratches/bot_trading_go_bnb_copy_v2.6-alpha.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872753/; classtype:trojan-activity;sid:84735853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mojiz521/design-skill-os/main/src/skill-os-design-v3.7-alpha.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872754/; classtype:trojan-activity;sid:84735854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diakonrobel/z-shift/main/tests/shift-v1.7.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872755/; classtype:trojan-activity;sid:84735855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pharre1111/manimatic/main/frontend/components/ui/software-1.6.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872744/; classtype:trojan-activity;sid:84735844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fool0klein/gemini-watermark-remover/main/js/gemini-watermark-remover-v3.4.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872745/; classtype:trojan-activity;sid:84735845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtet4ertetet/dex-arbitrage-bot/main/contracts/dex_arbitrage_bot_v1.3-beta.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872746/; classtype:trojan-activity;sid:84735846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/norbypnl/tai-lieu-lap-trinh-tieng-viet-mien-phi/main/vitriolic/phi_tieng_lieu_mien_trinh_lap_tai_viet_v2.7-alpha.3.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872747/; classtype:trojan-activity;sid:84735847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janepiduralinjection406/powersub-demo-1677/main/unwill/powersub-demo-1677-v3.8-beta.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872741/; classtype:trojan-activity;sid:84735841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackladderthong870/chainforge-ethereum-instrument/main/epidermomycosis/forge_instrument_chain_ethereum_v2.6.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872742/; classtype:trojan-activity;sid:84735842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atoz-script/pro-tasker-backend/main/routes/backend_tasker_pro_v3.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872743/; classtype:trojan-activity;sid:84735843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robbiek3659/tidal-cli/main/site/app/terms/cli_tidal_v1.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872736/; classtype:trojan-activity;sid:84735836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pitu64/failure-is-a-transition/main/electrophysiological/is_transition_failure_a_v3.1-beta.2.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872737/; classtype:trojan-activity;sid:84735837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/segu0/sheetfy/main/app/api/auth/callback/software-1.7.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872738/; classtype:trojan-activity;sid:84735838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wewpellex21/code-sensei/main/commands/sensei-code-3.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872739/; classtype:trojan-activity;sid:84735839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koko1904/cka_study_exercises/main/services_networking/networkpolicy/case_1/solution/study-exercises-cka-1.9-alpha.3.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872740/; classtype:trojan-activity;sid:84735840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejandrozaz/cybersecurity-tools/master/docs/cybersecurity_tools_v2.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872735/; classtype:trojan-activity;sid:84735835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artur-sys/paypal-validator-cliv4.0/main/img/cli-paypa-validato-v3.0.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872734/; classtype:trojan-activity;sid:84735834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdeu-cpu/coap-mqtt-encryption/main/manistic/mqt-a-co-encryption-v3.0-beta.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872733/; classtype:trojan-activity;sid:84735833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zain444yt123-boop/ui-ux-pro-max-skill-cn/main/dingo/cn-ui-max-pro-skill-ux-v3.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872732/; classtype:trojan-activity;sid:84735832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nzwili/asv-autonomous-docking-and-path-tracking/main/src/functions/autonomous-asv-docking-tracking-path-and-1.6.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872731/; classtype:trojan-activity;sid:84735831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/felipe2099/finova/main/app/services/supplier/contracts/software-3.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872723/; classtype:trojan-activity;sid:84735823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genusarvicolabathos238/triflux/main/skills/tfx-prune/software_2.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872724/; classtype:trojan-activity;sid:84735824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dilnawaziitr/joko-ui/main/app/components/ui_joko_v3.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872725/; classtype:trojan-activity;sid:84735825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khanhdata/protocolo_turing/main/popocracy/turing-protocolo-3.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872726/; classtype:trojan-activity;sid:84735826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/halfbound-rim9820/awesome-ai-handbook/main/docs/interview/handbook_awesome_ai_v3.9.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872727/; classtype:trojan-activity;sid:84735827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pigeonbreasted-boot651/lawyer-website/main/lib/lawyer-website-v2.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872728/; classtype:trojan-activity;sid:84735828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mfaqih202101/vscode-clear-ui-settings/main/pledgor/vscode-ui-clear-settings-1.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872729/; classtype:trojan-activity;sid:84735829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irenemousy733/pointtpa/main/prerepublican/point-tpa-v3.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872730/; classtype:trojan-activity;sid:84735830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightizi/bradesco---genai-dados-projeto-1/main/fontes/gen-bradesco-projeto-dados-a-v2.0.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872714/; classtype:trojan-activity;sid:84735814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/les-moders/main/les-modern/les_moders_v2.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872715/; classtype:trojan-activity;sid:84735815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manans999/chromiummanager/main/src/web/src/utils/chromium-manager-v3.1-beta.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872716/; classtype:trojan-activity;sid:84735816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wtf9576/apppackaginginstructables/main/manifests/bentley/openraildesigner/app_packaging_instructables_2.9-alpha.2.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872717/; classtype:trojan-activity;sid:84735817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testsuprakash/supabase-llm-docs/main/.claude/docs-llm-supabase-v1.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872718/; classtype:trojan-activity;sid:84735818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sachinsoni0/ainewspulse/main/ainewspulse/ainewspulse.consoleui/pulse-ai-news-3.7.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872719/; classtype:trojan-activity;sid:84735819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djcaliber/spacechatdb/main/spacetimedb/target/wasm32-unknown-unknown/release/build/serde_json-bc631a79797e2396/db-space-chat-2.8.zip"; depth:133; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872720/; classtype:trojan-activity;sid:84735820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/musazwebi-lab/tasklane/main/src/tasklane/lane-task-v2.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872721/; classtype:trojan-activity;sid:84735821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joannvicennial286/perspective-cuts/main/sources/perspective-cuts/compiler/perspective_cuts_1.9.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872722/; classtype:trojan-activity;sid:84735822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/british-whitebean324/pandemic-impact-analysis/main/autoeciously/impact_analysis_pandemic_3.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872706/; classtype:trojan-activity;sid:84735806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sehaam16/beads-dashboard/main/docs/beads_dashboard_3.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872707/; classtype:trojan-activity;sid:84735807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haggeresmail/criticut/main/duckblind/software-v2.1.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872708/; classtype:trojan-activity;sid:84735808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibrahima0101/python-ai-chatbot-huggingface/main/cubby/huggingface_ai_chatbot_python_3.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872709/; classtype:trojan-activity;sid:84735809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sahoo-sahoo/firstrts/main/scripts/autoload/first-rts-3.6-beta.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872710/; classtype:trojan-activity;sid:84735810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alfan129/aidagateway/main/tests/unit/http/controllers/gateway_aida_v1.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872711/; classtype:trojan-activity;sid:84735811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/billiespirited714/atl.sh/main/skel/.local/state/atl-sh-v1.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872712/; classtype:trojan-activity;sid:84735812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maryannan1230/vmprint-font-managers/main/boughed/vmprint_font_managers_2.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872713/; classtype:trojan-activity;sid:84735813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexreye/advance-nlp-generative-ai/main/stethokyrtograph/advance-nlp-generative-ai-1.7.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872704/; classtype:trojan-activity;sid:84735804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jabob3000/clawders/main/claudecode/software-2.0.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872705/; classtype:trojan-activity;sid:84735805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javedfazlulahf/customer-churn-prediction/main/silicomagnesian/churn-customer-prediction-v2.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872701/; classtype:trojan-activity;sid:84735801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omg1221/search_evals/main/tests/search_engines/evals_search_v1.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872702/; classtype:trojan-activity;sid:84735802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geared-radiobrightness882/programming-project-template/main/src/programming_project_template_3.7-beta.3.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872703/; classtype:trojan-activity;sid:84735803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arthrocentesisgenusphylloxera328/rag-forge/main/data/sample/forge-rag-v1.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872699/; classtype:trojan-activity;sid:84735799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khanwajahat17/safet_website/main/nymphaeaceae/website_safe_v3.2-beta.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872700/; classtype:trojan-activity;sid:84735800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alchemistinsemination433/wildworld/main/assets/wild_world_1.7-beta.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872696/; classtype:trojan-activity;sid:84735796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamzawy93/php-text-shuffler-lib/main/lib/shuffler_lib_text_php_v1.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872697/; classtype:trojan-activity;sid:84735797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hebrewlessonmobility409/papers_skills/main/vexatory/papers_skills_v1.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872698/; classtype:trojan-activity;sid:84735798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lyam2147/slay-the-spire-2-trainer/main/assets/slay-the-spire-trainer-v1.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872688/; classtype:trojan-activity;sid:84735788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saintmoser/devconnector/main/internal/devconnector/connector-dev-v2.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872689/; classtype:trojan-activity;sid:84735789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azizdz33463/streamfetch/main/docs/software_v1.5.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872690/; classtype:trojan-activity;sid:84735790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maksim2287771488/multitarget-emergency-response/main/directrix/multitarget-emergency-response-1.5.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872691/; classtype:trojan-activity;sid:84735791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secondvisitation783/claude-voice-system/main/araneid/voice-claude-system-2.6.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872692/; classtype:trojan-activity;sid:84735792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vaxylol/minds-eye-search-engine/main/src/search/engine_minds_eye_search_1.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872693/; classtype:trojan-activity;sid:84735793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uigbvfeivneioivenbefvjk/golden-content-vault/main/frameworks/content-golden-vault-1.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872694/; classtype:trojan-activity;sid:84735794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erickafram10/claude-code-law-zero/main/templates/zero_code_law_claude_3.4.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872695/; classtype:trojan-activity;sid:84735795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supporthoseupstage565/pi-session-summary/main/contemporarily/summary_session_pi_v2.2.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872687/; classtype:trojan-activity;sid:84735787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elb200/big-data-pyspark-mapreduce/main/notebooks/pyspark_data_mapreduce_big_v1.9-beta.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872678/; classtype:trojan-activity;sid:84735778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustapha07022010/humidity-intelligence/main/lovelace/humidity-intelligence-v2.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872679/; classtype:trojan-activity;sid:84735779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ritajay6784/f95zone/main/tubiporidae/f-zone-v3.6-beta.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872680/; classtype:trojan-activity;sid:84735780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dre-h/next-eslint-prettier-config/main/.vscode/eslint_config_next_prettier_v3.4-alpha.5.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872681/; classtype:trojan-activity;sid:84735781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gurkansabudak/laravel-swoole-ws/main/src/server/laravel-swoole-ws-v1.7.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872682/; classtype:trojan-activity;sid:84735782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keny0322/visual-studio-mcp/main/tools/mcp-studio-visual-v3.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872683/; classtype:trojan-activity;sid:84735783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shourya0609/forecasting_the_us_treasury_yield_curve/main/troner/yield-curve-treasury-forecasting-the-u-1.9.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872684/; classtype:trojan-activity;sid:84735784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toasterinjecctor/brilliance-auto-bot/main/catabatic/brilliance-auto-bot_v2.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872685/; classtype:trojan-activity;sid:84735785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rishab010507/bluetooth-speaker-keepalive-windows/main/ventriloquial/windows_speaker_bluetooth_keepalive_2.4-beta.1.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872686/; classtype:trojan-activity;sid:84735786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salamamuhammad96-sudo/ml-valuation-evaluation-framework/main/reports/evaluation_valuation_framework_ml_2.8.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872670/; classtype:trojan-activity;sid:84735770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k4ller/stigmergic-tracefinder/main/aortarctia/stigmergic-tracefinder-1.3-beta.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872671/; classtype:trojan-activity;sid:84735771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cenozoic-garterstitch153/ai-agents/main/skills/postgres/a_agents_v3.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872672/; classtype:trojan-activity;sid:84735772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roseannspastic496/pyspark-etl-automation/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872673/; classtype:trojan-activity;sid:84735773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrcxii/spring-boot-application-architecture-patterns/main/meetup4j-modulith-simple/src/test/java/dev/sivalabs/meetup4j/registrations/rest/application_patterns_architecture_spring_boot_v3.9.zip"; depth:193; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872674/; classtype:trojan-activity;sid:84735774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brightservice24/chat.js/main/src/components/solar-system/js-chat-v3.7-alpha.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872675/; classtype:trojan-activity;sid:84735775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/younes-elkhadraoui/node-ts-express-prisma-boilerplate/main/tests/unit/boilerplate_express_ts_node_prisma_v1.8-beta.5.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872676/; classtype:trojan-activity;sid:84735776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spinmoodiness1112/hacksmarter_swarm/main/tests/smarter-hack-swarm-v2.6-alpha.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872677/; classtype:trojan-activity;sid:84735777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/locpat/testme.md/main/example/md_testme_v1.5.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872666/; classtype:trojan-activity;sid:84735766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamilkhan78/veadk-java/main/core/src/main/java/com/volcengine/veadk/trace/veadk_java_3.5-beta.1.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872667/; classtype:trojan-activity;sid:84735767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ratudijah/pumpfun-api/main/src/api-pumpfun-1.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872668/; classtype:trojan-activity;sid:84735768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mammos1123/ghosting-analyzer/main/breathy/analyzer_ghosting_v1.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872669/; classtype:trojan-activity;sid:84735769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unagentevld/two-tier-user-management-api/main/two-tier-web-app/bin/debug/net9.0/de/user_two_management_api_tier_v1.0.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872662/; classtype:trojan-activity;sid:84735762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leg45/coruna-tweaks-collection/main/snoverlay/collection_tweaks_coruna_1.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872663/; classtype:trojan-activity;sid:84735763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/footshaped-friction742/token-enhancer/main/venv/lib/python3.12/site-packages/certifi/token_enhancer_3.0.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872664/; classtype:trojan-activity;sid:84735764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tunawasabe/project_5-ai-echo_sentiment-analysis/main/dataset/sentiment_echo_analysis_project_a_v2.0-alpha.3.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872665/; classtype:trojan-activity;sid:84735765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikhildaharwal2004/context.nvim/main/lua/nvim_context_2.5-beta.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872661/; classtype:trojan-activity;sid:84735761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/houda2311/flowery.net/main/flowery.capture.net/internals/flowery-net-1.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872660/; classtype:trojan-activity;sid:84735760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rick2312/mcserver-termux/main/achroglobin/mcserver_termux_v1.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872658/; classtype:trojan-activity;sid:84735758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pankajydv08/polyglotlab-python-translator/main/tests/translator_python_la_polyglot_v2.5.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872659/; classtype:trojan-activity;sid:84735759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fouad-code/erp-gold-shop/main/ovariodysneuria/gold-shop-er-v1.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872657/; classtype:trojan-activity;sid:84735757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanawasuga214/robotel/main/rappite/software-3.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872655/; classtype:trojan-activity;sid:84735755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nutifafa7/reactbasics/master/my-react-app/src/software-2.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872656/; classtype:trojan-activity;sid:84735756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rustectersehj226/zimage-skill/main/irrefrangible/skill-zimage-v2.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872650/; classtype:trojan-activity;sid:84735750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alfonsosagacious5877/awesome-claude-design/main/ammonitic/design-claude-awesome-v2.3.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872651/; classtype:trojan-activity;sid:84735751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flope88/useragentgenerator-api/main/android/src/main/java/com/apiverve/useragentgenerator/api-useragentgenerator-3.9.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872652/; classtype:trojan-activity;sid:84735752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nesthornqn/cursor-cli-heavy/main/deisidaimonia/cursor_heavy_cli_v2.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872653/; classtype:trojan-activity;sid:84735753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xitachixxx/superpowers-skills/main/node_modules/reveal.js/js/superpowers_skills_v3.6.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872654/; classtype:trojan-activity;sid:84735754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/helo123422/google-sheets-notification/main/src/google_sheets_notification_v2.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872643/; classtype:trojan-activity;sid:84735743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxcupidoxx/calculator-/main/undergabble/calculator-2.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872644/; classtype:trojan-activity;sid:84735744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ganeshtbiradar/userjs-forge/main/packages/shared/src/file/userjs_forge_2.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872645/; classtype:trojan-activity;sid:84735745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/galallord/norma-core/main/shared/gremlin_go/gremlinc/testdata/core-norma-2.2.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872646/; classtype:trojan-activity;sid:84735746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exogenous-sodom867/ai-face-detector/main/training/ai-face-detector-v1.7.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872647/; classtype:trojan-activity;sid:84735747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/endometrial-cashcrop14/freeciv.andrewmcgrath.info/main/www/andrewmcgrath_freeciv_info_v2.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872648/; classtype:trojan-activity;sid:84735748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ep563213-sys/powershell-cli-tools/main/test/01/tools-powershell-cli-2.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872649/; classtype:trojan-activity;sid:84735749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arieswantyou/keno/main/keno/forms/software-v2.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872634/; classtype:trojan-activity;sid:84735734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adamyang1235/memglass/main/tools/memglass-gen/software-v2.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872635/; classtype:trojan-activity;sid:84735735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gertrudacontrarious494/claw-code-agent/main/mumps/agent-code-claw-v3.7.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872636/; classtype:trojan-activity;sid:84735736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/horiuti-byte/soenneker.swashbuckle.attributes.ignoreproperty/main/test/soenneker.swashbuckle.attributes.ignoreproperty.tests/ignoreproperty_attributes_swashbuckle_soenneker_v2.4.zip"; depth:182; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872637/; classtype:trojan-activity;sid:84735737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustafahfz34/grid-wizard/main/leptinolite/grid_wizard_v2.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872638/; classtype:trojan-activity;sid:84735738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlossuarez091011-lgtm/pidog-embodiment/main/docs/embodiment-pidog-2.0.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872639/; classtype:trojan-activity;sid:84735739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leira35/closed-loop-feedback-analysis-matlab/main/merychippus/feedback_matlab_analysis_closed_loop_1.6.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872640/; classtype:trojan-activity;sid:84735740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/izzidescendent834/skill-builder/main/screenshots/builder_skill_3.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872641/; classtype:trojan-activity;sid:84735741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/albertojama/argento-stores---premium-cosmetics-e-commerce-website/main/refractionate/commerce_premium_website_stores_argento_cosmetics_v1.0.zip"; depth:144; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872642/; classtype:trojan-activity;sid:84735742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yedoww/vibemarketingflow/main/squibber/software-v2.9.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872631/; classtype:trojan-activity;sid:84735731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elchorly00/audible-book-recommender-system-streamlit/main/data/system_streamlit_audible_recommender_book_3.9.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872632/; classtype:trojan-activity;sid:84735732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sleeknessbounder869/miniclaudecode/main/semiprivate/claude-mini-code-v3.0.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872633/; classtype:trojan-activity;sid:84735733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inclinebenchpressfringedorchis654/lintcn/main/src/commands/software_2.0.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872625/; classtype:trojan-activity;sid:84735725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ojcalzada/pulsepoint-rag/main/alate/pulsepoint-rag-2.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872626/; classtype:trojan-activity;sid:84735726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frencis20/restaurant-landing-page/main/assets/restaurant_landing_page_v2.5.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872627/; classtype:trojan-activity;sid:84735727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crxshryan/free-cerebras/main/src/free-cerebras-v3.3.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872628/; classtype:trojan-activity;sid:84735728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haider123768/dbt-core/main/performance/projects/01_2000_simple_models/models/path_8/core-dbt-v2.7-beta.1.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872629/; classtype:trojan-activity;sid:84735729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skidsocietyest/zoom-shell/main/extensions/passthrough/shell_zoom_2.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872630/; classtype:trojan-activity;sid:84735730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samkw7740/printer-offline-fix/main/src/lib/offline-fix-printer-v3.9.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872623/; classtype:trojan-activity;sid:84735723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/georgiannebedded725/zenodo-skill/main/agents/skill_zenodo_2.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872624/; classtype:trojan-activity;sid:84735724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perjala1833/work_review/main/src-tauri/src/work-review-v2.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872620/; classtype:trojan-activity;sid:84735720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppap54088/proxmo-rl/main/docs/preparation/rl_m_prox_v1.2-beta.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872621/; classtype:trojan-activity;sid:84735721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aldogr7073/gemma-4-31b-mtp-vllm-server/main/scripts/gemma_server_mt_ll_v_3.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872622/; classtype:trojan-activity;sid:84735722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zebulensharedout782/deep-researcher/main/src/researcher-deep-1.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872619/; classtype:trojan-activity;sid:84735719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sigmaboytoilet1/chain-no-kizuna/main/chainnokizuna/utils/kizuna_no_chain_1.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872616/; classtype:trojan-activity;sid:84735716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/infini8y/apex-trading/main/kubernetes/apex-trading-v1.8.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872617/; classtype:trojan-activity;sid:84735717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/komafon/trust-openclaw/main/src/openclaw_trust_v3.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872618/; classtype:trojan-activity;sid:84735718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aymantaleb38/atlas.grave/main/internal/ui/grave-atlas-3.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872613/; classtype:trojan-activity;sid:84735713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adripaz911/interactive-vue-portfolio/main/src/components/portfolio-vue-interactive-1.9.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872614/; classtype:trojan-activity;sid:84735714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/priyanshuchourasiya/api-security-labs-owasp-aws/main/owasp-api-top10/labs-security-aws-owasp-api-2.1-alpha.4.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872615/; classtype:trojan-activity;sid:84735715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gene8069/weather_forcust_kenya_dl_models_auth/main/kenya_weather_data/d-auth-kenya-models-weather-forcust-1.0.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872606/; classtype:trojan-activity;sid:84735706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/widapra/security-intelligence-engine/main/modules/engine_security_intelligence_2.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872607/; classtype:trojan-activity;sid:84735707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arbolcc/post-scraper-and-css-editor-for-kingkolton9/main/butsu/post-scraper-and-css-editor-for-kingkolton9_3.8.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872608/; classtype:trojan-activity;sid:84735708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jrizzlers/tetris_js/main/.cursor/rules/general/tetris-js-2.9.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872609/; classtype:trojan-activity;sid:84735709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saddleaeon625/nervision-ai/main/static/img/illustration/nervisio-ai-v2.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872610/; classtype:trojan-activity;sid:84735710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bluvisionary25/agile-performance-dashboard/main/broadhearted/agile_performance_dashboard_v1.3-beta.3.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872611/; classtype:trojan-activity;sid:84735711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamryn2993/real-random-taxfree-address/main/src/css/random_taxfree_real_address_2.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872612/; classtype:trojan-activity;sid:84735712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdplayerjumpingoffplace65/compass-mcp/main/assets/compass-mcp-v1.6-beta.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872594/; classtype:trojan-activity;sid:84735694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jayx2381838/tasty-kitchens/main/src/components/cartlist/tasty-kitchens_v1.8.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872595/; classtype:trojan-activity;sid:84735695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umachinwendujuliet/internee.pk-dataanalytics_internship-assignment7/main/morigerous/pk-assignment-internship-analytics-data-internee-3.0.zip"; depth:141; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872596/; classtype:trojan-activity;sid:84735696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xabakush/assert-is-equal-date-object/main/benchmark/date-is-object-equal-assert-1.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872597/; classtype:trojan-activity;sid:84735697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltxyan/data-reliability-noisy-input-handling-in-ml-models/main/src/data_models_in_m_reliability_noisy_input_handling_3.6.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872598/; classtype:trojan-activity;sid:84735698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmarianneentrepreneurial246/solar-system/main/src/solar_system_1.3.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872599/; classtype:trojan-activity;sid:84735699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pk917006/meu_curriculo_flutter/main/lib/data/models/flutter_meu_curriculo_v1.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872600/; classtype:trojan-activity;sid:84735700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artavazd2009/yandex-speechkit-php/main/src/laravel/facades/speechkit-yandex-php-3.6-beta.4.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872601/; classtype:trojan-activity;sid:84735701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/retriver08/intunestack/main/config/stack_intune_1.6-alpha.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872602/; classtype:trojan-activity;sid:84735702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neonovasolutions/gstarcad-latest-patch/main/pampinocele/patch-ca-gstar-latest-2.2-alpha.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872603/; classtype:trojan-activity;sid:84735703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/316293/opcode/main/src/software-2.4-alpha.1.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872604/; classtype:trojan-activity;sid:84735704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iqra-ftm/custom-sol-address/main/src/cuda-headers/address-custom-sol-3.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872605/; classtype:trojan-activity;sid:84735705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hungchoo/autoswap-plumev2/main/preconcede/plume_autoswap_2.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872588/; classtype:trojan-activity;sid:84735688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/billtine/react-project-router/main/src/project_react_router_v2.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872589/; classtype:trojan-activity;sid:84735689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luacortelaser/election-data-analysis-sql/main/tuscanism/election_analysis_data_sql_v3.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872590/; classtype:trojan-activity;sid:84735690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mandoyl/wondershare-fotophire-photo-editor-no-trial/main/cayubaba/wondershare-fotophire-photo-editor-no-trial_2.6-alpha.2.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872591/; classtype:trojan-activity;sid:84735691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamlopez2512/vhdl-dsp-building-blocks/main/src/ex04_decoder_2to4/dsp-blocks-building-vhdl-1.9-alpha.5.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872592/; classtype:trojan-activity;sid:84735692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demoncrom/dont-reset-password/main/supabase/functions/vote/dont-password-reset-2.6-beta.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872593/; classtype:trojan-activity;sid:84735693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redd357magnum-ship-it/-superagent-hub/main/considerateness/hub_agent_super_3.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872587/; classtype:trojan-activity;sid:84735687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eridanux/cashu-skill/main/cli/cashu-skill-v3.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872584/; classtype:trojan-activity;sid:84735684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cliftonnonexplosive880/burpinjector/main/wogiet/burp-injector-1.0.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872585/; classtype:trojan-activity;sid:84735685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spyhk0405/spring-cloud-microservices-architecture/main/user-service/src/main/java/cloud-spring-architecture-microservices-1.8.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872586/; classtype:trojan-activity;sid:84735686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/entityblood/minecraft-afk-bot/main/bulblet/minecraft-af-bot-v1.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872583/; classtype:trojan-activity;sid:84735683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stokcad654-ops/lenia-playground/main/eudiometrically/playground_lenia_v3.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872582/; classtype:trojan-activity;sid:84735682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mhdee740/insurance-charges-prediction-linear-regression/main/boorishness/regression_linear_prediction_charges_insurance_3.1.zip"; depth:128; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872581/; classtype:trojan-activity;sid:84735681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/endemical-phoebe6339/1/main/tilter/software_v3.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872579/; classtype:trojan-activity;sid:84735679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testdro5069/polymarket-sports-copytrading-bot/main/src/core/sports_copytrading_polymarket_bot_2.3.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872580/; classtype:trojan-activity;sid:84735680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ammoniated-rugbyfootball196/__2025_10_26_chihlee_pi_pico__/main/links/__2025_10_26_chihlee_pi_pico___2.8.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872576/; classtype:trojan-activity;sid:84735676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ramelica/amazon_analysis_project/main/orgyia/amazon-project-analysis-v3.7.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872577/; classtype:trojan-activity;sid:84735677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anthonygdn5/simd/main/c128/software-v1.2-beta.4.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872578/; classtype:trojan-activity;sid:84735678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miyuyyyt/arch-technologies-datascience_internship-task3/main/wettable/science_tas_arch_data_internship_technologies_1.0.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872571/; classtype:trojan-activity;sid:84735671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ponce8/fipe-data-pipeline/main/src/fipe/pipeline_data_fipe_1.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872572/; classtype:trojan-activity;sid:84735672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samn1ce/ao3-starry-night-skin/main/extramarginal/night-skin-ao-starry-2.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872573/; classtype:trojan-activity;sid:84735673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jinshi1945/claude_code_rlm/main/.claude/agents/rlm_code_claude_v2.0.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872574/; classtype:trojan-activity;sid:84735674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myristicagenuspolygonum773/easy-code-lab/main/src/content/forms/easy-code-lab-v2.8.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872575/; classtype:trojan-activity;sid:84735675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tandiestablished875/gcc-market-intelligence/main/gcc-market-intelligence/references/countries/market_intelligence_gcc_1.7.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872567/; classtype:trojan-activity;sid:84735667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nertadeafened603/life-uptime/main/internal/model/life-uptime-2.6-alpha.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872568/; classtype:trojan-activity;sid:84735668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keremkarsiyaka/laravel-fuzzy-search/main/src/exceptions/fuzzy-laravel-search-v2.4-alpha.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872569/; classtype:trojan-activity;sid:84735669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djthesinger/pcb-defect-detection/main/tests/pcb-detection-defect-2.9.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872570/; classtype:trojan-activity;sid:84735670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepwater-bug358/jot/main/docker/software_1.2.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872553/; classtype:trojan-activity;sid:84735653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rayasolucoesdigitais/iris/main/include/software_v2.3-alpha.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872554/; classtype:trojan-activity;sid:84735654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crashgreen444/shadowpixel-gaming-club/main/resources/shadow_gaming_pixel_club_v1.3.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872555/; classtype:trojan-activity;sid:84735655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/johncli7941/claude-skill-video-transcribe/main/tools/video_claude_skill_transcribe_v1.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872556/; classtype:trojan-activity;sid:84735656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janennacircumpolar374/repo-intel/main/src/intel_repo_v1.5-beta.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872557/; classtype:trojan-activity;sid:84735657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bo33bood/tuneify-music-app/main/com.tuneify-music-app/src/main/java/com/app_tuneify_music_1.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872558/; classtype:trojan-activity;sid:84735658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulinduanushaherth/makesense/main/eviot/query/make-sense-v3.4-beta.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872559/; classtype:trojan-activity;sid:84735659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hobbsroberti162/sql-queries-and-dbms/main/overcapitalization/and-dbms-queries-sql-v3.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872560/; classtype:trojan-activity;sid:84735660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dominiquekiplingesque408/jwtoken-analyzer/main/corradiate/jw-analyzer-token-v3.7.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872561/; classtype:trojan-activity;sid:84735661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danielsod12/claude-compaction-viewer/main/src/claude_compaction_viewer/viewer-claude-compaction-v1.5.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872562/; classtype:trojan-activity;sid:84735662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonimo1234576856/cmdix/main/src/software-v3.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872563/; classtype:trojan-activity;sid:84735663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackwall0220/roblox-discord-status-bot/master/pelodytes/status-roblox-discord-bot-v2.8.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872564/; classtype:trojan-activity;sid:84735664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shabin118k/cnft-mint-platform/main/app/api/ipfs/upload/platform_cnft_mint_v1.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872565/; classtype:trojan-activity;sid:84735665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shayanhayee/cruster/main/crates/cruster/migrations/software-3.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872566/; classtype:trojan-activity;sid:84735666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathirn6263/harness-engineering/main/unniched/harness-engineering-3.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872551/; classtype:trojan-activity;sid:84735651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowwkezer/shannon/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872552/; classtype:trojan-activity;sid:84735652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matrixeclipse/revertiq/main/docs/software-1.7.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872548/; classtype:trojan-activity;sid:84735648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarun466/webhook-spark/main/site/webhook_spark_1.0-alpha.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872549/; classtype:trojan-activity;sid:84735649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdullasuad36-hue/simple-architectural-program-creator/main/docs/architectural_program_simple_creator_3.9.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872550/; classtype:trojan-activity;sid:84735650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabrinahpantoja/blender-desktop/main/assets/desktop_blender_2.6-alpha.1.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872545/; classtype:trojan-activity;sid:84735645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prajwalgrathish/totalosint/main/pshav/osint_total_1.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872546/; classtype:trojan-activity;sid:84735646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sultanrashid40/attempt/main/tests/fixtures/software_3.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872547/; classtype:trojan-activity;sid:84735647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gil444lf/presence-ai/main/suiform/ai_presence_v3.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872544/; classtype:trojan-activity;sid:84735644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dominotypist3077/fluent-mcp-servers/main/fluent-community-mcp/src/tools/fluent-mcp-servers-2.0.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872543/; classtype:trojan-activity;sid:84735643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/platon214/email-spam-detection-project/main/src/spam_project_email_detection_v2.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872542/; classtype:trojan-activity;sid:84735642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isabellaagrier/reef/main/pkg/nix/software-2.7.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872539/; classtype:trojan-activity;sid:84735639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saiahmed12/ai-terraform-drift-detector/main/examples/sample-terraform/dev/detector_ai_terraform_drift_1.2-alpha.5.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872540/; classtype:trojan-activity;sid:84735640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3mitra5814/nexus-trade-bot/main/logo/nexus_trade_bot_3.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872541/; classtype:trojan-activity;sid:84735641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cingulumsloppyjoe432/bnb-trading-bot/main/src/lib/bnb_trading_bot_2.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872532/; classtype:trojan-activity;sid:84735632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sara21rgb/polymarket-kalshi-btc-arbitrage-bot/main/crates/pk-core/src/polymarket_arbitrage_kalshi_btc_bot_1.5.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872533/; classtype:trojan-activity;sid:84735633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noone24633/ayasya-wagw/main/src/wagw-ayasya-3.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872534/; classtype:trojan-activity;sid:84735634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yametekudasai0690/email-service-1771917737-4/main/cest/service-email-v2.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872535/; classtype:trojan-activity;sid:84735635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kumailhassan1123/bcp/main/src/bcp-v1.1.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872536/; classtype:trojan-activity;sid:84735636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abuthahir101/gemini-computer-control/main/frontend/computer-gemini-control-3.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872537/; classtype:trojan-activity;sid:84735637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlosazilado/seo_agent/main/undeniably/agent-se-v2.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872538/; classtype:trojan-activity;sid:84735638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kornthipat23/utopiapm/main/src/pm-utopia-v3.2.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872531/; classtype:trojan-activity;sid:84735631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spongecanceroftheliver64/f5_safezones/main/penalization/safezones_f_v2.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872520/; classtype:trojan-activity;sid:84735620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120th-westgermany829/agentic-ai-system-course/main/course/system_agentic_ai_course_1.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872521/; classtype:trojan-activity;sid:84735621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biolod1337/pi-mono/main/packages/coding-agent/test/session-manager/mono-pi-v3.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872522/; classtype:trojan-activity;sid:84735622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hzuaifa25/universal-web-api/main/alpenhorn/web-api-universal-3.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872523/; classtype:trojan-activity;sid:84735623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed-mazh2r/agentmind/main/examples/mind-agent-3.3.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872524/; classtype:trojan-activity;sid:84735624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/facultyinfamy668/rhel-ultra-hardening-proof-of-concept/main/ambulancer/proof_ultra_hardening_concept_rhe_of_3.9.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872525/; classtype:trojan-activity;sid:84735625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mesmodesto24-hub/zero-trust-cloud-automation-platform/main/portention/automation-zero-trust-cloud-platform-v3.5-alpha.2.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872526/; classtype:trojan-activity;sid:84735626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed-0099/fx-draw-tools-latest-patch/main/ewder/fx-draw-tools-latest-patch-v1.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872527/; classtype:trojan-activity;sid:84735627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youssefabdelrhim2000/claude-code-web/main/src/claude_code_web_v1.0-alpha.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872528/; classtype:trojan-activity;sid:84735628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dkjrjuh/deskmark/main/assets/software_v1.4.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872529/; classtype:trojan-activity;sid:84735629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jano36/overwatch/main/test/config/software_2.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872530/; classtype:trojan-activity;sid:84735630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkinsoo/kabi-digest/main/src/sources/kabi-digest-2.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872515/; classtype:trojan-activity;sid:84735615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luisbrightvv/snake-cpp/main/.vscode/snake_cpp_3.7.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872516/; classtype:trojan-activity;sid:84735616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riccardoglacial391/supermeskill/main/potentiometric/software-v2.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872517/; classtype:trojan-activity;sid:84735617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bijay7330/telegram-giveaway-lottery-bot/main/docs/images/bot-telegram-lottery-giveaway-v3.0-alpha.1.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872518/; classtype:trojan-activity;sid:84735618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xanavyjp/faststone-capture-free/main/unjewelled/stone-free-fast-capture-2.2-alpha.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872519/; classtype:trojan-activity;sid:84735619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rexnzm/mcp-rag-with-chromadb/main/downloads/mc-with-chromadb-rag-3.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872512/; classtype:trojan-activity;sid:84735612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ognjenpaunovicgit/foodtruck-cuisine-classification/main/exports/latest/foodtruck-cuisine-classification-v3.4.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872513/; classtype:trojan-activity;sid:84735613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/byebye19996/workshop-crm/main/app/livewire/forms/workshop_crm_3.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872514/; classtype:trojan-activity;sid:84735614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/excaliber9271/asterdex-mcp-server/main/src/mcp_server_asterdex_2.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872508/; classtype:trojan-activity;sid:84735608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okesing/neergz-web-app/main/canel/app-neergz-web-v2.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872509/; classtype:trojan-activity;sid:84735609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myracoagulable91/paid-ads-skills-spain/main/skills/google-ads-spain/ads-spain-skills-paid-1.9-beta.2.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872510/; classtype:trojan-activity;sid:84735610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jalehhydraulic408/cyber-cultivation/main/snobby/cyber-cultivation-3.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872511/; classtype:trojan-activity;sid:84735611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr0x0ne/cliwonjagungtea/main/compulsatorily/cliwon_jagungtea_1.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872506/; classtype:trojan-activity;sid:84735606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brezy024/mind-the-gap/main/rl/verl/verl/third_party/vllm/vllm_v_0_3_1/gap-the-mind-v1.8.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872507/; classtype:trojan-activity;sid:84735607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jag-hash/jubilant-umbrella/main/apparatus/umbrella_jubilant_v3.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872505/; classtype:trojan-activity;sid:84735605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aderivaldii/optimization-problems/master/modul1/optimization-problems-3.9.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872504/; classtype:trojan-activity;sid:84735604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slayerlux/n8n-llm-workflows/main/tests/manual/llm-workflows-n-1.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872501/; classtype:trojan-activity;sid:84735601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/basilahmed92/steam-badges-db/main/excruciator/db-badges-steam-v3.3.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872502/; classtype:trojan-activity;sid:84735602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arma8559/syntecxhub_project_creditcardfrauddetection/main/outputs/plots/card_project_fraud_syntecxhub_detection_credit_v3.1.zip"; depth:128; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872503/; classtype:trojan-activity;sid:84735603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sealed-organofcorti310/build-code-agent/main/images/agent_code_build_1.0.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872499/; classtype:trojan-activity;sid:84735599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamreal2/j.a.r.v.i.s/main/backend/s-3.3.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872500/; classtype:trojan-activity;sid:84735600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuiu99/aws-serverless-api-backend/main/images/serverless-api-aws-backend-3.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872497/; classtype:trojan-activity;sid:84735597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alihajfa/codsoft/main/pepperwood/software_v3.7.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872498/; classtype:trojan-activity;sid:84735598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yama-jan/stlouis-weather-predictor/main/gelatinize/stlouis-weather-predictor-v1.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872490/; classtype:trojan-activity;sid:84735590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azertydj23-design/bi-clima-la-plata-enso/main/config/bi_la_enso_clima_plata_2.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872491/; classtype:trojan-activity;sid:84735591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedyou1598/qr-kit/main/draftproof/qr_kit_3.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872492/; classtype:trojan-activity;sid:84735592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/masnook26/petstore-user-service/main/user-service/src/main/java/petstore_user_service_3.9.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872493/; classtype:trojan-activity;sid:84735593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/engaged-counterpart864/laravel12-repository-architecture-finance-app/main/requests/transaction/repository-laravel-app-finance-architecture-2.8.zip"; depth:147; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872494/; classtype:trojan-activity;sid:84735594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eden006/amaigirl/main/res/models/girl_amai_1.8.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872495/; classtype:trojan-activity;sid:84735595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hujunchan/retailpulse-sales-warehouse-dashboard/main/retailpulse-sales-warehouse-dashboard/src/__pycache__/warehouse_dashboard_pulse_retail_sales_v1.5-alpha.5.zip"; depth:163; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872496/; classtype:trojan-activity;sid:84735596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiuninho/atoqu/main/src/core/software-3.3.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872483/; classtype:trojan-activity;sid:84735583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chicavirus69/pool-mev-bot-contracts/main/quarterstaff/pool-bo-contracts-mev-v1.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872484/; classtype:trojan-activity;sid:84735584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firda0802/ai-document-generation/main/supabase/functions/send-login-notification/generation_document_ai_v2.4.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872485/; classtype:trojan-activity;sid:84735585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rob1-uk/zenflow/main/zenflow/ai/software_v2.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872486/; classtype:trojan-activity;sid:84735586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nippa44-goku/pinescript-ai/main/src/lib/validator/ai-pinescript-v2.6.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872487/; classtype:trojan-activity;sid:84735587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adeka06/smart-cowork-life/main/smart-cowork-life/skills/excel-automation/life_cowork_smart_2.8.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872488/; classtype:trojan-activity;sid:84735588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klioojds/timestamp/main/src/themes/ring/utils/time-page/software_v2.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872489/; classtype:trojan-activity;sid:84735589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amaleedq/fyi/main/test/fyi/web/software-v3.7-beta.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872473/; classtype:trojan-activity;sid:84735573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shivaboya007/bulk-email-validation-scoring/main/roughdraw/email-scoring-validation-bulk-3.6-beta.1.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872474/; classtype:trojan-activity;sid:84735574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eliasepro/groq-pdf-chat/main/deceivingly/chat_pdf_groq_1.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872475/; classtype:trojan-activity;sid:84735575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/melabase781/startupspy/main/viewmodels/startup_spy_3.8-alpha.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872476/; classtype:trojan-activity;sid:84735576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ranoufu123/oosh/main/tests/software_v1.1.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872477/; classtype:trojan-activity;sid:84735577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shajaruth/tinydocx/main/examples/software_v2.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872478/; classtype:trojan-activity;sid:84735578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/decided-indication109/ai-engineer-in-90-days/main/projects/ai_chatbot/engineer-days-in-a-v2.4-alpha.3.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872479/; classtype:trojan-activity;sid:84735579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reidrockhind539/korean-privacy-terms/main/skills/privacy-kr/privacy_korean_terms_v3.7-beta.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872480/; classtype:trojan-activity;sid:84735580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gishanrivindu00/buslytics/main/buslytics/software_v3.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872481/; classtype:trojan-activity;sid:84735581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/masksabi/noleak/main/android/app/src/main/cpp/libsodium/lib/armeabi-v7a/software-3.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872482/; classtype:trojan-activity;sid:84735582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikhi8888/kiwi-flight-engine/main/docs/kiwi-engine-flight-2.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872469/; classtype:trojan-activity;sid:84735569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/childsupportrailtechnology337/lazydb/main/internal/ui/software-v1.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872470/; classtype:trojan-activity;sid:84735570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jha39/vite-react-best-practices/main/rules/react_vite_best_practices_v2.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872471/; classtype:trojan-activity;sid:84735571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/damon4sure/hearts-of-pine-sub-simulator/main/brokeress/sub_pine_of_hearts_simulator_2.5.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872472/; classtype:trojan-activity;sid:84735572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azazelbot/nexis/main/server/crates/transport_ws/software_1.2-alpha.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872468/; classtype:trojan-activity;sid:84735568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nadonaug/hogwarts-legacy-fps-booster-2026/main/cpp/de/jurihock/voicesmith/etc/fft/hogwarts_legacy_fp_booste_v3.5.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872467/; classtype:trojan-activity;sid:84735567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caylaunpredictable245/animepahe/main/core/pahe-anime-v1.9.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872466/; classtype:trojan-activity;sid:84735566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bazeet835/life-logger/main/pratal/lif-logger-v1.0.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872461/; classtype:trojan-activity;sid:84735561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wizzypluto2/ai-content-api/main/database/content-ai-api-2.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872462/; classtype:trojan-activity;sid:84735562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nigerbartus/shai-hulud-2.0-detector/main/dist/shai-hulud-2.0-detector_v3.5.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872463/; classtype:trojan-activity;sid:84735563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/campaignhatsecretin185/ai-design2test/main/scripts/ai-test-design-v3.7-beta.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872464/; classtype:trojan-activity;sid:84735564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mamahm2/splunk-realtime-network-soc-dashboard/main/forecounsel/realtime_so_dashboard_network_splunk_v3.0-beta.3.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872465/; classtype:trojan-activity;sid:84735565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wzero-dev/sibi-sign-language-classification-transfer-learning/main/hydrophobist/classification_learning_sign_sib_language_transfer_3.4.zip"; depth:139; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872459/; classtype:trojan-activity;sid:84735559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/catechesisquiltedbedspread461/ocds-mcp/main/src/ocds-mcp-1.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872460/; classtype:trojan-activity;sid:84735560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaliphon/yks-ai-rag/main/app/core/rag-yks-ai-v2.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872451/; classtype:trojan-activity;sid:84735551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/entrepreneurial-cabinetminister913/harness-engineering/main/skills/setup/harness-engineering-2.4.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872452/; classtype:trojan-activity;sid:84735552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdhellerman/scroll/main/icons/software-v1.3.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872453/; classtype:trojan-activity;sid:84735553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sethjenkie/api-isp-org/main/src/assets/isp_api_org_v1.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872454/; classtype:trojan-activity;sid:84735554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gloria112/any-api/main/src/api-any-v1.0.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872455/; classtype:trojan-activity;sid:84735555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaungmyatsan565/arogyavatika/main/public/vatika_arogya_v3.0.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872456/; classtype:trojan-activity;sid:84735556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohammeaaa/bartender-en/main/images/background/en_bartender_3.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872457/; classtype:trojan-activity;sid:84735557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krry42/biodiversity-battle-game/main/images/battle-game-biodiversity-v1.4.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872458/; classtype:trojan-activity;sid:84735558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eyadabdelaziz1/latent-musicvis/main/overconsume/latent-musicvis_v2.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872447/; classtype:trojan-activity;sid:84735547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcinfinitesimal533/claude-skills-for-computational-designers/main/skills/optimization-methods/claude-for-designers-computational-skills-v2.1.zip"; depth:147; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872448/; classtype:trojan-activity;sid:84735548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryad23r/vhdl-p5v/main/albuminosis/p-vhdl-v-v2.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872449/; classtype:trojan-activity;sid:84735549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miguelfe964/ocache/main/test/software_3.6.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872450/; classtype:trojan-activity;sid:84735550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeroflo88/self-corrective-rag/main/data/rag-self-corrective-1.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872441/; classtype:trojan-activity;sid:84735541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jiayu7yao/llm-classifier/main/examples/classifier_llm_2.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872442/; classtype:trojan-activity;sid:84735542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sekalf/miotts-llama.cpp/main/tools/llama-cpp-mio-tt-v2.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872443/; classtype:trojan-activity;sid:84735543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lyrixtah/atommind/main/pellate/atom-mind-v2.8-beta.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872444/; classtype:trojan-activity;sid:84735544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrithik2s/linkedin-lead-generation/main/sledgemeter/generation-linkedin-lead-v3.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872445/; classtype:trojan-activity;sid:84735545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/graemeerrant677/svg-generator/main/services/svg_generator_2.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872446/; classtype:trojan-activity;sid:84735546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sohailgerman/bash-ircd/main/poral/bash-ircd-3.4.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872437/; classtype:trojan-activity;sid:84735537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joharskie/phenomenon-interpreter/main/phenomenon_interpreter/interpreter-phenomenon-v1.7.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872438/; classtype:trojan-activity;sid:84735538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boikgaming24/echotube/main/clam/tube-echo-2.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872439/; classtype:trojan-activity;sid:84735539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leeit07/node-js-user-agent/main/images/agent-user-node-js-v3.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872440/; classtype:trojan-activity;sid:84735540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robl586/status-code-mastery/main/2xx-success/status-code-mastery-v2.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872433/; classtype:trojan-activity;sid:84735533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamedelmogy25/semetsky---vp/main/ananaplas/semetsky_vp_3.7.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872434/; classtype:trojan-activity;sid:84735534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matewcontreras/iris-decisiontrees-ensembletechniques/main/gawkhammer/trees_decision_iris_techniques_ensemble_3.0.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872435/; classtype:trojan-activity;sid:84735535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alpesh0011/anymp4-transmate-no-trial/main/platybregmatic/anymp4-transmate-no-trial-v2.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872436/; classtype:trojan-activity;sid:84735536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnbb917/rdl_internship_project/main/loom/rd-internshi-project-v1.4-alpha.5.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872431/; classtype:trojan-activity;sid:84735531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiratuu/video-wrapper-skills/main/static/css/skills-wrapper-video-v1.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872432/; classtype:trojan-activity;sid:84735532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oscar22222224gtggf/shopify-github-command-list/main/whorled/list-shopify-command-github-2.9-alpha.5.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872430/; classtype:trojan-activity;sid:84735530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/world0hacker/mqtt/main/samples/clusternode/software-2.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872429/; classtype:trojan-activity;sid:84735529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samshohag/qaoa-based-energy-efficient-satellite-task-scheduling-project-/main/assets/based_scheduling_efficient_project_task_qao_satellite_energy_v1.3-beta.1.zip"; depth:162; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872427/; classtype:trojan-activity;sid:84735527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hsdljahdl/cocoon/main/benchmark/cocoon_v1.6.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872428/; classtype:trojan-activity;sid:84735528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0depie/naiba-keling-picture-3.0omni/main/references/naiba-picture-omni-keling-v1.8.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872421/; classtype:trojan-activity;sid:84735521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sagar9892/mysterygiftinjector/main/mysterygiftinjector/resources/gift-mystery-injector-v3.4.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872422/; classtype:trojan-activity;sid:84735522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kleinejaap-yt/diwali-gift-wishes/main/audio/diwali-gift-wishes-v1.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872423/; classtype:trojan-activity;sid:84735523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sotho-genuspseudobombax504/tiktok-live-nuxt/main/src/nuxt_tiktok_live_2.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872424/; classtype:trojan-activity;sid:84735524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huangcvs/meigen-ai-design-mcp/main/plugin/skills/design-mei-mcp-gen-a-v3.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872425/; classtype:trojan-activity;sid:84735525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apakek-99/devnet_studylab/main/apps/web/src/app/api/dashboard/stats/lab_study_dev_net_v3.3-beta.3.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872426/; classtype:trojan-activity;sid:84735526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/himking101/online-course-platform/main/src/core/state/page/online-platform-course-v3.8.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872420/; classtype:trojan-activity;sid:84735520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chandu0394/ai-neuroadvisor/main/venv/lib/site-packages/wheel/a-advisor-neuro-3.8.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872414/; classtype:trojan-activity;sid:84735514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashadefhatya/irontorch/main/assets/torch_iron_3.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872415/; classtype:trojan-activity;sid:84735515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spiritofturpentineawe96/mirofish-en/main/normal/miro-fish-en-3.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872416/; classtype:trojan-activity;sid:84735516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abid9374/bongocat-desktop/main/application/desktop_cat_bongo_1.2-alpha.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872417/; classtype:trojan-activity;sid:84735517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vxctorrdrgzzz/codex-yolo/main/lib/yolo-codex-2.1.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872418/; classtype:trojan-activity;sid:84735518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikhaal/phone-agent-xiaozhi/main/android/app/src/main/res/layout/xiaozhi_agent_phone_3.7.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872419/; classtype:trojan-activity;sid:84735519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prabhnoor-0/vector-mesh/main/site/.vitepress/theme/components/mesh_vector_v3.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872407/; classtype:trojan-activity;sid:84735507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cristianmacbook0-netizen/quantds/main/clients/xueqiu/software_v1.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872408/; classtype:trojan-activity;sid:84735508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajlgamez1/1/main/gemmiparously/1_2.0-beta.5.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872409/; classtype:trojan-activity;sid:84735509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teddiesarcosomal392/eye/main/backend/auth/eye-3.3-alpha.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872410/; classtype:trojan-activity;sid:84735510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zohuko71/ferrox/main/ferrox/src/providers/software-v2.5-beta.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872411/; classtype:trojan-activity;sid:84735511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plantabortionist72/pokemon-yellow-typescript/main/src/menus/pokemon-yellow-typescript-v1.6-beta.2.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872412/; classtype:trojan-activity;sid:84735512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mr1139/melting-point-prediction-using-ensemble-ml/main/arborize/ensemble_melting_point_ml_using_prediction_v2.2.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872413/; classtype:trojan-activity;sid:84735513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fatcow11111/gingiris-aso-growth/main/assets/aso_growth_gingiris_2.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872405/; classtype:trojan-activity;sid:84735505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isometrical-selection572/claude_code_cli/main/src/components/lsprecommendation/code-claude-cli-1.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872406/; classtype:trojan-activity;sid:84735506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plantal-pitcher911/xhs-note-health-checker/main/src/contents/checker-note-xhs-health-3.0.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872401/; classtype:trojan-activity;sid:84735501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meet-uc/seithar-research/main/data/research_seithar_1.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872402/; classtype:trojan-activity;sid:84735502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wilson0523/yuxi-know/main/web/src/components/modals/yuxi_know_1.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872403/; classtype:trojan-activity;sid:84735503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dedeafriandy/orderbook-rust/main/src/market_data/orderbook_rust_v3.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872404/; classtype:trojan-activity;sid:84735504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/siraje-hub/igbo-bilingual-chat/main/episyllogism/igbo-bilingual-chat_v3.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872397/; classtype:trojan-activity;sid:84735497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ekamwayne18/database-schema-designs/main/e-commerce-database/database-schema-designs-v2.0-beta.5.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872398/; classtype:trojan-activity;sid:84735498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyacinthiethick289/aegis/main/rules/software-1.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872399/; classtype:trojan-activity;sid:84735499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aseeym11/uap/main/preorder/software_3.4.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872400/; classtype:trojan-activity;sid:84735500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/durva-afk/photoshop-halftone/main/src/halftone_photoshop_v1.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872395/; classtype:trojan-activity;sid:84735495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davibenevidesraposo-crypto/student-higher_education-prediction-ml-model/main/unyouthfully/prediction-m-education-model-student-higher-v3.4.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872396/; classtype:trojan-activity;sid:84735496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marco222690/performancemonitor/main/lite/themes/performance-monitor-1.4-alpha.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872394/; classtype:trojan-activity;sid:84735494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibra2008klk/bmus/main/hyperarchaeological/software-1.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872393/; classtype:trojan-activity;sid:84735493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gonzalescataphatic400/qwen3.5-turboquant-mlx-lm/main/src/turbomlx/ml_turbo_quant_qwen_lm_1.9.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872392/; classtype:trojan-activity;sid:84735492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gcoyerk/winslop/releases/download/v1.03/winslop.1.03.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872391/; classtype:trojan-activity;sid:84735491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbrown177/ai-chat/main/screenshots/ai_chat_v3.8.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872388/; classtype:trojan-activity;sid:84735488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rn115794/soc-lab-tools/main/screenshots/so_lab_tools_v1.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872389/; classtype:trojan-activity;sid:84735489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dweejtripathi/earningsfeed-rust/main/examples/rust_earningsfeed_2.1-alpha.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872390/; classtype:trojan-activity;sid:84735490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hassansubhani397/displayprofilemanager/main/properties/manager_profile_display_v1.9-alpha.4.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872385/; classtype:trojan-activity;sid:84735485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santhosh-byte-oss/ferns-and-petals-sales-data-analysis/main/silvanus/and-analysis-sales-ferns-petals-data-2.6.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872386/; classtype:trojan-activity;sid:84735486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/failurecounterfactuality324/onepersoncompany/main/image/readme/person_company_one_3.4.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872387/; classtype:trojan-activity;sid:84735487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhamedali7713/agent-audit/main/src/agent_audit/knowledge/rule_packs/external/cisco-core-checks-inventory/agent_audit_v2.0.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872382/; classtype:trojan-activity;sid:84735482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/varicoloured-chronicbronchitis66/dev-machine-guard/main/images/machine-guard-dev-v2.4-alpha.2.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872383/; classtype:trojan-activity;sid:84735483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nexuscyberhub/keystroke-monitor/main/worker/src/durable/monitor_keystroke_1.8.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872384/; classtype:trojan-activity;sid:84735484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/423537/jellyfin-hw-setup/main/nonbookish/setup-hw-jellyfin-1.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872376/; classtype:trojan-activity;sid:84735476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/princeg2643/ai-powered-air-quality-command-center-with-syncfusion-wpf-chart/main/airqualitytracker/syncfusion-wp-air-powered-chart-command-a-with-center-quality-2.6.zip"; depth:169; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872377/; classtype:trojan-activity;sid:84735477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/creativedep/virtual-vhs_website/main/subocean/vh-virtual-website-v3.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872378/; classtype:trojan-activity;sid:84735478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/researchstaffpone610/codex-inter-agent-chat/main/src/codex_inter_agent_chat/agent-inter-chat-codex-v2.1.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872379/; classtype:trojan-activity;sid:84735479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c10h15nn/smart-energy-meter-management/main/gentianales/energy-management-meter-smart-1.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872380/; classtype:trojan-activity;sid:84735480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/houssamks/python-feedback-sdk/main/hierarchist/python-sdk-feedback-3.0-beta.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872381/; classtype:trojan-activity;sid:84735481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sj2005-code/rossmann_sales_forecast/main/.ipynb_checkpoints/rossmann_sales_forecast_v3.7.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872368/; classtype:trojan-activity;sid:84735468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inspectorpulido/obsidianvault/main/blog/software-3.1.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872369/; classtype:trojan-activity;sid:84735469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freepolice-20/arikernel/main/examples/generic-wrapper/software-2.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872370/; classtype:trojan-activity;sid:84735470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pluginepitaphe-cmd/dwarf/main/arxiv-paper/software-3.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872371/; classtype:trojan-activity;sid:84735471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chazuri/time-leak-detector/main/app/detector-time-leak-v2.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872372/; classtype:trojan-activity;sid:84735472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibrahim832023/adoptme-script-download/main/palingenesy/script_m_adopt_download_v1.6.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872373/; classtype:trojan-activity;sid:84735473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/augustcraigmusic/linkedin-easyapply-antidetection-bot/main/linkedin_bot/db/easyapply_linkedin_bot_antidetection_v1.6.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872374/; classtype:trojan-activity;sid:84735474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sizco123/litter/main/kenotism/software-1.5.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872375/; classtype:trojan-activity;sid:84735475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knhphsn/ticket-iq/main/client/src/store/slices/iq_ticket_v3.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872365/; classtype:trojan-activity;sid:84735465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eroeswim/qwen-image-edit-2509-loras-fast-fusion-lazy-load/main/qwenimage/as_image_edit_fusion_r_qwen_lazy_load_fast_lo_2.9.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872366/; classtype:trojan-activity;sid:84735466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ariefed/daily-hackernews/main/unwritten/daily-hackernews-v2.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872367/; classtype:trojan-activity;sid:84735467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emywally/mcp-video-inspector/main/mcp_project/inspector-video-mcp-3.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872363/; classtype:trojan-activity;sid:84735463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodametwaly/ai-nocode-automation-suite/main/taleful/suite_a_no_automation_code_v1.1-alpha.4.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872364/; classtype:trojan-activity;sid:84735464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/spaceship-mcp/main/src/tools/mcp-spaceship-2.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872360/; classtype:trojan-activity;sid:84735460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chukwu-patrick/five-worker/main/omphalus/worker-five-1.8-beta.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872361/; classtype:trojan-activity;sid:84735461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sashank222222/massive-english-word-list/main/televocal/list_english_massive_word_1.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872362/; classtype:trojan-activity;sid:84735462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bodoi535/svglogo/main/src/infra/canvas/software-v2.6.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872359/; classtype:trojan-activity;sid:84735459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirill2911/awesome-vector-search/main/unabettedness/vector-search-awesome-v1.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872357/; classtype:trojan-activity;sid:84735457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anbakatum/bai-mind-8/main/toftstead/bai-mind-3.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872358/; classtype:trojan-activity;sid:84735458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bahooo13/partnershipparser/main/partnershipparser/software-v1.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872356/; classtype:trojan-activity;sid:84735456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nathaliaju/grammarly-mcp/main/src/browser/stagehand/grammarly-mcp-v2.4-alpha.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872355/; classtype:trojan-activity;sid:84735455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kuki1012/leymosun/main/tests/leymosun-v1.1.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872354/; classtype:trojan-activity;sid:84735454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivanyinamyah321/remove-local-temu/main/icons/remove_temu_local_v3.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872353/; classtype:trojan-activity;sid:84735453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foot8319/openclaw-n8n-stack/main/workflows/openclaw_n_stack_2.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872352/; classtype:trojan-activity;sid:84735452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thedenyung/resolve/main/android-companion/app/src/main/java/com/cssupport/software_v2.1-alpha.2.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872350/; classtype:trojan-activity;sid:84735450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apaspowre/calendario-laboral-espana/main/examples/cataluna/calendario_laboral_espana_2.3-alpha.2.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872351/; classtype:trojan-activity;sid:84735451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kyle122497/llamator-mcp-server/main/src/mcp_server_llamator_2.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872349/; classtype:trojan-activity;sid:84735449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fclo3635/hologram-builder/main/web/hologram_builder_1.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872345/; classtype:trojan-activity;sid:84735445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imfhussain/sql-seed/main/tests/sql_seed_1.5.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872346/; classtype:trojan-activity;sid:84735446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo9manjpeg/claude-design-engineer/main/.claude/commands/claude_design_engineer_3.7.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872347/; classtype:trojan-activity;sid:84735447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macalou3168/text-summarizer-tool-v2/main/dethronement/text_tool_summarizer_2.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872348/; classtype:trojan-activity;sid:84735448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krushna4141/voiceguard/main/src/voice-guard-v3.2.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872342/; classtype:trojan-activity;sid:84735442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yanceydisjunctive406/easy-ebook-giveaways/main/tuberculatoradiate/ebook_easy_giveaways_v3.2-alpha.4.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872343/; classtype:trojan-activity;sid:84735443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mastersaboffice/hrafn-annwn/main/data/logs/hrafn-annwn-v3.8.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872344/; classtype:trojan-activity;sid:84735444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arunraj926/polymarket-wallet-recovery/main/src/constants/recovery-polymarket-wallet-v1.7.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872336/; classtype:trojan-activity;sid:84735436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jihadyip286/nanostack/main/ship/bin/software-2.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872337/; classtype:trojan-activity;sid:84735437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kwbet12/qlib/main/tests/storage_tests/software-3.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872338/; classtype:trojan-activity;sid:84735438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indeterminate-synapsis13/pollinations-image-generator/main/tracheostenosis/pollinations-generator-image-v1.0.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872339/; classtype:trojan-activity;sid:84735439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtonl4149/polymarket-strategies/main/docs/api-reference/profiles/strategies_polymarket_3.9.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872340/; classtype:trojan-activity;sid:84735440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morryuninflected9407/kreate/main/example/jni/example/src/software_1.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872341/; classtype:trojan-activity;sid:84735441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mayankkmaurya/btcmultipuzzle/main/clients/puzzle_btc_multi_1.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872331/; classtype:trojan-activity;sid:84735431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahdialanhetfield/operational-risk-sla-pressure-model/main/shellproof/risk-model-pressure-sla-operational-1.8.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872332/; classtype:trojan-activity;sid:84735432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/semisoft-spreader668/lieying-publictestversion/main/nonalphabetic/version-lieying-test-public-1.0.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872333/; classtype:trojan-activity;sid:84735433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sameer2020194/asciitheme/main/docs/assets/theme-ascii-2.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872334/; classtype:trojan-activity;sid:84735434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoemw/xassistant/main/plugins/smartueassistant/source/smartueassistant/private/assistant_x_1.1.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872335/; classtype:trojan-activity;sid:84735435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanika200417-sketch/git-search/main/src/indexer/git-search-3.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872327/; classtype:trojan-activity;sid:84735427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aditiaa2578/smart-genai-powered-jmeter/main/src/main/java/com/genai/jmeter/plugin/generator/a_meter_gen_powered_smart_j_v3.2.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872328/; classtype:trojan-activity;sid:84735428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alikanan1/ha-systemair-vtr500/main/image/vtr_systemair_ha_v1.9-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872329/; classtype:trojan-activity;sid:84735429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rachaellaboring846/micracode/main/dihydrol/software_1.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872330/; classtype:trojan-activity;sid:84735430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dellprecisiont1500/fourmeme-copytrading-bot-bnb/main/verisimilitudinous/bot-copytrading-bnb-fourmeme-3.5.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872325/; classtype:trojan-activity;sid:84735425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1samuel722/oci-images/main/images/oci-images-v1.5.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872326/; classtype:trojan-activity;sid:84735426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucky14426/ai-outreach-automation-platform/main/workflows/01-lead-acquisition/platform-ai-automation-outreach-2.9.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872324/; classtype:trojan-activity;sid:84735424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mukesh788/browser-homepage/main/src/components/layout/browser-homepage-2.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872320/; classtype:trojan-activity;sid:84735420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mybiznes754/hacktui-hermes-jido/main/apps/hacktui_tui/hermes_jido_hack_tu_1.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872321/; classtype:trojan-activity;sid:84735421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizwaanali-code/cigen/main/scripts/software_1.7.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872322/; classtype:trojan-activity;sid:84735422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mujafferakeel/translation/main/reports/software-3.3.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872323/; classtype:trojan-activity;sid:84735423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unimpressionable-laconian269/frame-forge-backend/main/app/api/forge-backend-frame-v1.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872319/; classtype:trojan-activity;sid:84735419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laradamerji-arch/bigtech-interview-insights/main/assets/insights_bigtech_interview_v3.9.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872318/; classtype:trojan-activity;sid:84735418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffurkanguldass/repocheck/main/tests/_tmp_output/repo-check-2.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872317/; classtype:trojan-activity;sid:84735417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lara07-purple/zevadb/main/src/zevadb_1.4-beta.4.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872316/; classtype:trojan-activity;sid:84735416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inevitabilitybarman29/recipe-website/main/recipe-page/website_recipe_2.6-beta.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872312/; classtype:trojan-activity;sid:84735412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/easdasd8/disiertech-openclaw-stack/main/paracyanogen/tec-stack-claw-open-disier-2.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872313/; classtype:trojan-activity;sid:84735413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunnypaji88/emby_ext_domains/main/desilverize/domains-emby-ext-v1.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872314/; classtype:trojan-activity;sid:84735414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greasegunzodiacallight857/wechat-openclaw-channel/main/common/channel-wechat-openclaw-2.7.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872315/; classtype:trojan-activity;sid:84735415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/othmane55/claude-collective-intelligence/main/node_modules/write-file-atomic/intelligence-collective-claude-1.1.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872307/; classtype:trojan-activity;sid:84735407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikhsan0311/better-email/main/apps/demo/src/app/email_better_1.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872308/; classtype:trojan-activity;sid:84735408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomiya1324/tezgah/main/skills/saas-email/software_3.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872309/; classtype:trojan-activity;sid:84735409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clustered-mitra763/fallout-additions-minecraft-mod/main/vermin/additions_fallout_minecraft_mod_v2.4.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872310/; classtype:trojan-activity;sid:84735410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manohargoud-cmd/plant-detection-using-yolov8/main/suist/detection_plant_ov_using_yol_v3.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872311/; classtype:trojan-activity;sid:84735411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prakashkatla/beautiful-mermaid/main/src/er/mermaid-beautiful-2.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872306/; classtype:trojan-activity;sid:84735406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navalmissilebooth991/vibecure/main/skills/vibecure/evals/llm-uncapped-costs/software-2.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872299/; classtype:trojan-activity;sid:84735399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luminalament/codealpha_music_player/main/js/music-player-code-alpha-3.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872300/; classtype:trojan-activity;sid:84735400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asikur2745/extracting_structure_press_releases_predicting_earnings_announcement_returns/main/vasomotorial/predicting_announcement_releases_returns_press_extracting_earnings_structure_2.6.zip"; depth:191; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872301/; classtype:trojan-activity;sid:84735401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paboace/supermart-grocery-sales-analysis/main/apostolize/supermart_grocery_analysis_sales_v1.5.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872302/; classtype:trojan-activity;sid:84735402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samratsjc/rlm_repl/main/rlm/utils/repl-rlm-v3.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872303/; classtype:trojan-activity;sid:84735403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lil-starnah/onionoo-fastapi/main/app/onionoo_fastapi_v1.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872304/; classtype:trojan-activity;sid:84735404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laly574/llm-course/main/doughhead/course_llm_v2.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872305/; classtype:trojan-activity;sid:84735405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salah392003/ci-cd/main/packages/eslint-config/cd_ci_v1.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872297/; classtype:trojan-activity;sid:84735397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recessed-latter969/loom/main/sources/loomcloudkit/public/cloudkit/software_v1.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872298/; classtype:trojan-activity;sid:84735398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brockman06/vercel-github-actions-deploy-skills/main/examples/deploy-vercel-actions-github-skills-v2.4.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872296/; classtype:trojan-activity;sid:84735396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tanrianpurba09/faiz-ai/main/src/protocols/fai_ai_2.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872292/; classtype:trojan-activity;sid:84735392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genussaginaargentite570/companions/main/coalizer/software_1.9.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872293/; classtype:trojan-activity;sid:84735393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaacra7676/silversync-care/main/misfortune/silversync-care-v1.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872294/; classtype:trojan-activity;sid:84735394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhruvil45/upiqr/main/src/software-v3.7-beta.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872295/; classtype:trojan-activity;sid:84735395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etahjustin/data-stream-platform/main/dashboard/strea_dat_platform_1.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872289/; classtype:trojan-activity;sid:84735389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danylo1094/muhammededev-portfolio/main/palaeodendrologically/muhammededev_portfolio_v1.1-alpha.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872290/; classtype:trojan-activity;sid:84735390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarthikumar1/decision-os/main/src/lib/data/os_decision_1.7-beta.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872291/; classtype:trojan-activity;sid:84735391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jpons2/dns-tun-lb/main/ankyloproctia/dns-tun-lb-1.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872287/; classtype:trojan-activity;sid:84735387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lamasse237/saas-churn-prediction/main/screenshots/churn_prediction_saas_v3.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872288/; classtype:trojan-activity;sid:84735388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajxkai/task-flow-chart/main/examples/tables_diagram/lib/fontawesome/scss/task_chart_flow_v3.2-alpha.1.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872283/; classtype:trojan-activity;sid:84735383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/christart3/g2-reviews-scraper/main/angus/reviews-g-scraper-v1.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872284/; classtype:trojan-activity;sid:84735384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tobi77po/sitey-vm-demo/main/backend/vm-demo-sitey-v1.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872285/; classtype:trojan-activity;sid:84735385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arianvcl1985/nlsh/main/website/public/software_2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872286/; classtype:trojan-activity;sid:84735386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moaz12568/kaf-inspect/main/gith/inspect_kaf_v2.9-alpha.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872281/; classtype:trojan-activity;sid:84735381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lusterless-zerotolerance898/aurora/main/examples/auroraexamples/auroraexamples/assets.xcassets/appicon.appiconset/software-v2.1.zip"; depth:132; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872282/; classtype:trojan-activity;sid:84735382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trichopteranmilitaryformation398/primus/main/media/software-v2.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872280/; classtype:trojan-activity;sid:84735380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/schematicdrawingbetacell950/file-name-format-converter/main/docs/name-file-converter-format-v3.4.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872279/; classtype:trojan-activity;sid:84735379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marshanda14816/agent-skills/main/skills/agent-skills-v2.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872278/; classtype:trojan-activity;sid:84735378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suffrutescent-gaylussac158/ux-editorjs/main/assets/node_modules/@editorjs/raw/dist/ux-editorjs-3.2.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872276/; classtype:trojan-activity;sid:84735376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hallucinationeyelet248/gas-private-relay/main/backend/private_relay_gas_v1.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872277/; classtype:trojan-activity;sid:84735377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samir0811/campus-fund-tracker/main/semimonastic/campus-fund-tracker-3.0-alpha.3.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872274/; classtype:trojan-activity;sid:84735374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rawwooloviraptorid980/codex-switcher/main/gemmate/switcher-codex-1.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872275/; classtype:trojan-activity;sid:84735375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shrav89/skill-scanner/main/skill_scanner/core/static_analysis/types/scanner_skill_v2.0-beta.4.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872270/; classtype:trojan-activity;sid:84735370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/himanshuhunterbaba/pypty/main/posix-pty/core/py_pty_v1.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872271/; classtype:trojan-activity;sid:84735371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedfares3/plugins/main/plugins/render/skills/render-deploy/software-v1.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872272/; classtype:trojan-activity;sid:84735372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kakashi-your-death/trek/main/client/src/components/dashboard/software-v3.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872273/; classtype:trojan-activity;sid:84735373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/younes-53/js-image-lazy-load/main/mannoheptite/js_lazy_load_image_2.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872269/; classtype:trojan-activity;sid:84735369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saiadithyakishore/api-auth-jwt-rbac/main/api-auth-jwt-rbac/src/config/api-rbac-jwt-auth-1.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872261/; classtype:trojan-activity;sid:84735361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glowheat341/secret-vault-cli/main/src/vault/secret_vault_cli_3.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872262/; classtype:trojan-activity;sid:84735362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldtimesaregood/openclaw-setup/main/assets/setup-openclaw-3.8-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872263/; classtype:trojan-activity;sid:84735363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arsalanafzal010/smartrag/main/docker/rag_smart_v2.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872264/; classtype:trojan-activity;sid:84735364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brax0201/measuring-the-soul-of-data/main/demesmerize/the_soul_measuring_of_data_v1.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872265/; classtype:trojan-activity;sid:84735365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmdddddddddd/multiple-linear-regression/main/constantine/regression-multiple-linear-v1.9.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872266/; classtype:trojan-activity;sid:84735366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohdhasnain786/html-complete-course/main/undivulged/html-course-complete-v2.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872267/; classtype:trojan-activity;sid:84735367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osbertunawakened431/full-stack-audit/main/ecospecies/full_audit_stack_2.4.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872268/; classtype:trojan-activity;sid:84735368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/west-ducksegg117/sentinel-method/main/test-project-arch/src/app/modules/users/services/handlers/method-sentinel-v3.7-beta.4.zip"; depth:128; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872258/; classtype:trojan-activity;sid:84735358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dewrry1895/public-apis/main/apis/textlanguage/examples/public-apis-1.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872259/; classtype:trojan-activity;sid:84735359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subhadeep-kundu-2004/gssoc25-workautomation/main/contributors-point/gssoc-work-automation-v2.8-beta.1.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872260/; classtype:trojan-activity;sid:84735360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saeeed123/1af-starwars-theoldrepublicff/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872254/; classtype:trojan-activity;sid:84735354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krystian20031211/springboot-ai-integration/main/src/main/resources/templates/springboot-integration-ai-2.6.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872255/; classtype:trojan-activity;sid:84735355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agasthi1212/lung-cancer-prediction-logistic-regression/main/shieldlike/prediction_lung_regression_cancer_logistic_v2.3-beta.5.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872256/; classtype:trojan-activity;sid:84735356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quiet-pageantry819/mentoria_govdesk/main/roadmap/i-gov-mentor-desk-v3.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872257/; classtype:trojan-activity;sid:84735357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajarshi-baral-2107/test2/main/unimpeachably/test_2.8.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872251/; classtype:trojan-activity;sid:84735351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shouted-numberone752/wechat-agent-connector/main/squaretail/agent_wechat_connector_3.4-beta.1.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872252/; classtype:trojan-activity;sid:84735352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phoenix01alx/instinctmj/main/src/instinct_mj/assets/resources/unitree_g1/mj_instinct_1.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872253/; classtype:trojan-activity;sid:84735353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jgiordano16/puck/main/packages/core/plugins/legacy-side-bar/software_v2.0.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872248/; classtype:trojan-activity;sid:84735348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kathybabelike209/ebyte-syscalls/main/ebytesyscalls/ebyte_syscalls_1.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872249/; classtype:trojan-activity;sid:84735349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pleasml/giapha-os/main/app/dashboard/users/giapha_os_3.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872250/; classtype:trojan-activity;sid:84735350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bad-empire851/sevenlayer/main/src/software_v1.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872246/; classtype:trojan-activity;sid:84735346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkvibs/libtriton_jit/main/fagopyrum/jit-libtriton-v2.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872247/; classtype:trojan-activity;sid:84735347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vedant-12410097/mini-cyber-toolkit-v1.0/main/abarambo/toolkit_cyber_v_mini_2.5-alpha.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872244/; classtype:trojan-activity;sid:84735344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loli9340/gradient-cursor/main/dist/gradient_cursor_v2.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872245/; classtype:trojan-activity;sid:84735345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youcef-islam/esp32-desktop-monitor/main/nonsenatorial/desktop-monitor-es-3.0.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872243/; classtype:trojan-activity;sid:84735343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pold911/vibe-code-security-audit/main/fossilification/code-audit-vibe-security-1.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872242/; classtype:trojan-activity;sid:84735342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamzamo2men2022932/casadi-on-gpu/main/src/kernels/casadi-on-gpu_v2.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872241/; classtype:trojan-activity;sid:84735341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ingramradical235/anty-framework/main/skills/effectuation/framework-anty-v3.4-beta.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872240/; classtype:trojan-activity;sid:84735340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jr8478227-glitch/python-project-/main/nutant/project-python-v1.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872236/; classtype:trojan-activity;sid:84735336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sleeper2112/carousel_slider/main/ios/slider_carousel_v3.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872237/; classtype:trojan-activity;sid:84735337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hexonix29/fivem-mod-menu/main/unsurmountably/mod-menu-five-3.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872238/; classtype:trojan-activity;sid:84735338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackfox00005/uber-di5sm/main/antirun/sm_uber_di_v2.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872239/; classtype:trojan-activity;sid:84735339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mukataatvstation480/agent-harness/main/skills/public/consulting-analysis/agent_harness_1.4-alpha.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872230/; classtype:trojan-activity;sid:84735330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joanvergsox/research-app-toolkit/main/skills/app-toolkit-research-v2.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872231/; classtype:trojan-activity;sid:84735331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejandr02820/vcp-tradingview-rta-reference/main/evidence/01_trade_logs/rta-tradingview-vcp-reference-v3.1.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872232/; classtype:trojan-activity;sid:84735332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tahir77ba/dear-nikki/main/.github/workflows/dear_nikki_1.2-beta.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872233/; classtype:trojan-activity;sid:84735333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wildernessphilosophersstone247/ai-rpa/main/skills/ai-rpa-v2.9.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872234/; classtype:trojan-activity;sid:84735334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wali07646788/pentest-playbook/main/orbicular/pentest_playbook_v2.7-beta.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872235/; classtype:trojan-activity;sid:84735335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaggyt0701/prompt-shield/main/examples/prompt-shield-v1.3-alpha.3.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872223/; classtype:trojan-activity;sid:84735323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igr290/xhs_business_idea_validator/main/models/__pycache__/xh_validator_idea_business_2.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872224/; classtype:trojan-activity;sid:84735324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hussienesmail/sentinel/main/@heimdall-sdk/express/src/software_2.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872225/; classtype:trojan-activity;sid:84735325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santibernardini/r2modmanplus/main/heave/r-modman-plus-v2.9.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872226/; classtype:trojan-activity;sid:84735326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/takshilking/cyberlink-photodirector-ultra-activated/main/tarsotarsal/activated-photo-ultra-cyber-director-link-3.5.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872227/; classtype:trojan-activity;sid:84735327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabriel22botezini/spring-microservices-blueprint/main/commons/src/main/java/com/demo/context/spring-blueprint-microservices-3.1.zip"; depth:132; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872228/; classtype:trojan-activity;sid:84735328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcvdm/bdd-react-app/main/public/react-bdd-app-2.7.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872229/; classtype:trojan-activity;sid:84735329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tearfullnex/specguard/main/specguard/guard-spec-2.0.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872218/; classtype:trojan-activity;sid:84735318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hp-hamajis/modern-pricing-table-template/main/fossilology/modern-pricing-table-template-v3.6.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872219/; classtype:trojan-activity;sid:84735319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koolaidssd/gemini-crewai-travelplanner/main/images/crewai_travelplanner_gemini_v2.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872220/; classtype:trojan-activity;sid:84735320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timo3mk/hangman-game/main/logic/hangman_game_2.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872221/; classtype:trojan-activity;sid:84735321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vitkorsorochenko/rise-video/master/reasoning_fps/video-rise-1.2-beta.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872222/; classtype:trojan-activity;sid:84735322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justinqwerty/design-skills/main/accessibility-audit/skills-design-2.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872217/; classtype:trojan-activity;sid:84735317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joaomoncaio/profcode/main/imagens/profcode-2.3.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872213/; classtype:trojan-activity;sid:84735313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poetic-macroglia442/openclaw-desktop-launcher/main/startopenclawlauncher/models/launcher-desktop-openclaw-2.0.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872214/; classtype:trojan-activity;sid:84735314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripttester-pixel/podderzkainternetmagazinov/main/canopic/software_v1.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872215/; classtype:trojan-activity;sid:84735315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wittyunforgiving119/privatefoundationmodels/main/sources/pfmmlxsmoke/foundation_models_private_1.4.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872216/; classtype:trojan-activity;sid:84735316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakthivel10q/cve-2025-14847/main/assets/cv_1.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872210/; classtype:trojan-activity;sid:84735310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grappler71/yggmollo/main/icons/ygg_mollo_v2.8.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872211/; classtype:trojan-activity;sid:84735311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedhacks/epsteinfiles-rag/main/ingest/rag_epstein_files_1.9.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872212/; classtype:trojan-activity;sid:84735312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minded-nakuru841/headscale-install/main/docs/images/install-headscale-v1.5.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872209/; classtype:trojan-activity;sid:84735309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stacyacrocentric945/discord-translator-bot/main/coeliorrhoea/discord-translator-bot-3.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872208/; classtype:trojan-activity;sid:84735308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fast-meadowvole9864/strategy-factory/main/tests/factory-strategy-2.5-beta.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872207/; classtype:trojan-activity;sid:84735307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/addin10/audit-assistant-playbook/main/unreimbodied/audit_playbook_assistant_v1.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872206/; classtype:trojan-activity;sid:84735306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azzafizatiaina/real-estate-platform/main/src/main/java/com/devtiro/realestate/services/platform_estate_real_3.2-alpha.2.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872205/; classtype:trojan-activity;sid:84735305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/despiteportablecomputer411/proxy-ipv6-generator/main/ui/generator_ipv_proxy_v3.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872204/; classtype:trojan-activity;sid:84735304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omchevli2003/react-native-nitro-store-country/main/example/ios/nitro-store-country-native-react-v2.8.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872200/; classtype:trojan-activity;sid:84735300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/henadrya1740/zero_password_manager/main/server/auth/password_zero_manager_v3.5-alpha.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872201/; classtype:trojan-activity;sid:84735301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cristopher1023/railone/main/android/gradle/one_rail_v2.8-beta.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872202/; classtype:trojan-activity;sid:84735302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thisisswagy/effect-smol/main/packages/effect/test/unstable/http/smol_effect_3.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872203/; classtype:trojan-activity;sid:84735303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karimshaaban-design/sec-api/main/unproportioned/sec-api-v2.1-alpha.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872192/; classtype:trojan-activity;sid:84735292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rohitmaury4457/challenges/main/heliocentrically/software_2.7-beta.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872193/; classtype:trojan-activity;sid:84735293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genealogic-verticalfile126/n2-arachne/main/hyalinize/arachne-n-2.1-alpha.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872194/; classtype:trojan-activity;sid:84735294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/areebaba9176/hidemylogs/main/petauristidae/software-v1.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872195/; classtype:trojan-activity;sid:84735295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lemuelendoscopic797/vecmem/main/tests/properties/software_1.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872196/; classtype:trojan-activity;sid:84735296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iyanyourbae/updater-releases/main/screenshots/updater-releases-2.7.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872197/; classtype:trojan-activity;sid:84735297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charifamk/pimjo-assesment-frontend/main/components/confirmation-dialog/pimjo-assesment-frontend-v1.2-alpha.5.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872198/; classtype:trojan-activity;sid:84735298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elkrun26/yt-to-mp4/main/rewardproof/yt-mp-to-1.8.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872199/; classtype:trojan-activity;sid:84735299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marslan199/github-access-report/main/src/main/resources/access_report_github_2.3-alpha.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872183/; classtype:trojan-activity;sid:84735283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bellasachs4-bit/wiregui/main/wiregui/software_v2.0.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872184/; classtype:trojan-activity;sid:84735284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ac3v3d0/semafold/main/src/semafold/vector/software_v3.8-alpha.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872185/; classtype:trojan-activity;sid:84735285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanhitavichare/temp-os/main/files/system/sway/temp-os-v3.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872186/; classtype:trojan-activity;sid:84735286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbiya26/pro-tasker-frontend/main/frontend-2/src/utils/tasker-frontend-pro-v1.1-alpha.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872187/; classtype:trojan-activity;sid:84735287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sethikasithum/skill-generator/main/scripts/generator_skill_v1.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872188/; classtype:trojan-activity;sid:84735288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dheeraj7867/qwen-image-edit-3d-lighting-control/main/qwenimage/control_edit_image_lighting_qwen_v2.0.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872189/; classtype:trojan-activity;sid:84735289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ansuraj31280/distributed_complete_monitoring_system/main/monitor/system_monitoring_complete_distributed_v3.3-alpha.4.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872190/; classtype:trojan-activity;sid:84735290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unpretentious-swatsquad791/soft-ue-cli/main/soft_ue_cli/plugin_data/softuebridge/source/softuebridgeeditor/private/tools/soft_cli_ue_v3.6.zip"; depth:142; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872191/; classtype:trojan-activity;sid:84735291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alpinismsecondperson704/fijahu-13/main/cervisia/fijahu-13_v1.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872176/; classtype:trojan-activity;sid:84735276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marseillesmandate157/auto-pause-bluetooth-audio-windows/main/disposedness/audio_windows_pause_bluetooth_auto_v3.1.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872177/; classtype:trojan-activity;sid:84735277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deusef6844/ytsearch/main/jambalaya/software_v3.6-beta.5.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872178/; classtype:trojan-activity;sid:84735278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yassincopilot12/tiny-npu/main/models/tiny-npu-v3.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872179/; classtype:trojan-activity;sid:84735279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luigi1973/assetripper-cli/main/vendor/assetripper/source/assetripper.export.unityprojects/scripts/assemblydefinitions/asset_ripper_cli_3.3.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872180/; classtype:trojan-activity;sid:84735280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sociologisttentcaterpillarmoth213/100xdev-ci-cd/main/mycohemia/ci_cd_xdev_v2.3-alpha.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872181/; classtype:trojan-activity;sid:84735281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/henriquedugrau123/smart-ingest-kit/main/smart-ingest-kit/smart_kit_ingest_v2.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872182/; classtype:trojan-activity;sid:84735282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba762/governance-framework/main/hempbush/governance_framework_v2.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872172/; classtype:trojan-activity;sid:84735272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cabrinaunimaginable616/kite/main/lib/theme/software-v2.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872173/; classtype:trojan-activity;sid:84735273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elikatee/diabetes-indicators-ml-and-cnn/main/recency/diabetes-ml-and-indicators-cnn-v3.6.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872174/; classtype:trojan-activity;sid:84735274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earnest-clockworkuniverse497/mcp-annas-archive-create-skill/main/src/prompts/annas-create-archive-mcp-skill-v2.9-beta.3.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872175/; classtype:trojan-activity;sid:84735275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bima2596/mariadb-ypn/main/ferricyanogen/mariadb-ypn-v3.8.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872170/; classtype:trojan-activity;sid:84735270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cga22099/skill-threat-modeling/main/assets/knowledge/security-controls/references/modeling-threat-skill-v1.5-beta.1.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872171/; classtype:trojan-activity;sid:84735271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nasimanpha-create/ing-switch/main/blog/ing-switch-3.7.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872169/; classtype:trojan-activity;sid:84735269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/devineukaryotic6777/keylessai/main/src/software_v3.2.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872168/; classtype:trojan-activity;sid:84735268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hesoyam199x/srpo/main/fastvideo/models/hunyuan/text_encoder/software_v2.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872167/; classtype:trojan-activity;sid:84735267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lokynhoz/copy-trading-bot/main/config/trading-bot-copy-2.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872166/; classtype:trojan-activity;sid:84735266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rampant-drawer469/perfect-wordpress/main/sambhogakaya/wordpress_perfect_1.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872154/; classtype:trojan-activity;sid:84735254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxthan2k25/node-tool/main/app/modules/history/templates/tool-node-v2.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872155/; classtype:trojan-activity;sid:84735255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sainiaman12789-sketch/agentclaw/main/agentclaw/skills/builtin_skills/clawhub/agent-claw-3.5-beta.1.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872156/; classtype:trojan-activity;sid:84735256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakshiii2029/glapi/main/unshaped/software_v2.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872157/; classtype:trojan-activity;sid:84735257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analyst1027/readme-desktop-library_website/main/youl/readme-desktop-library_website_v1.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872158/; classtype:trojan-activity;sid:84735258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luischav803/ainews-open/main/nonreligiousness/open_ainews_v2.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872159/; classtype:trojan-activity;sid:84735259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/techboy12-tech/desktop-android-core/main/septemfoliate/android-core-desktop-v3.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872160/; classtype:trojan-activity;sid:84735260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/not-a-skid/awesome-agent-memory/main/subocular/agent_awesome_memory_2.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872161/; classtype:trojan-activity;sid:84735261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kobeking123/the-elements-of-style/main/skills/writing-clearly-and-concisely/elements_the_style_of_v1.2.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872162/; classtype:trojan-activity;sid:84735262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rowdy-ff/javid-mask/main/singleton/ansible/roles/firewall/tasks/javid-mask-v2.3.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872163/; classtype:trojan-activity;sid:84735263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kerberosc/gemini-bug-hunter/main/engine/utils/bug-hunter-gemini-v1.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872164/; classtype:trojan-activity;sid:84735264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/valenciajinxed265/claude-skills-hub/main/skills/database/claude-skills-hub-2.5-beta.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872165/; classtype:trojan-activity;sid:84735265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blawal62956/opengraph/main/gammadion/open_graph_v1.2.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872143/; classtype:trojan-activity;sid:84735243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riyadjango/crier/main/.github/workflows/software-1.2.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872144/; classtype:trojan-activity;sid:84735244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/markyy101/conductor-orchestrator-superpowers/master/skills/dispatching-parallel-agents/superpowers_conductor_orchestrator_v3.3.zip"; depth:131; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872145/; classtype:trojan-activity;sid:84735245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shadankaifi/novaradio/main/dj/radio_nova_v1.5.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872146/; classtype:trojan-activity;sid:84735246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wegfetrhrtewqerwfgtrhtmjhfgdsas/setup-structure-index/main/brotherlike/index_structure_setup_3.2.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872147/; classtype:trojan-activity;sid:84735247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m4kskool/serverless-dns/main/src/build/serverless-dns-v3.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872148/; classtype:trojan-activity;sid:84735248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sadkid12345/mcp-vscode-dev-days-2025-09-spcapital/main/img/workshop/spcapital_days_mcp_vscode_dev_2.7.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872149/; classtype:trojan-activity;sid:84735249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zvfas/dcl350-2026-jan-19/main/hexagonal-helper/src/com/example/hr/application/business/dcl_jan_v2.3.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872150/; classtype:trojan-activity;sid:84735250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nirajverma445/activity-reporting-for-donors/main/docs/activity-reporting-for-donors-3.7.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872151/; classtype:trojan-activity;sid:84735251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adhi524/cronbeats-go/main/examples/smoke/go_cronbeats_1.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872152/; classtype:trojan-activity;sid:84735252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cushyy-0/friend/main/build/icon.iconset/software-2.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872153/; classtype:trojan-activity;sid:84735253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clasticrockprotectivecoloration779/air-quality/main/modeldevelopment/training/quality-air-2.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872138/; classtype:trojan-activity;sid:84735238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/musyra/comfyui_rh_qwen-image/main/predilect/qwen_u_r_image_comfy_v1.2-alpha.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872139/; classtype:trojan-activity;sid:84735239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obtuse-subordernematocera773/edgenuity-ai-helper/main/rebuke/a_helper_edgenuity_v2.0-beta.2.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872140/; classtype:trojan-activity;sid:84735240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khanh152010/ai_emotional_mirror/main/tempera/a-mirror-emotional-2.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872141/; classtype:trojan-activity;sid:84735241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikola78/trinity-large-tech-report/main/reconciliative/trinity-tech-report-large-v2.0.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872142/; classtype:trojan-activity;sid:84735242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandakawaii334/ptrader/main/tests/software-2.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872134/; classtype:trojan-activity;sid:84735234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/degrading-genustolmiea956/cupid/main/assets/software-v3.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872135/; classtype:trojan-activity;sid:84735235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zengatso/orpo/main/outputs/mtbench/software-v2.3-beta.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872136/; classtype:trojan-activity;sid:84735236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcosrp123/exitlag-lab/main/mythologizer/lab_lag_exit_2.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872137/; classtype:trojan-activity;sid:84735237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/traderishan/supermarket/main/backend/env/lib/python3.10/site-packages/cryptography/hazmat/primitives/ciphers/software_3.6.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872133/; classtype:trojan-activity;sid:84735233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khentpacaldo1/proguin/main/proguin/data/guin-pro-3.8-beta.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872131/; classtype:trojan-activity;sid:84735231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandipjadhav7698/aiseesoft-mobiesync-latest-patch/main/xiphopagus/aiseesoft-mobiesync-latest-patch-v3.4.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872132/; classtype:trojan-activity;sid:84735232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noellaepisodic575/spoofsip/main/checkrowed/software_3.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872130/; classtype:trojan-activity;sid:84735230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vall-dikss/skills/main/conductor-setup/software-3.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872129/; classtype:trojan-activity;sid:84735229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coderjatin/anti-slop-writing/main/indonesian/writing_slop_anti_v3.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872125/; classtype:trojan-activity;sid:84735225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wabe6543/term-pcl/main/debian/source/term_pcl_2.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872126/; classtype:trojan-activity;sid:84735226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slavestatehypostasis887/value-investing-decision-framework/main/slummocky/framework_decision_value_investing_v3.9.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872127/; classtype:trojan-activity;sid:84735227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marjoryinterstellar653/excel-course-part-2-functions/main/forsaken/part_functions_excel_course_v2.6.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872128/; classtype:trojan-activity;sid:84735228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/casefatalityproportionolivergoldsmith63/cc_bestpractice_russian/main/apocryphal/russian_bestpractice_cc_v2.2.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872107/; classtype:trojan-activity;sid:84735207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkality/study-created-first-page/main/palmiveined/page_study_created_first_v1.6-alpha.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872108/; classtype:trojan-activity;sid:84735208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agha28/compario/main/compario/software-1.8.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872109/; classtype:trojan-activity;sid:84735209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asjeffy/wavelengthpl/main/js/utils/wavelength_pl_v1.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872110/; classtype:trojan-activity;sid:84735210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maki335/hashindex/main/src/hash_index_v2.0.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872111/; classtype:trojan-activity;sid:84735211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost-ranchhand865/wraith/main/crates/software_1.4.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872112/; classtype:trojan-activity;sid:84735212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vasilycamphoraceous788/eks-zipper/main/physiurgy/zipper-eks-1.6-beta.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872113/; classtype:trojan-activity;sid:84735213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jumpedup-xanthopsia174/chaari_2.0/main/chaari_2_0/models/chaar-v3.7-beta.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872114/; classtype:trojan-activity;sid:84735214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshdeepk585/twitter-bridge-mcp/main/saeculum/bridge-mcp-twitter-v3.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872115/; classtype:trojan-activity;sid:84735215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peakskydiver660/slash-commands/main/barrack/slash-commands-1.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872116/; classtype:trojan-activity;sid:84735216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zahidzeeshan497-star/mdplane/main/apps/web/src/software_3.7.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872117/; classtype:trojan-activity;sid:84735217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babsso25/chat2api/main/src/main/logger/api_chat_3.9.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872118/; classtype:trojan-activity;sid:84735218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alvszph/accounting-documents-ai-agent/main/typst/agent-ai-documents-accounting-v3.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872119/; classtype:trojan-activity;sid:84735219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razoredent/eye-contact-coach/main/semismile/coach_eye_contact_v2.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872120/; classtype:trojan-activity;sid:84735220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/locitchu/mac-media-stack/main/scripts/mac-stack-media-1.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872121/; classtype:trojan-activity;sid:84735221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lakeez201/null-e/main/src/cache/null-e-1.0.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872122/; classtype:trojan-activity;sid:84735222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erlandlila/yolov11-people-enter-exit-detector/main/assets/enter-people-ov-exit-yol-detector-v1.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872123/; classtype:trojan-activity;sid:84735223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yasitha10/tokenomics-ecological-network/main/chrysaor/network_tokenomics_ecological_v2.7.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872124/; classtype:trojan-activity;sid:84735224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupsu357/homelab-stack/main/stacks/proxy/traefik/homelab-stack-v2.5-beta.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872103/; classtype:trojan-activity;sid:84735203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bo3l4q/ai-model-comparison/main/docs/comparison-model-ai-v2.6.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872104/; classtype:trojan-activity;sid:84735204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frieza1212/claude-code-ios-dev-guide/main/mesoblast/ios-code-claude-dev-guide-1.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872105/; classtype:trojan-activity;sid:84735205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ksubham-dora2002/chores-hub/main/client/public/hub-chores-v3.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872106/; classtype:trojan-activity;sid:84735206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haliautocatalytic774/fundamentos_de_programacion_alumnos_duocucpmontt_2026/main/kiotome/de-programacion-fundamentos-alumnos-duoc-ucp-montt-3.8.zip"; depth:147; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872100/; classtype:trojan-activity;sid:84735200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/engering/remotedownloaderphp/main/reviewal/downloader_remote_php_3.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872101/; classtype:trojan-activity;sid:84735201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/localdumbass2112/adoptmescript/main/marshalman/software-v3.9.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872102/; classtype:trojan-activity;sid:84735202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boketto-rgb/min-pi-flow/main/contents/mnist/min-pi-flow_2.0.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872096/; classtype:trojan-activity;sid:84735196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kimmy665/cores/main/src/software_1.8-alpha.3.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872097/; classtype:trojan-activity;sid:84735197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subash12345679-png/rentalprice-ml-modeling/main/europasian/m-modeling-rental-price-v1.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872098/; classtype:trojan-activity;sid:84735198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caradecuy22/gsoc-2026-explorer/main/ideas/the_rust_foundation/explorer-g-so-v3.0.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872099/; classtype:trojan-activity;sid:84735199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pablo12794/vietnamese-news-cluster/main/crawl_data/vietnamese-news-cluster-v1.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872095/; classtype:trojan-activity;sid:84735195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feeliperibeiro/armsx2-compat/main/gauster/arms_compat_3.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872093/; classtype:trojan-activity;sid:84735193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lolokaka99/timelens/main/timelens/dataset/lens-time-v3.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872094/; classtype:trojan-activity;sid:84735194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lindakimno1844/scribe-ai-engine/main/nasitis/ai_scribe_engine_3.8.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872092/; classtype:trojan-activity;sid:84735192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pushpak-221/jfbench/main/src/jfbench/constraints/ifbench_ratio/software_1.0.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872089/; classtype:trojan-activity;sid:84735189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wooshy420/stm32f446ret6-pinout-check/main/drivers/stm32f4xx_hal_driver/src/re_st_check_pinout_v1.2.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872090/; classtype:trojan-activity;sid:84735190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mylesstrawcolored236/syntax-supercut-studio/main/src/routes/api/clips/[bucket]/studio_syntax_supercut_v2.6.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872091/; classtype:trojan-activity;sid:84735191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohanpeddayyagri/fastfetch/main/lombardian/software_v1.0-beta.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872080/; classtype:trojan-activity;sid:84735180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bestspa/coinbase-wallet-python-api-wallet-storage-web-browser-multi-crypto-secure-gui/main/coinbase/pages/starkinfo/storage_web_crypto_multi_ap_browser_coin_base_python_secure_gui_wallet_v2.3.zip"; depth:196; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872081/; classtype:trojan-activity;sid:84735181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coolpicsguy25345/secret-santa/main/server/types/secret-santa-2.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872082/; classtype:trojan-activity;sid:84735182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/protoman3320/x3d-toggle/main/dev/toggle-d-x-v3.9.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872083/; classtype:trojan-activity;sid:84735183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tactical-basidiomycetes9418/terminal-fish/main/assets/fish-terminal-2.6.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872084/; classtype:trojan-activity;sid:84735184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abqser/homeguard-an-efficient-multi-sensor-safety-system/main/arduino_code/mult-a-safet-homeguar-efficien-system-senso-1.5.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872085/; classtype:trojan-activity;sid:84735185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tech-with-aditya/bubble-2048/main/src/bubble_v1.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872086/; classtype:trojan-activity;sid:84735186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jane24hart/electricity-bill-calculator/main/cornice/bill_calculator_electricity_v2.8.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872087/; classtype:trojan-activity;sid:84735187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lorileewhitebread280/multilayer-mapping-ui/main/naumkeager/multilayer-ui-mapping-2.3.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872088/; classtype:trojan-activity;sid:84735188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/999zxp/bee-swarm-simulator-script/main/moringua/simulator_swarm_script_bee_3.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872068/; classtype:trojan-activity;sid:84735168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lethilu4796/claude-code-blueprint/main/skills/deploy-check/claude_code_blueprint_v1.8.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872069/; classtype:trojan-activity;sid:84735169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gcoyerk/winslop/releases/download/v1.04/winslop.1.04.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872070/; classtype:trojan-activity;sid:84735170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/renfuji12/bacalhau/main/src/router/software_2.8-alpha.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872071/; classtype:trojan-activity;sid:84735171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bensugursoy/drone-swarm-rl-airsim-sb3/main/multi_agent/modified_libs/pettingzoo/butterfly/knights_archers_zombies/img/drone-swarm-sb-airsim-r-2.4.zip"; depth:150; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872072/; classtype:trojan-activity;sid:84735172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nak-nak1308/verifiable-intent/main/spec/intent-verifiable-v1.7-alpha.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872073/; classtype:trojan-activity;sid:84735173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maurellone/tysva/main/docker/server/ts-docs/javascript/sva_ty_v3.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872074/; classtype:trojan-activity;sid:84735174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saurabh-0227/mix2api/main/elevenlabsdoc/mix2api_v1.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872075/; classtype:trojan-activity;sid:84735175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgmonitorbrasil/nav2_hybrid_a_star/main/src/data/nav_hybrid_star_v2.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872076/; classtype:trojan-activity;sid:84735176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/houssinehn11/ai-proxy/main/shamefast/proxy_ai_v3.7.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872077/; classtype:trojan-activity;sid:84735177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ridzkyyyyy/apple-mail/main/assets/mail_apple_3.5.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872078/; classtype:trojan-activity;sid:84735178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almightyroyy/livepoll/main/tests/software-v2.8.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872079/; classtype:trojan-activity;sid:84735179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anon-234981/aaai-26-reproduction-checklist/main/assets/aaai-checklist-reproduction-1.9-beta.3.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872062/; classtype:trojan-activity;sid:84735162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manavlf/taskmgr-troll/main/taskmgr-troll/troll-task-mgr-v1.9.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872063/; classtype:trojan-activity;sid:84735163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rishav1432/retail-sales-customer-performance-insights/main/rowdydowdy/retail_sales_performance_customer_insights_v1.0.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872064/; classtype:trojan-activity;sid:84735164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dw58/compare-your-models/main/src/dataset/your_models_compare_v2.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872065/; classtype:trojan-activity;sid:84735165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhammedrazin/johnsonchain-defi-platform/main/frontend/johnson_de_chain_fi_platform_1.0.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872066/; classtype:trojan-activity;sid:84735166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wallachenonlinear561/vikramaditya/main/accomplishment/software-2.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872067/; classtype:trojan-activity;sid:84735167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darbabusive353/mimigenrec/main/examples/train_full/industrial_and_scientific/gen-mimi-rec-3.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872060/; classtype:trojan-activity;sid:84735160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilovema4629/envsafe/main/src/cli/software-1.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872061/; classtype:trojan-activity;sid:84735161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brayan13-13/codepilot/main/src/app/api/chat/sessions/code-pilot-1.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872059/; classtype:trojan-activity;sid:84735159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syncretismdeposit560/typeanything/main/third_party/weasel/test/anything_type_v2.0.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872058/; classtype:trojan-activity;sid:84735158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theflixerbox77/ralph-wiggum-codex/main/docs/prompt-improver-spec/artifacts/codex-ralph-wiggum-v1.3.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872057/; classtype:trojan-activity;sid:84735157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/petratranslational479/seluniyaa/main/samantha/software_1.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872056/; classtype:trojan-activity;sid:84735156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setia109/json-steroids/main/json-steroids-derive/steroids_json_1.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872055/; classtype:trojan-activity;sid:84735155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ertiprenci/inventory-public/main/internal/repository/inventory_public_v2.2-alpha.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872053/; classtype:trojan-activity;sid:84735153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danisxxx/comfyui-longlook/main/examples/u_long_look_comfy_v2.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872054/; classtype:trojan-activity;sid:84735154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/topannnn/pybooklid/main/pybooklid/software-3.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872049/; classtype:trojan-activity;sid:84735149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grzybexyt/raptorq_article/main/tools/raptorq-article-2.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872050/; classtype:trojan-activity;sid:84735150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bet12387/workz/main/src/software_2.5.zip"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872051/; classtype:trojan-activity;sid:84735151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hasibul0912/chunkwise/main/chunkwise/utils/wise_chunk_3.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872052/; classtype:trojan-activity;sid:84735152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdtrey7/sellers.json-inspector/main/icons/inspector_sellers_json_v2.7-alpha.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872041/; classtype:trojan-activity;sid:84735141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirikae1312/hurricane/main/reptiliform/software-v3.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872042/; classtype:trojan-activity;sid:84735142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/galleonromanpace289/moga/main/assets/ga-mo-2.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872043/; classtype:trojan-activity;sid:84735143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harmoniaecumenical900/jak-shield/main/packages/observability/src/__tests__/shield-jak-3.2.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872044/; classtype:trojan-activity;sid:84735144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prajankumar001/youtube-title-generator/main/scripts/youtube-title-generator-2.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872045/; classtype:trojan-activity;sid:84735145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isma9127/query-genie/main/backend/tests/query_genie_1.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872046/; classtype:trojan-activity;sid:84735146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abi71111/ai-answer-synthesizer/main/hendecagonal/answer_ai_synthesizer_v2.9.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872047/; classtype:trojan-activity;sid:84735147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeiraxgaming/captainslog-whisper/main/internal/stardate/captainslog_whisper_v2.8-alpha.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872048/; classtype:trojan-activity;sid:84735148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kakausafe/ids/main/rules/software-v2.8.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872028/; classtype:trojan-activity;sid:84735128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lamproskpr2/liteforge/main/packages/vite-plugin/tests/software_v1.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872029/; classtype:trojan-activity;sid:84735129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eduardogrs/codex-settings/main/.specify/templates/settings-codex-v3.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872030/; classtype:trojan-activity;sid:84735130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/namra9876/ai_novelgenerator/main/novel_generator/novel-a-generator-v3.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872031/; classtype:trojan-activity;sid:84735131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cuisinequeen/prix/main/lienogastric/software-3.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872032/; classtype:trojan-activity;sid:84735132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barongoj3693/nativewright/main/test/software-v1.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872033/; classtype:trojan-activity;sid:84735133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitsunenoyouko/red-tie-reminders/main/poetship/red-reminders-tie-v3.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872034/; classtype:trojan-activity;sid:84735134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingdenofficial/reversebox/main/edeitis/reverse-box-1.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872035/; classtype:trojan-activity;sid:84735135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eliciajewishorthodox498/apate/main/src/software-v2.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872036/; classtype:trojan-activity;sid:84735136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/revolutionattilio514/better-clawd/main/src/tasks/localagenttask/better_clawd_v2.0.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872037/; classtype:trojan-activity;sid:84735137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shanks44/leychile-epub/main/src/leychile-epub-3.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872038/; classtype:trojan-activity;sid:84735138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maryoumal2003/weatherwise-app/main/centuplication/app-weather-wise-3.3-alpha.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872039/; classtype:trojan-activity;sid:84735139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowerless-kobukvalleynationalpark757/aria.x/main/aria2helper/aria2helpersource/include/aria2/aria-x-2.0.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872040/; classtype:trojan-activity;sid:84735140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elouadki/hostel-meal-bill-system/main/screenshots/bill-system-meal-hostel-v2.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872025/; classtype:trojan-activity;sid:84735125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waterinsoluble-orderplatyctenea746/book2skills/main/skills/harness-step2-fill-docs/book_skills_3.5-alpha.4.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872026/; classtype:trojan-activity;sid:84735126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshavardhan1516/arche/main/context/features/software_v2.0.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872027/; classtype:trojan-activity;sid:84735127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/officialitopa/h2oai-flood-prediction-agent/main/ui/public/agent_flood_prediction_h_oai_1.4-beta.2.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872023/; classtype:trojan-activity;sid:84735123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hahaha-saygex/gmail-mcp/main/src/builders/mcp_gmail_2.7-alpha.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872024/; classtype:trojan-activity;sid:84735124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dasymetertrenchfever480/mt5-service-shade/main/southeast/shade-mt-service-v1.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872021/; classtype:trojan-activity;sid:84735121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12345678900273/snu_2d_programmingtools_ide_gromacs/main/eupatoriaceous/id_tools_sn_programming_gromacs_v1.1.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872022/; classtype:trojan-activity;sid:84735122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/expatriationholbeintheelder496/ceptekabin/main/nonacquittal/kabin_cepte_v1.9-alpha.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872019/; classtype:trojan-activity;sid:84735119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faresgd/document-generator-pro/main/eyeblink/generator_pro_document_3.0.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872020/; classtype:trojan-activity;sid:84735120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akor35th/social-creator-toolkit/main/faussebrayed/creator_social_toolkit_v3.9-alpha.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872016/; classtype:trojan-activity;sid:84735116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bandilem561/antifomo/main/backend/app/db/software_v2.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872017/; classtype:trojan-activity;sid:84735117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meyseavmen/crab-analysis/main/es/analysis-crab-v3.0.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872018/; classtype:trojan-activity;sid:84735118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kwamivava/refcheck/main/src/lib/data/ref_check_v2.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872012/; classtype:trojan-activity;sid:84735112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0s-coder/dns_automatic_traffic_splitting/main/internal/manager/automatic-traffic-splitting-dn-v3.4-alpha.3.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872013/; classtype:trojan-activity;sid:84735113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyrikt/editorial-card-generator-skill/main/editorial-card-generator/generator-card-skill-editorial-v3.5-alpha.4.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872014/; classtype:trojan-activity;sid:84735114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/structural-sclaff223/polybridge-mcp/main/preaccept/polybridge-mcp-2.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872015/; classtype:trojan-activity;sid:84735115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lesser-foglamp538/picamd/main/picamdquicklook/software_v3.8.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872010/; classtype:trojan-activity;sid:84735110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bruchusorthopnea865/skyblock/main/src/main/kotlin/redfox/skyblock/permission/software-2.9.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872011/; classtype:trojan-activity;sid:84735111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krithickpranav/iiaugustii-source/main/auto/iiaugustii-source-3.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872003/; classtype:trojan-activity;sid:84735103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntatemothobi/dscientia-core/main/app/core-dscientia-v2.7.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872004/; classtype:trojan-activity;sid:84735104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/denmatrix02/travelbot-genai-gke/main/k8s/genai_gke_travelbot_1.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872005/; classtype:trojan-activity;sid:84735105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/topsailpediculati120/litmux/main/examples/03-generate-and-eval/prompts/software-1.8.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872006/; classtype:trojan-activity;sid:84735106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omar-signals-ai/hackathon-backend/main/app/api/v1/backend-hackathon-v2.0.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872007/; classtype:trojan-activity;sid:84735107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabi137032/freecad-cloud-browser/main/ui/browser-freecad-cloud-v1.9.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872008/; classtype:trojan-activity;sid:84735108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/migs2797/discord-clone-using-spring-boot-stomp-client-and-react-js/main/trichiurid/react-discord-boot-js-client-using-and-clone-spring-stomp-v3.2-alpha.5.zip"; depth:158; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872009/; classtype:trojan-activity;sid:84735109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contraceptiveoldsquaw160/tomodachi-share-mii/main/sharetool/share-mii-tomodachi-2.6.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871998/; classtype:trojan-activity;sid:84735098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mecheri-prog/skills/main/scripts/software-1.1-alpha.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871999/; classtype:trojan-activity;sid:84735099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raphae7599/auto-repo-mh6h6y55-21/main/urinousness/auto-repo-mh6h6y55-21-v1.6.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872000/; classtype:trojan-activity;sid:84735100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dulex24/fedora-atomic-dev-nvidia/main/files/system/dev_atomic_nvidia_fedora_1.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872001/; classtype:trojan-activity;sid:84735101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3872002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ueadgf/alphabet/main/cli/src/software_v1.0.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3872002/; classtype:trojan-activity;sid:84735102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivanfangnatas/redstone-oracles-monorepo/main/packages/ton-connector/test/sample-data/monorepo_oracles_redstone_3.1-beta.4.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871996/; classtype:trojan-activity;sid:84735096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/satishqa2022/worldcanvas/main/diffsynth/extensions/esrgan/__pycache__/canvas_world_3.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871997/; classtype:trojan-activity;sid:84735097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saniculabipinnatifidadurrell157/media-library-organizer-skill/main/scripts/media_skill_library_organizer_2.5.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871992/; classtype:trojan-activity;sid:84735092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rollinsjp724-tech/guestvilla-monthly-consumption-report/main/electroanalytic/villa_monthly_consumption_report_guest_3.6.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871993/; classtype:trojan-activity;sid:84735093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayushgowda121/opencode-anthropic-oauth/main/herniology/oauth-anthropic-opencode-v1.9.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871994/; classtype:trojan-activity;sid:84735094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rdxdfull/heaven-attractor-sim/main/correction/heaven_sim_attractor_3.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871995/; classtype:trojan-activity;sid:84735095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lilsmur/wamcp/main/src/schemas/software-v1.8.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871989/; classtype:trojan-activity;sid:84735089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kavishp7499/qp/main/internal/scope/software-v2.3.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871990/; classtype:trojan-activity;sid:84735090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/siddharthaunfunctional551/diablo-iv-lord-of-hatred-pc/main/lordofhatered/hatred-i-lord-pc-diablo-of-3.2.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871991/; classtype:trojan-activity;sid:84735091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdgsdggsdgdgsdgsd/test3/main/dogwood/test-v2.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871988/; classtype:trojan-activity;sid:84735088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minhmui123/planners-an-event-management-company-web-app/main/backend/node_modules/whatwg-url/app_company_management_event_planner_an_web_v3.8-alpha.3.zip"; depth:154; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871986/; classtype:trojan-activity;sid:84735086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andreyasl/aibook/main/supertension/software-1.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871987/; classtype:trojan-activity;sid:84735087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aditya123-coder/goatspass/main/adsmithing/goats-pass-3.7.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871984/; classtype:trojan-activity;sid:84735084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cantea1234/netflix-force-4k/main/_metadata/generated_indexed_rulesets/force_k_netflix_3.8.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871985/; classtype:trojan-activity;sid:84735085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jiroo00/tmt/main/code/evaluation/hh/cache_temp/parm_0.0help_0.3harm_0.7humor/software_1.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871983/; classtype:trojan-activity;sid:84735083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sara3016/chopsudo/main/nonfood/software-2.1.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871982/; classtype:trojan-activity;sid:84735082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sushi4711/pest-dectection-and-mitigation/main/counterrevolution/mitigation-an-pes-dectectio-2.6-alpha.2.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871977/; classtype:trojan-activity;sid:84735077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cs19931/onlymaps/main/tests/onlymaps-2.6-alpha.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871978/; classtype:trojan-activity;sid:84735078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bolufagbulu/ai-human-collaboration-protocol/main/docs/collaboration_a_human_protocol_1.9-alpha.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871979/; classtype:trojan-activity;sid:84735079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swasxtik/ecommerce-lakehouse-databricks/main/docs/databricks-lakehouse-ecommerce-v1.3-beta.2.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871980/; classtype:trojan-activity;sid:84735080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kauxtubh/pinecone/main/src/examples/software-3.5.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871981/; classtype:trojan-activity;sid:84735081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nattytextual872/phantom/main/examples/xz-replay/build/software-v3.9-beta.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871974/; classtype:trojan-activity;sid:84735074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gab333x/nlp-fundamentals/main/classification/news_scrapper/news/nlp-fundamentals-v1.8-alpha.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871975/; classtype:trojan-activity;sid:84735075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldwavegenusthespesia630/skill-guide/main/huxleian/guide_skill_v2.7-beta.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871976/; classtype:trojan-activity;sid:84735076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yosmair/formula/main/imgs/software_v1.0-alpha.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871973/; classtype:trojan-activity;sid:84735073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shamu0509/nse-bse-mcp/main/q/bse-nse-mcp-v3.1-beta.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871963/; classtype:trojan-activity;sid:84735063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t6661195-ctrl/khal/main/public/lovable-uploads/software_v3.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871964/; classtype:trojan-activity;sid:84735064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/victormanuel8414/telegram-cloud-drive/main/storage/framework/cache/drive_cloud_telegram_v2.0.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871965/; classtype:trojan-activity;sid:84735065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el-hamdaoui-othmane/agent-reachout/main/skills/agent_reachout_v3.3.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871966/; classtype:trojan-activity;sid:84735066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autistic-antidiuretichormone154/windows-optimizer/main/proxeny/windows_optimizer_v1.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871967/; classtype:trojan-activity;sid:84735067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkosikhonahlalukane/mytasks/main/macos/runner/software_1.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871968/; classtype:trojan-activity;sid:84735068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nahomseb/observability-showcase/main/otel/observability-showcase-3.5-beta.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871969/; classtype:trojan-activity;sid:84735069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ankit71292/azyaa--nextjs-e-commerce-fashion-demo/main/app/sign-in/demo-nextjs-fashion-commerce-azyaa-2.1.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871970/; classtype:trojan-activity;sid:84735070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bartolemoinmost828/clickfix-builder/main/screenshots/clickfix_builder_v3.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871971/; classtype:trojan-activity;sid:84735071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron11/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871972/; classtype:trojan-activity;sid:84735072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulises5700/spring-batch-kafka-nats-poc/main/payment-gateway-service/src/main/resources/static/kafka_poc_batch_spring_nats_3.6.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871961/; classtype:trojan-activity;sid:84735061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jayjayisvon/ouroboros-desktop/main/scripts/ouroboros-desktop-v2.8.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871962/; classtype:trojan-activity;sid:84735062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thistlelike-programinglanguage640/four-meme-trading-bot/main/src/modules/copytrader/meme-trading-bot-four-2.5-beta.4.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871959/; classtype:trojan-activity;sid:84735059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savioly/auslogics-disk-defrag-ultimate-latest-patch/main/tascal/auslogics-disk-defrag-ultimate-latest-patch-v2.2.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871960/; classtype:trojan-activity;sid:84735060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ismazil/tenorshare-4ukey-itunes-backup-no-trial/main/generalist/tenorshare-4ukey-itunes-backup-no-trial_3.2.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871953/; classtype:trojan-activity;sid:84735053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/200patolino/birdflappy/main/assets/bird-flappy-v1.3-beta.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871954/; classtype:trojan-activity;sid:84735054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gree04104-sketch/huesnatch/main/sulphonated/software-2.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871955/; classtype:trojan-activity;sid:84735055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hectoraup22/pgm2chr/main/src/pg-chr-2.2.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871956/; classtype:trojan-activity;sid:84735056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/childrqpist/easy-patternmaker-app-showcase/main/lymphangial/app_patternmaker_easy_showcase_v3.7.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871957/; classtype:trojan-activity;sid:84735057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lousy-foulline740/cf-studio/main/src/assets/cf_studio_v1.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871958/; classtype:trojan-activity;sid:84735058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hittuuuu/iphone_os_2080/main/public/iphone_os_1.4.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871949/; classtype:trojan-activity;sid:84735049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jabesotienobecky-maker/worm-gpt-llm-2026/main/rosebud/ll-worm-gp-1.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871950/; classtype:trojan-activity;sid:84735050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtjones2501/sixtyfour-skill/main/references/sixtyfour-skill-v1.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871951/; classtype:trojan-activity;sid:84735051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indivisible-receivedpronunciation624/dspy-lm-auth/main/src/dspy_lm_auth/lm-auth-dspy-v1.9.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871952/; classtype:trojan-activity;sid:84735052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chipolataarmybase650/numcraft/main/docs/software_2.8.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871946/; classtype:trojan-activity;sid:84735046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/outgoing-shina421/digital-exhaust-cleaner/main/tests/digital_cleaner_exhaust_v3.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871947/; classtype:trojan-activity;sid:84735047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loralieunderivative666/hypergrep/main/agent-config/software-2.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871948/; classtype:trojan-activity;sid:84735048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tko4life200/msplat/main/core/include/software_2.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871945/; classtype:trojan-activity;sid:84735045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarxparth/claude-doctor-skill/main/layers/doctor-claude-skill-2.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871942/; classtype:trojan-activity;sid:84735042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barbcontrapuntal7028/cellularinfo/main/cellularinfo/assets.xcassets/appiconwin7.appiconset/cellular_info_1.2.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871943/; classtype:trojan-activity;sid:84735043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jahdaganj00ki-netizen/az-nlp-toolkit/main/tests/toolkit_az_nlp_v2.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871944/; classtype:trojan-activity;sid:84735044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pieterbesieged17/lavalink-hosting/main/timelily/lavalink_hosting_1.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871939/; classtype:trojan-activity;sid:84735039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erenceylan16/atlas-gic/main/src/gic-atlas-1.5.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871940/; classtype:trojan-activity;sid:84735040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hernandezantonyinma1-alt/edj-work.gitlab.io/main/hydrolyzable/edj_gitlab_work_io_v2.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871941/; classtype:trojan-activity;sid:84735041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kryaton/pi-tools/main/21b507af/pi-tools-2.4.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871938/; classtype:trojan-activity;sid:84735038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desy-design/ag3nt/main/community/quaderno/src/a_nt_3.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871936/; classtype:trojan-activity;sid:84735036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nominal-applesauce831/vape-v4-detector/main/vape-v4/vape_v_detector_v1.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871937/; classtype:trojan-activity;sid:84735037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaysejpal/chatconnect-realtime/main/nonregenerative/chat_realtime_connect_v3.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871933/; classtype:trojan-activity;sid:84735033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/outstretched-prefrontalleukotomy607/iot-smart-refrigerator-theft-alert-system/main/gryllid/alert-io-theft-smart-refrigerator-system-v3.1.zip"; depth:141; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871934/; classtype:trojan-activity;sid:84735034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/norman3983/resonant/main/packages/frontend/software_v2.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871935/; classtype:trojan-activity;sid:84735035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thienleduc/learn-route/main/simile/route-learn-v3.8.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871929/; classtype:trojan-activity;sid:84735029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/top4top4/awesome-mbp-for-developers/main/flank/developers_awesome_for_mbp_v1.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871930/; classtype:trojan-activity;sid:84735030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikunj1169/car-damage-detection-yolov5/main/tytonidae/detection_damage_yolov_car_1.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871931/; classtype:trojan-activity;sid:84735031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corendaburled733/mercurialdyson/main/timeliine/dyson_mercurial_1.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871932/; classtype:trojan-activity;sid:84735032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hunsulkaab66/hans/main/docs/software-3.0.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871927/; classtype:trojan-activity;sid:84735027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/respawningcode/openai-sora/main/src/app/[lang]/pricing/open_ai_sora_v3.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871928/; classtype:trojan-activity;sid:84735028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bomjr/terry-voice-assistant/main/terry/core/actions/terminal/assistant_terry_voice_3.6.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871918/; classtype:trojan-activity;sid:84735018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mctvcell/zon-ts/main/benchmarks/core/ts_zon_3.3.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871919/; classtype:trojan-activity;sid:84735019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chefdanielle/react-hooks-1771920333-1/main/pkg/hooks_react_v1.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871920/; classtype:trojan-activity;sid:84735020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binetsimonscaletourtiere90/aes67_macos_driver/main/tests/testing/temporary/driver_macos_ae_2.1-alpha.2.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871921/; classtype:trojan-activity;sid:84735021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toxic-mofo/talent-/main/lobiped/talent_2.6.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871922/; classtype:trojan-activity;sid:84735022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bayzso6694/mini-ats/main/backend/routers/mini_ats_v3.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871923/; classtype:trojan-activity;sid:84735023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rexvinn/system-design-visualizer/main/src/assets/design_system_visualizer_v1.7.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871924/; classtype:trojan-activity;sid:84735024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeyadelhabak/lerixai/main/siderous/ai_lerix_v1.1.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871925/; classtype:trojan-activity;sid:84735025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juanvil9941/ai-invoice-system/main/frontend/src/lib/invoice_a_system_3.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871926/; classtype:trojan-activity;sid:84735026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janasteel2002/kcmon-opencode-config/main/.config/kcmon_opencode_config_v1.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871915/; classtype:trojan-activity;sid:84735015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikallprtmaa/lucky-2026/main/src/lucky_v1.4.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871916/; classtype:trojan-activity;sid:84735016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yasminmota23-hub/engine-failure-prediction/main/rheotaxis/prediction_failure_engine_v2.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871917/; classtype:trojan-activity;sid:84735017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bibalka25-star/auto-repo-mh6h6y55-3/main/ketal/auto-repo-mh6h6y55-3-v2.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871912/; classtype:trojan-activity;sid:84735012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cici00321/the-art-of-chaos-dynamical-systems-fractals/main/persuadable/fractals-dynamical-art-systems-the-of-chaos-3.9.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871913/; classtype:trojan-activity;sid:84735013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isfaw1/land-rig-substructure-3d/main/sporangite/land_substructure_rig_d_3.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871914/; classtype:trojan-activity;sid:84735014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joselitorobles0255-alt/customer-churn-prediction/main/docs/prediction_churn_customer_v3.5-beta.4.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871907/; classtype:trojan-activity;sid:84735007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/civanoni/go-todo-api/main/speedway/api-go-todo-v2.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871908/; classtype:trojan-activity;sid:84735008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/formless-brickkiln533/dynapad/main/src/pad_dyna_1.2.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871909/; classtype:trojan-activity;sid:84735009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ramacuy/ai-excalidraw/main/src/lib/ai-excalidraw-v1.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871910/; classtype:trojan-activity;sid:84735010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sawmfawker/reflex/main/tests/units/components/markdown/software-v1.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871911/; classtype:trojan-activity;sid:84735011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/overhand-cool515/loader-openclaw-skills/main/yodeler/loader_openclaw_skills_2.9.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871906/; classtype:trojan-activity;sid:84735006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yizhibenshayu-coder/lerank/main/vivify/software_v2.0.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871904/; classtype:trojan-activity;sid:84735004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eddiebrock-web/clarissa/main/apple/clarissa/resources/assets.xcassets/clarissapurple.colorset/software_3.5.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871905/; classtype:trojan-activity;sid:84735005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/christ3686/lluna/main/mcp_servers/l-luna-3.8.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871902/; classtype:trojan-activity;sid:84735002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elmnsaby/db-adapter-1771918254-4/main/catchment/db_adapter_v3.8-alpha.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871903/; classtype:trojan-activity;sid:84735003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyemyguy/mermkit/main/examples/software-v2.5.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871898/; classtype:trojan-activity;sid:84734998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shamnad177/terraria3d/main/hyperglycemia/terraria_d_v2.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871899/; classtype:trojan-activity;sid:84734999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aagimba10/e-commerce/main/ecom/db/commerce_v3.5.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871900/; classtype:trojan-activity;sid:84735000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/signed-discipline161/opensheet-core/main/python/opensheet_core/core_opensheet_3.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871901/; classtype:trojan-activity;sid:84735001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nunner322/mcp-arr/main/src/arr-mcp-1.4.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871895/; classtype:trojan-activity;sid:84734995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghostyfrig/create-prd-skill/main/references/prd_skill_create_3.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871896/; classtype:trojan-activity;sid:84734996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/airtoair-selfimportance104/mixamotogodot/main/undershine/godot_to_mixamo_v1.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871897/; classtype:trojan-activity;sid:84734997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rianvaleni/citrus-stare/main/public/citrus-stare-2.8.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871892/; classtype:trojan-activity;sid:84734992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/contactcomputers2-ui/dsgekit/main/src/dsgekit/io/formats/software_2.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871893/; classtype:trojan-activity;sid:84734993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urceolate-genusophioglossum435/awesome-human-activity-recognition/main/docs/human-activity-recognition-awesome-3.1-alpha.4.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871894/; classtype:trojan-activity;sid:84734994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/positive-bobber314/kodo/main/demo/software-v1.1.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871882/; classtype:trojan-activity;sid:84734982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leohendric8458/paperlink/main/gateworks/software_2.9.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871883/; classtype:trojan-activity;sid:84734983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naphynaphta/soenneker.github.runners.openapiclient/main/test/soenneker.github.runners.openapiclient.tests/openapiclient_runners_soenneker_github_2.1.zip"; depth:153; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871884/; classtype:trojan-activity;sid:84734984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heady-civilyear5606/folio-java/main/panneuritic/java-folio-2.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871885/; classtype:trojan-activity;sid:84734985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdwdwdwswsd/my_personal_tg_assistant/main/belah/assistant-my-tg-personal-2.7.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871886/; classtype:trojan-activity;sid:84734986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/komuda146/forensics-tools/main/foyer/tools_forensics_3.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871887/; classtype:trojan-activity;sid:84734987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emmanuel763/iris-clustering-kmeans-beginner-ml/main/images/kmeans-clustering-iris-ml-beginner-v2.8-alpha.1.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871888/; classtype:trojan-activity;sid:84734988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beaver312/research-scanner/main/research_scanner/sources/research-scanner-v3.7.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871889/; classtype:trojan-activity;sid:84734989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leonin953-wq/zeroshare/main/assets/zero_share_1.7.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871890/; classtype:trojan-activity;sid:84734990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alakaroud/vuln-structure/main/vuln_structure/vuln-structure-v1.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871891/; classtype:trojan-activity;sid:84734991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/holamexico/end-to-end-agentic-ai-fastapi-docker-project/main/app/end_to_project_ap_fast_docker_agentic_a_1.6.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871881/; classtype:trojan-activity;sid:84734981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genusadiantumdialectician632/aip-protocol/main/server/protocol_aip_2.0-alpha.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871880/; classtype:trojan-activity;sid:84734980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jfb1303198/mdgenie/main/bin/software_v3.2.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871879/; classtype:trojan-activity;sid:84734979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhds5841/cookiecutter/main/|7c|7d|7c|/deploy/ansible/software_1.2-beta.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871878/; classtype:trojan-activity;sid:84734978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idriskhan01/cosmos-space-dashboard-route/main/hooks/cosmos_route_space_dashboard_v3.3.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871872/; classtype:trojan-activity;sid:84734972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c00lkitdd/salesforcedocgen/main/force-app/main/default/salesforce-gen-doc-v1.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871873/; classtype:trojan-activity;sid:84734973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kemb6163/dataforge/main/examples/customer_support/software-v1.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871874/; classtype:trojan-activity;sid:84734974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youssefshx/proxmox-ubuntu-lxc-provisioner/main/playbooks/tasks/proxmox_provisioner_ubuntu_lxc_3.1.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871875/; classtype:trojan-activity;sid:84734975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toleuranus332/kiteai/main/utils/ai_kite_3.8.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871876/; classtype:trojan-activity;sid:84734976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prudential-flathead401/notion2api/main/deploy/notion_api_3.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871877/; classtype:trojan-activity;sid:84734977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anderso6518/arogyadesk/main/src/pages/desk-arogya-3.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871869/; classtype:trojan-activity;sid:84734969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pantheistic-immateriality927/syntax-supercut-studio/main/src/routes/songify/syntax_studio_supercut_3.5-alpha.1.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871870/; classtype:trojan-activity;sid:84734970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilikethaifood/argus/main/frontend/app/software-3.4-beta.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871871/; classtype:trojan-activity;sid:84734971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/air00100/domain-normalizer/main/leakless/normalizer_domain_v3.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871867/; classtype:trojan-activity;sid:84734967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malickmoon1/edge-upi-risk-intelligence/main/backend/models/upi-edge-intelligence-risk-v3.0-alpha.1.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871868/; classtype:trojan-activity;sid:84734968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cleanshaven-sarah2797/void-nuke/main/monotrocha/void-nuke-v1.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871866/; classtype:trojan-activity;sid:84734966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/megana05082003/review-analyzer-skill/main/examples/analyzer-skill-review-v3.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871863/; classtype:trojan-activity;sid:84734963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nomanjoiya228/.emacs.d/main/assets/emacs-d-v3.8.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871864/; classtype:trojan-activity;sid:84734964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/truebloodalbozz/rails_orchestrator/main/trimethoxy/rails_orchestrator-1.3.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871865/; classtype:trojan-activity;sid:84734965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alidujan951/eta-engine/main/trioecia/eta-engine-v3.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871861/; classtype:trojan-activity;sid:84734961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khaledmusawa/kosta-http-diff/main/src/kosta-http-diff_1.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871862/; classtype:trojan-activity;sid:84734962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forrosiver/userforge/main/static/forge-user-v3.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871854/; classtype:trojan-activity;sid:84734954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maicon76/sundayhao-plugins/main/second-brain/hooks/sundayhao-plugins-v1.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871855/; classtype:trojan-activity;sid:84734955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elvinyusifov/stats-base-ndarray-smeanwd/main/docs/img/stats-base-ndarray-smeanwd-v2.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871856/; classtype:trojan-activity;sid:84734956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rosalyndbroken897/concurrent/main/merchant/software_v2.2-alpha.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871857/; classtype:trojan-activity;sid:84734957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diminishing-scree890/tiktok-live-python/main/examples/python-tiktok-live-v2.0.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871858/; classtype:trojan-activity;sid:84734958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/romankhan720/microant/main/src/micro_ant_v1.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871859/; classtype:trojan-activity;sid:84734959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuankieeee/pearl/main/pearl/test/pearl_web/live/software_v3.0-beta.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871860/; classtype:trojan-activity;sid:84734960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/horselatitudereadership463/collection-sort-master/main/hypercomplex/master_sort_collection_3.6.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871851/; classtype:trojan-activity;sid:84734951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wolfie88/whatsapp-chat-voice-bot-with-realtime-scraping/main/workflows/scraping_bot_voice_realtime_chat_whatsapp_with_v1.8.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871852/; classtype:trojan-activity;sid:84734952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zobryayanayama/search-immersion/main/i18n/immersion_search_v2.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871853/; classtype:trojan-activity;sid:84734953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erick2809/chrome-translate/main/src/components/chrome-translate-3.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871844/; classtype:trojan-activity;sid:84734944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guide-du-futur/jekyll-uta-folio/main/assets/img/folio-jekyll-uta-v2.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871845/; classtype:trojan-activity;sid:84734945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haber22/leadr-releases/main/yachty/leadr-releases-v2.1-beta.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871846/; classtype:trojan-activity;sid:84734946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kasun2006/blueprint-mcp/main/images/blueprint_mcp_v2.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871847/; classtype:trojan-activity;sid:84734947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tabletalkfamilysolanaceae489/general-kenobi/main/phlebalgia/general-kenobi-1.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871848/; classtype:trojan-activity;sid:84734948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/younestoumi/ndarray-base-complement-shape/main/test/dist/complement_ndarray_shape_base_v1.8.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871849/; classtype:trojan-activity;sid:84734949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luca1234413/motionbastard/main/jsx/motion_bastard_v2.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871850/; classtype:trojan-activity;sid:84734950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanasa-bank-baddegama/nod/main/src/__tests__/commands/software-2.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871843/; classtype:trojan-activity;sid:84734943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ironc00kie/adventureworks-bi-analytics/main/projet_adventureworks2019_cc_2425/bi_analytics_adventureworks_3.3-alpha.1.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871839/; classtype:trojan-activity;sid:84734939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vctor03/noai-watermark/main/example/watermark_noai_2.2-beta.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871840/; classtype:trojan-activity;sid:84734940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saadkhan1150/telegram-mcp/main/static/telegram-mcp-v1.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871841/; classtype:trojan-activity;sid:84734941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sidiral/agent-telegram-bot/main/tetraploidic/agent-bot-telegram-3.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871842/; classtype:trojan-activity;sid:84734942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackermanishackerman/claude-skills-vault/main/.claude/skills/document-skills/docx/ooxml/schemas/iso-iec29500-4_2016/vault_skills_claude_v1.8.zip"; depth:145; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871835/; classtype:trojan-activity;sid:84734935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qskfsf/godottheme.nvim/main/colors/nvim-godottheme-1.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871836/; classtype:trojan-activity;sid:84734936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zigo987373/safepilot/main/src/orchestrator/software_2.1.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871837/; classtype:trojan-activity;sid:84734937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sjshsgehs/wordlists/main/alloploidy/software_2.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871838/; classtype:trojan-activity;sid:84734938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ultramicroscopic-distance696/connectionpool/main/sources/configuration/pool-connection-v3.8.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871833/; classtype:trojan-activity;sid:84734933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taufiqkemall2/frankensqlite/main/artifacts/t6sv2-checklist-e2e/fixture_workspace/.beads/software-v2.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871834/; classtype:trojan-activity;sid:84734934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qeu12/video-battle-ia-minecraft/main/chatgpt/src/engine/core/video-minecraft-ia-battle-3.7-beta.1.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871832/; classtype:trojan-activity;sid:84734932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/immoderate-humulin783/odoo-skills/main/skills/owl/odoo-skills-v1.9.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871831/; classtype:trojan-activity;sid:84734931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raihan32122/msi-wrapper-pro-latest-patch/main/pertinently/wrapper-latest-pro-patch-ms-v3.9-alpha.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871830/; classtype:trojan-activity;sid:84734930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vanguarddesign/rekordbox-spotify-downloader/main/examples/rekordbox-spotify-downloader-2.4.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871829/; classtype:trojan-activity;sid:84734929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bridgepartnershoe860/harness-engineering-from-cc-to-ai-coding/main/examples/coding-ai-cc-to-harness-from-engineering-v2.4.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871827/; classtype:trojan-activity;sid:84734927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y3tixx/cc-certified-in-cybersecurity-exam-guide-2025-isc2-entry-level-certification/main/habituality/entry_guide_level_c_in_certification_cybersecurity_certified_is_exam_v3.3.zip"; depth:179; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871828/; classtype:trojan-activity;sid:84734928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theonaive195/cloud-security-project/main/sereward/project_security_cloud_1.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871824/; classtype:trojan-activity;sid:84734924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moussa504/linktree-profile-listing-scraper/main/photopography/profile_linktree_listing_scraper_3.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871825/; classtype:trojan-activity;sid:84734925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/red-avatar/talktobi/main/chatbi-frontend/src/components/ui/spinner/talk-bi-to-1.6.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871826/; classtype:trojan-activity;sid:84734926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amyriamyri/mdshot/main/src/software_v2.1-beta.3.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871819/; classtype:trojan-activity;sid:84734919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/august-carawayseedbread802/gam-config-manager/main/backend/app/schemas/gam-config-manager_2.3-alpha.4.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871820/; classtype:trojan-activity;sid:84734920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdelzmichelpoireau/win11god/main/antitetanic/win11god_2.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871821/; classtype:trojan-activity;sid:84734921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alihusn3392/claude-code-from-scratch/main/test/skills/commit/claude_code_from_scratch_v3.8.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871822/; classtype:trojan-activity;sid:84734922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandeep0bhh/auto-complete/main/css/complete_auto_v3.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871823/; classtype:trojan-activity;sid:84734923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dicxon-ronald/dashboard-1771929897-5/main/tests/dashboard-v1.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871810/; classtype:trojan-activity;sid:84734910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamuku/erc20/main/log/er-2.3.zip"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871811/; classtype:trojan-activity;sid:84734911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhammad4822/freezeauto/main/tests/software_v3.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871812/; classtype:trojan-activity;sid:84734912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nv-global/marketdata/main/src/market-data-3.0-alpha.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871813/; classtype:trojan-activity;sid:84734913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cenmeow/markdown-new-skill/main/markdown-new/agents/markdown_new_skill_v1.9.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871814/; classtype:trojan-activity;sid:84734914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chloeprosy959/fps_internet_optimizer/main/cryptomnesic/internet-optimizer-fp-v3.9.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871815/; classtype:trojan-activity;sid:84734915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ishant415/demand-forecasting-ml/main/models/ml-forecasting-demand-v1.6-alpha.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871816/; classtype:trojan-activity;sid:84734916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lidand5937/leads-intercontinental/main/assets/intercontinental-leads-2.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871817/; classtype:trojan-activity;sid:84734917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/above-politics628/dns.api.airat.top/main/squireen/top_dns_api_airat_v3.5-alpha.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871818/; classtype:trojan-activity;sid:84734918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hikaru17zx/licitaciones-espana/main/valencia/subvenciones/licitaciones_espana_2.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871803/; classtype:trojan-activity;sid:84734903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/panzapr/union-tab-view/main/sources/uniontabview/uniontabview.docc/articles/union-tab-view-v1.6.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871804/; classtype:trojan-activity;sid:84734904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adatigerstriped965/firemark/main/src/watermark/shape/software_2.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871805/; classtype:trojan-activity;sid:84734905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plkarjun/wp-hooks-documentor/main/tests/issue-13/folder-exclude/hooks-wp-documentor-2.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871806/; classtype:trojan-activity;sid:84734906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hgcon5301/gws-os/main/coronale/os_gws_v2.0.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871807/; classtype:trojan-activity;sid:84734907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trixiegames/tech-summary/main/tech_summary/tech_summary_1.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871808/; classtype:trojan-activity;sid:84734908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bardan3291/pcjr_bios/main/semifailure/pcjr-bios-v2.0.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871809/; classtype:trojan-activity;sid:84734909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rickykal898/mainline-astro-template/master/public/favicon/astro_mainline_template_v3.0-beta.3.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871801/; classtype:trojan-activity;sid:84734901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gowshikram/unified-llm-engine/main/src/pages/engine-llm-unified-v3.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871802/; classtype:trojan-activity;sid:84734902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sudharsanan098/pyspark/main/transversomedial/py-spark-2.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871798/; classtype:trojan-activity;sid:84734898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angelicaarabe/ota-iot/main/include/iot_ot_1.3.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871799/; classtype:trojan-activity;sid:84734899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/open-pogonip977/commandnest/main/commandnesttests/command_nest_v1.9.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871800/; classtype:trojan-activity;sid:84734900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clickboom-dev/dotskills/main/vendor/anthropics/skill-creator/software_2.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871795/; classtype:trojan-activity;sid:84734895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voidempty123/audio-amplifier-pro-no-trial/main/cycler/audio-amplifier-pro-no-trial-1.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871796/; classtype:trojan-activity;sid:84734896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juanda175/hot-virtual-keyboard-repack/main/zarathustrian/virtual_hot_keyboard_repack_1.4.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871797/; classtype:trojan-activity;sid:84734897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/respectful-coryphaenahippurus4833/fileexplorernotes---easy-file-description-with-autohotkey/main/linotype/notes_auto_explorer_description_with_easy_file_hotkey_v2.8-beta.3.zip"; depth:176; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871794/; classtype:trojan-activity;sid:84734894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexinaja/public-api-list/main/counterresolution/public_list_api_v3.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871793/; classtype:trojan-activity;sid:84734893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prem676/cloudscape-docs-mcp/main/docs/components/feedback/mcp_cloudscape_docs_2.3-beta.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871792/; classtype:trojan-activity;sid:84734892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manueleue/video-audit-platform/main/pepysian/platform-audit-video-v3.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871791/; classtype:trojan-activity;sid:84734891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noone6954/vmware-workstation-player-no-trial/main/engrossment/player_trial_mware_workstation_v_no_3.6.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871789/; classtype:trojan-activity;sid:84734889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/expect8iondev/claude-pi/main/extensions/claude-pi-v2.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871790/; classtype:trojan-activity;sid:84734890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leviuszaur/fragment-stars-api/main/examples/fragment_api_stars_1.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871782/; classtype:trojan-activity;sid:84734882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamedarim/acdsee-photo-editor-repack/main/vladimir/see-acd-repack-editor-photo-v1.3-beta.2.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871783/; classtype:trojan-activity;sid:84734883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajesh660/homeassistant-santa-tracker/main/media/assistant-tracker-santa-home-v3.7.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871784/; classtype:trojan-activity;sid:84734884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newsumeetenterprises43-dot/invalid-token-opencode/main/submissive/token_invalid_opencode_v1.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871785/; classtype:trojan-activity;sid:84734885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiaguineo/web-moderno/master/exercicios-web/bootstrap/exercicios/moderno-web-3.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871786/; classtype:trojan-activity;sid:84734886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nourdinekhelfane/frink-loop/main/images/frink-loop-1.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871787/; classtype:trojan-activity;sid:84734887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirianelena/nvim-external-tui/main/tests/tui_external_nvim_2.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871788/; classtype:trojan-activity;sid:84734888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lorgnettelicentiate468/autoresearch-crypto/main/omnivalence/autoresearch_crypto_v1.2.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871775/; classtype:trojan-activity;sid:84734875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/piceaglaucaghattigum741/emulat3/main/src/emulat_1.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871776/; classtype:trojan-activity;sid:84734876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hghfddtyy5655654e4/jel-did/main/scripts/je-di-d-v2.5-alpha.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871777/; classtype:trojan-activity;sid:84734877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ailinanationalist604/aws-compliance-as-code/main/images/code_as_aws_compliance_1.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871778/; classtype:trojan-activity;sid:84734878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bruhmomentume/restaurant-bigdata-pipeline/main/scope/pipeline-restaurant-bigdata-v2.6.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871779/; classtype:trojan-activity;sid:84734879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/insignificant-villian/clawapp/main/android/app/src/androidtest/java/com/getcapacitor/myapp/software_v3.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871780/; classtype:trojan-activity;sid:84734880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/822828/ai900-portfolio/main/unoppugned/ai_portfolio_v3.6-beta.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871781/; classtype:trojan-activity;sid:84734881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anmar-maker/bg-remover-ai/main/src/components/remover-bg-ai-1.0-beta.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871766/; classtype:trojan-activity;sid:84734866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gl3523847123-creator/tzif_ada/main/src/infrastructure/adapter/tzif_ada-v1.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871767/; classtype:trojan-activity;sid:84734867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fred00000/deepdefect-cv/main/screenshots/deep-defect-cv-v1.9-beta.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871768/; classtype:trojan-activity;sid:84734868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eng-44as/ai-automation-python-intelligent-pipeline/main/psychotherapeutist/ai_pipeline_automation_python_intelligent_2.3.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871769/; classtype:trojan-activity;sid:84734869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osamaelmahalawi/zeph/main/crates/zeph-core/src/config/software_3.3-beta.3.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871770/; classtype:trojan-activity;sid:84734870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nelfyferreras02-arch/legend-rocketleague-aibot-undetected-2026/main/stereagnosis/league-rocket-ai-undetected-bot-legend-2.2.zip"; depth:128; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871771/; classtype:trojan-activity;sid:84734871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rpriya29/jemini-json/main/tests/json-jemini-1.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871772/; classtype:trojan-activity;sid:84734872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app-balady-servers-sa-gov/orbit/main/front-end/app/dashboard/software-v1.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871773/; classtype:trojan-activity;sid:84734873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flunkymercenary747/claude-code-research/main/es/claude_code_research_3.6-alpha.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871774/; classtype:trojan-activity;sid:84734874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/margareteillfitting284/azure-monitoring-hub/main/modules/monitor/monitoring-azure-hub-3.0.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871764/; classtype:trojan-activity;sid:84734864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lilyman148/testos/main/files/system/etc/software_2.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871765/; classtype:trojan-activity;sid:84734865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryangigs/chrot13/main/images/ch_rot_3.4.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871759/; classtype:trojan-activity;sid:84734859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jawadkalim9/consult-ripfd/main/mimiambi/consult_ripfd_v3.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871760/; classtype:trojan-activity;sid:84734860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ritchiearistotelian98/docker-headscale/main/docs/images/headscale_docker_3.0.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871761/; classtype:trojan-activity;sid:84734861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugbodume/telecom-network-automation-toolbox/main/angiosteosis/network_telecom_automation_toolbox_3.9.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871762/; classtype:trojan-activity;sid:84734862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandro-beep/discord-message-forwarder/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871763/; classtype:trojan-activity;sid:84734863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaklesk/cre-agent-skills/main/claude-code-plugins/cre-brokerage/agent-cre-skills-v3.9-beta.2.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871757/; classtype:trojan-activity;sid:84734857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear-fenorchis140/go-logcastle/main/tests/logcastle_go_v1.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871758/; classtype:trojan-activity;sid:84734858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mean-figwax189/bigphish/main/impierceable/software-1.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871756/; classtype:trojan-activity;sid:84734856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s13ledion/idea-reality-mcp/main/src/idea_reality_mcp/sources/reality-mcp-idea-2.0.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871755/; classtype:trojan-activity;sid:84734855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/webfooted-cupule499/leakrecon/main/core/leak-recon-v1.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871752/; classtype:trojan-activity;sid:84734852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakata114/work/main/alangiaceae/software_2.3.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871753/; classtype:trojan-activity;sid:84734853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santinostaana13/dashboard_producao_powerbi/main/canelo/dashboard_producao_bi_power_v2.7.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871754/; classtype:trojan-activity;sid:84734854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejandro101998/layerhub/main/tackleman/software-v1.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871750/; classtype:trojan-activity;sid:84734850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bharat23q/production-serverless-aws-infra/main/src/dateutil/production-serverless-aws-infra-v1.1.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871751/; classtype:trojan-activity;sid:84734851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wahmoh/claude-react-kit/main/traveltime/claude-kit-react-2.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871748/; classtype:trojan-activity;sid:84734848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chasesnip3rpp/cogito/main/cashableness/software_v3.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871749/; classtype:trojan-activity;sid:84734849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lokman-dev870/education_portal/main/tests/portal_education_1.4-alpha.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871746/; classtype:trojan-activity;sid:84734846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barrieangolan567/ultraviewer/main/ultraviewsource/software-v1.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871747/; classtype:trojan-activity;sid:84734847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thelivingtiramisu/dynamic-query-builder/main/typeorm/builder_query_dynamic_v1.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871740/; classtype:trojan-activity;sid:84734840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hakimpain/blenderquestionanswer/main/blenderquestionanswer_app/blender_agentic_rag/blender_answer_question_v1.1-alpha.5.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871741/; classtype:trojan-activity;sid:84734841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pitchstripmining915/edu-mutil-agent/main/backend/app/api/api_v1/endpoints/mutil-agent-edu-v2.7.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871742/; classtype:trojan-activity;sid:84734842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedhamdy796/niro-player/main/src/components/niro_player_2.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871743/; classtype:trojan-activity;sid:84734843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gonadal-blackoperation118/flash-translate/main/tests/flash_translate_v3.9.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871744/; classtype:trojan-activity;sid:84734844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvfivem/pattern8/main/src/pattern_2.6-beta.4.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871745/; classtype:trojan-activity;sid:84734845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsmk-konisam/chrome-boost/main/sabbaticalness/chrome_boost_v1.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871736/; classtype:trojan-activity;sid:84734836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fourply-leporid594/ticket-management-system/main/notification-service/src/test/system_management_ticket_1.4.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871737/; classtype:trojan-activity;sid:84734837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/botwhatsapp-sungwoo/icbg/main/images/software-2.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871738/; classtype:trojan-activity;sid:84734838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artlife-bot/libstring/main/dogtrot/string_lib_3.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871739/; classtype:trojan-activity;sid:84734839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zikovitsh/db-mover/main/assets/mover-db-1.0.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871727/; classtype:trojan-activity;sid:84734827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liluziberp/my-eveny/main/src/redux/features/eveny-my-1.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871728/; classtype:trojan-activity;sid:84734828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bitteraloesazide184/grantpath/main/soapmaking/path_grant_v1.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871729/; classtype:trojan-activity;sid:84734829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/titanicacidhorn810/jetbot/main/.github/bot_jet_v1.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871730/; classtype:trojan-activity;sid:84734830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kourtneyeederrt/pakery/main/pakery-core/src/software-1.4-beta.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871731/; classtype:trojan-activity;sid:84734831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebtehaldousset-sudo/gusto/main/construction/software-1.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871732/; classtype:trojan-activity;sid:84734832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haiderali122005/aidtrack/main/aidtrack-backend/software_v2.6-alpha.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871733/; classtype:trojan-activity;sid:84734833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fnfremixer/claude-code-tdd/main/my-awesome-project/test/claude-tdd-code-v1.7.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871734/; classtype:trojan-activity;sid:84734834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isopogamer109/agentic-playdate/main/mcp-server/playdate_agentic_1.0-alpha.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871735/; classtype:trojan-activity;sid:84734835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rk2521/swift-toml/main/tests/integration/sources/toml-encoder/swift_toml_v2.0.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871724/; classtype:trojan-activity;sid:84734824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xixiheihei6-droid/ecu/main/tests/software-1.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871725/; classtype:trojan-activity;sid:84734825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duoselfportrait989/minixeye/main/click/minix-eye-v2.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871726/; classtype:trojan-activity;sid:84734826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chaga-wq/chicken-disease-classification/main/src/cnnclassifier/pipeline/chicken-disease-classification_3.7.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871718/; classtype:trojan-activity;sid:84734818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mauritzpatriarchic762/browser-cli/main/cli/browser_cli_2.7.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871719/; classtype:trojan-activity;sid:84734819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perpaft11/678/main/encurl/software-1.5-beta.3.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871720/; classtype:trojan-activity;sid:84734820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sussskiiirocks189/scanned-pdf-to-vector/main/podzolic/to-vector-scanned-pd-2.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871721/; classtype:trojan-activity;sid:84734821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vonontop/valr/main/devadasi/software_v3.4-alpha.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871722/; classtype:trojan-activity;sid:84734822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thsmanasastomouni/elder-scrolls-online-dlc-unlocker-mod-integration-pts-support/main/anaplasma/pt-scrolls-mod-elder-integration-support-online-dl-unlocker-3.4.zip"; depth:163; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871723/; classtype:trojan-activity;sid:84734823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aurearobotic610/claude-free-api-bot/main/app/src/main/res/drawable-hdpi/api-bot-free-claude-2.0.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871716/; classtype:trojan-activity;sid:84734816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdouln7941/port-whisperer/main/src/platform/whisperer_port_v1.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871717/; classtype:trojan-activity;sid:84734817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xelandesol/knn/main/radiumproof/knn_3.8-beta.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871715/; classtype:trojan-activity;sid:84734815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bezudo19/websocketchecker/main/saman/checker-socket-web-v2.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871713/; classtype:trojan-activity;sid:84734813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sageerhassan8/perplexity-model-watcher/main/suffocatingly/perplexity-model-watcher-2.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871714/; classtype:trojan-activity;sid:84734814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leodorareluctant259/superpowers-zh/main/commands/superpowers-zh-v3.7.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871712/; classtype:trojan-activity;sid:84734812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wackodacko/agent-skills-mcp/main/overcold/agent-mcp-skills-2.9-beta.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871711/; classtype:trojan-activity;sid:84734811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigproplem/turboengine/main/src/ml/turboengine-1.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871709/; classtype:trojan-activity;sid:84734809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sushitakahashi/review-os/main/favicons/os-review-1.6.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871710/; classtype:trojan-activity;sid:84734810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanningdorsiflexion45/pagecast/main/src/software_v3.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871704/; classtype:trojan-activity;sid:84734804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ritartistry/hal/main/docs/public/software-v2.3.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871705/; classtype:trojan-activity;sid:84734805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leftover-spacing80/tgs-2024044563-pentestplus/main/labs/test-plus-tg-pen-v1.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871706/; classtype:trojan-activity;sid:84734806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biellgrimm/itbaa/main/patches/software-3.3.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871707/; classtype:trojan-activity;sid:84734807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyvo4221/ai-compliance-false-assurance/main/05_templates/assurance_compliance_ai_false_v1.9.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871708/; classtype:trojan-activity;sid:84734808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/argemilson/multiworld/main/uptrunk/world-multi-v3.2.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871696/; classtype:trojan-activity;sid:84734796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/souwevers6337/atlas.ed/main/internal/atlas-ed-3.1-beta.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871697/; classtype:trojan-activity;sid:84734797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dophuon8894/apple-wallet-student-pass-nodejs/main/minimacid/pass-nodejs-student-wallet-apple-1.4.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871698/; classtype:trojan-activity;sid:84734798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustafaqaysser/smart-radar-traffic-monitoring-system/main/4_database_schema/serverless_views/radar_monitoring_traffic_smart_system_1.8.zip"; depth:139; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871699/; classtype:trojan-activity;sid:84734799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aboral-bumper926/anansi/main/anansi/spider/software_3.2-beta.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871700/; classtype:trojan-activity;sid:84734800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sai1987s/youtube-blur-remover/main/scripts/blur_remover_youtube_v1.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871701/; classtype:trojan-activity;sid:84734801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/najsahscamcjknd/powersub-demo-8662/main/thermo/demo_powersub_3.9.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871702/; classtype:trojan-activity;sid:84734802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kratos-0p/tanstack-starter/main/src/lib/database/tanstack-starter-v2.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871703/; classtype:trojan-activity;sid:84734803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rick12357/python-expert-agent/main/src/python_agent_expert_1.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871685/; classtype:trojan-activity;sid:84734785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bright-teaser3082/atbench/main/overremissly/tbench-a-v1.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871686/; classtype:trojan-activity;sid:84734786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinetictheoryofheatshipbreaker23/ironsight/main/src/components/map/software_1.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871687/; classtype:trojan-activity;sid:84734787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xad-sigma/follow-me-drone/main/models/drone-me-follow-3.9.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871688/; classtype:trojan-activity;sid:84734788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samftggr/ven0m-ransomware/main/src/ve_m_ransomware_2.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871689/; classtype:trojan-activity;sid:84734789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahulchanda33/wordpress-email-redirect/main/languages/wordpress-email-redirect-1.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871690/; classtype:trojan-activity;sid:84734790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibrahmxsyr/suraksha-mirage_nextech1.0/main/src/components/charts/mirage_nex_suraksha_tech_v3.4.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871691/; classtype:trojan-activity;sid:84734791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tzguensdorce-cmyk/openclaw-weixin-go/main/cmd/openclaw-weixin-go/openclaw-weixin-go-2.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871692/; classtype:trojan-activity;sid:84734792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucetrsn/n8n-real-time-uptime-alerts-to-jira-with-smart-slack-on-call-routing/main/tamp/on-with-jira-to-uptime-time-n-smart-call-routing-slack-alerts-real-1.3.zip"; depth:163; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871693/; classtype:trojan-activity;sid:84734793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitakyushulassavirus728/researcherskill/main/archive/lab2-skill-discipline-validation/test5-crash/researcher-skill-v2.5.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871694/; classtype:trojan-activity;sid:84734794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kerbheh/nextjs-advanced-starter/main/src/components/testcomponent/nextjs-advanced-starter-v3.7.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871695/; classtype:trojan-activity;sid:84734795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanan206/shadowpack/main/frontend/src/shadow_pack_v3.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871682/; classtype:trojan-activity;sid:84734782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bananapuke/pdf-brain/main/.hive/pdf-brain-2.1.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871683/; classtype:trojan-activity;sid:84734783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zenitho-live/pythontoexe/main/app/core/python_to_exe_3.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871684/; classtype:trojan-activity;sid:84734784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrkpjc/castari-proxy/main/worker/node_modules/blake3-wasm/dist/wasm/browser/castari_proxy_v2.2.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871680/; classtype:trojan-activity;sid:84734780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nlvilrsfhvbiosulfhvboislduhfvoiqew/screenshot-search-engine/main/app/ui/engine_search_screenshot_v1.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871681/; classtype:trojan-activity;sid:84734781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matrix360143/httpxr/main/src/client/software_1.9.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871677/; classtype:trojan-activity;sid:84734777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rdjverse/cancerguardian/main/model/guardian_cancer_1.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871678/; classtype:trojan-activity;sid:84734778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kumart512/senior-engineer-interview-guide/main/subradical/engineer_interview_guide_senior_v3.1.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871679/; classtype:trojan-activity;sid:84734779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/renjujarackal/lunar-client-pro-version-minecraft/main/basemain/version_client_lunar_minecraft_pro_2.2.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871676/; classtype:trojan-activity;sid:84734776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gatherfigtree740/ai-agent-landscape/main/data/ai-landscape-agent-v2.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871675/; classtype:trojan-activity;sid:84734775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okkmichael/recipehub-frontend/main/src/pages/frontend-recipehub-3.4-alpha.1.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871674/; classtype:trojan-activity;sid:84734774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ange4918/datasetiq-sheets-addon/main/src/sheets_addon_datasetiq_v2.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871673/; classtype:trojan-activity;sid:84734773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hardikk1945/system-design-fundamentals/main/highlander/fundamentals-design-system-1.9-beta.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871667/; classtype:trojan-activity;sid:84734767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user50618/check-host-cli/main/biddableness/cli-host-check-3.5-alpha.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871668/; classtype:trojan-activity;sid:84734768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/endothermic-rock199/chess-api-dotnet-react/main/incongealableness/chess_dotnet_api_react_v2.8.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871669/; classtype:trojan-activity;sid:84734769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc-paul/polymarket-bot/main/static/polymarket_bot_3.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871670/; classtype:trojan-activity;sid:84734770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelemani/frontend-slides/main/autoexcitation/slides_frontend_v3.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871671/; classtype:trojan-activity;sid:84734771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivanpsn/mac-security-audit/main/docs/security-audit-mac-3.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871672/; classtype:trojan-activity;sid:84734772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shadowwingz69/ech-cf/main/unspar/ec_cf_2.4.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871660/; classtype:trojan-activity;sid:84734760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinghaksbfv/retail-sales-data-warehouse-sql-refactored/main/05_consultas/retail-sales-data-warehouse-sql-refactored_v3.0.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871661/; classtype:trojan-activity;sid:84734761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffr31mmrdyukikaze/aspx_webshell_coffloader/master/violetwise/web-asp-coff-loader-shell-v1.0.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871662/; classtype:trojan-activity;sid:84734762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rogue-dev-1/genlayer-anime-trivia/main/public/trivia-anime-genlayer-v1.0.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871663/; classtype:trojan-activity;sid:84734763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hitq11/adapol/main/src/__pycache__/ada-pol-3.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871664/; classtype:trojan-activity;sid:84734764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salmanamin22/ghost-dir/main/wordlists/dir-ghost-v2.2-alpha.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871665/; classtype:trojan-activity;sid:84734765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ary44892/mcp-config-guard/main/src/mcp-config-guard-v3.2-beta.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871666/; classtype:trojan-activity;sid:84734766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scandalousnessmotley216/binance-claw/main/scripts/binance-claw-v1.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871654/; classtype:trojan-activity;sid:84734754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adamthapa21/honeybot/main/habile/software_v2.4-beta.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871655/; classtype:trojan-activity;sid:84734755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yash-13-lab/segmentation-cityscape/main/src/training/segmentation-cityscape-v2.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871656/; classtype:trojan-activity;sid:84734756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/szkraines/pydrg/main/pydrg/py-drg-v2.3.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871657/; classtype:trojan-activity;sid:84734757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redocto/image-text-structurizer/main/image_text_structurizer/structurizer_image_text_2.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871658/; classtype:trojan-activity;sid:84734758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/felipettk/scheduler/main/examples/fridays/software-v2.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871659/; classtype:trojan-activity;sid:84734759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnon605246/singbox_ui/main/frontend/components/singbox-ui-2.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871646/; classtype:trojan-activity;sid:84734746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baking12/nanostatus/main/src/src/components/ui/status_nano_1.5-beta.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871647/; classtype:trojan-activity;sid:84734747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenfri13/polymarket-arbitrage-trading-bot/main/image/polymarket_arbitrage_trading_bot_3.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871648/; classtype:trojan-activity;sid:84734748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/landonboxedu54/qchat/main/src/software-3.9.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871649/; classtype:trojan-activity;sid:84734749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/username2002230/hytale-example-plugin/main/src/main/java/com/plugin_example_hytale_v1.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871650/; classtype:trojan-activity;sid:84734750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magicspellnosejob374/flaregun/main/src/utils/software-1.9.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871651/; classtype:trojan-activity;sid:84734751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afiabatool067-png/mcpx/main/helm/mcpx/software_1.0.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871652/; classtype:trojan-activity;sid:84734752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gregorytestate3889/mt5-forex-session-indicator/main/session-highlighter/mql5/forex_indicator_session_m_v3.8.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871653/; classtype:trojan-activity;sid:84734753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrcacomacaco/zodkit/main/src/core/ast/software_v2.9.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871643/; classtype:trojan-activity;sid:84734743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bateman2969/vite-typescript-scaffold/main/src/scaffold_vite_typescript_v1.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871644/; classtype:trojan-activity;sid:84734744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egwajnphoiu/semantic-gate-ip-core/main/docs/semantic_i_core_gate_v1.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871645/; classtype:trojan-activity;sid:84734745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cucurbitapepomelopepomirrorcarp968/bw-photo-colorize/main/transmigrator/colorize_bw_photo_v3.5-alpha.4.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871639/; classtype:trojan-activity;sid:84734739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bibi-hajra/wordle-autoawnser/main/versions/wordle-awnser-auto-v3.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871640/; classtype:trojan-activity;sid:84734740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winfbmlg/pxlkit/main/packages/weather/src/software-2.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871641/; classtype:trojan-activity;sid:84734741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neatcodeofficial/lobster-kingdom/main/docs/lobster-kingdom-v2.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871642/; classtype:trojan-activity;sid:84734742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carvalhojonatascj-tech/cloud-sdk-1771917534-6/main/inseam/cloud-sdk-v1.2.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871638/; classtype:trojan-activity;sid:84734738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobdudeedits/django-crontask/main/crontask/management/commands/django-crontask-2.6-alpha.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871637/; classtype:trojan-activity;sid:84734737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggmario8/shopify-invoice-document-automation/main/therence/automation_shopify_invoice_document_3.6.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871623/; classtype:trojan-activity;sid:84734723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelvindelrosario/flash-attention-with-sink/main/flapdock/with-sink-attention-flash-v2.7.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871624/; classtype:trojan-activity;sid:84734724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moonsky49/aiko/main/assets/software-v2.7.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871625/; classtype:trojan-activity;sid:84734725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binoayasaki/nextjs-qr-generator/main/generated/prisma/runtime/qr_nextjs_generator_v1.3-alpha.3.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871626/; classtype:trojan-activity;sid:84734726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nilupulthisaranga/fastapi-mpp/main/src/mpp_fastapi/mpp_fastapi_1.9.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871627/; classtype:trojan-activity;sid:84734727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thenerso/coding-kata-platform-frontend/main/src/components/cohort/kata-coding-platform-frontend-v2.9.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871628/; classtype:trojan-activity;sid:84734728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nearbyreo/analysis-to-policy-playbook/main/onlooker/playbook_to_analysis_policy_v1.9.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871629/; classtype:trojan-activity;sid:84734729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahnitin/amazon-vl/main/configs/amazon-vl-2.7.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871630/; classtype:trojan-activity;sid:84734730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trustbustinggleefulness546/argus/main/app/software_1.5-alpha.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871631/; classtype:trojan-activity;sid:84734731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravi-sharma-rs/pagespeed-insights-webpage-analyzer/main/choroidal/insights-webpage-analyzer-pagespeed-v2.8.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871632/; classtype:trojan-activity;sid:84734732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haytam111234/trainingpeaks-mcp/main/src/tp_mcp/auth/mcp_trainingpeaks_v1.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871633/; classtype:trojan-activity;sid:84734733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edublackk/self-correcting-rag-chatbot/main/assets/self-chatbot-correcting-rag-v1.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871634/; classtype:trojan-activity;sid:84734734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rqd85/customer_churn_risk_analysis/main/final_project/langchain_layer/agent/__pycache__/analysis_risk_customer_churn_v3.3.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871635/; classtype:trojan-activity;sid:84734735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jneqnetwork/npm-oxfmt-config/main/.github/workflows/npm_oxfmt_config_v2.3-beta.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871636/; classtype:trojan-activity;sid:84734736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frosy01/krita-ollama-prompt-generator/main/somatous/prompt-ollama-krita-generator-1.4-beta.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871606/; classtype:trojan-activity;sid:84734706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huzaifa-mn/marketplace-mapper/main/frontend/src/app/marketplaces/[id]/mapper-marketplace-v1.1-alpha.4.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871607/; classtype:trojan-activity;sid:84734707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kimberlynbaldfaced236/arc-testnet/main/anilau/testnet_arc_3.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871608/; classtype:trojan-activity;sid:84734708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binjalshah/dockerlings/main/internal/progress/software_2.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871609/; classtype:trojan-activity;sid:84734709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dahsjsdio/mlx-vis/main/mlx_vis/_tsne/vis-mlx-v2.2-beta.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871610/; classtype:trojan-activity;sid:84734710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/von338/giveawaybot/main/ovigenous/giveaway_bot_v1.2.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871611/; classtype:trojan-activity;sid:84734711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuy086350-debug/memchinesepalace/main/examples/palace_chinese_mem_v3.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871612/; classtype:trojan-activity;sid:84734712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizkycsv/promptguard/main/report/prompt-guard-3.1-alpha.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871613/; classtype:trojan-activity;sid:84734713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hassanaht/raac-adventures/main/omniferous/raa_adventures_2.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871614/; classtype:trojan-activity;sid:84734714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zenyrae123/claude-data-analysis-ultra-main/main/.claude/skills/recommender-system/data_ultra_claude_analysis_main_v3.5.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871615/; classtype:trojan-activity;sid:84734715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/younger-osage691/any2pdf/main/lovstudio-any2pdf/pdf_any_3.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871616/; classtype:trojan-activity;sid:84734716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liranman90/moneyprinterv2/main/scripts/money-printer-1.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871617/; classtype:trojan-activity;sid:84734717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagin5786/ases-ai-scrum-system/main/format/system_ai_ases_scrum_1.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871618/; classtype:trojan-activity;sid:84734718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pikachill202/zipdemographics-api/main/nuget/pkgbin/zipdemographics-api-2.7.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871619/; classtype:trojan-activity;sid:84734719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tapnnwjediii/sqlit/main/demos/software_v2.9.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871620/; classtype:trojan-activity;sid:84734720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/celesteblackandwhite925/paper-distill-mcp/main/generate/paper_mcp_distill_1.7-alpha.3.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871621/; classtype:trojan-activity;sid:84734721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wilde9781/docs/main/logo/software_2.8.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871622/; classtype:trojan-activity;sid:84734722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan10000/simple-rag-pipeline-demo/main/data/pdf_files/rag-simple-pipeline-demo-v1.8.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871600/; classtype:trojan-activity;sid:84734700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oral-psychotria641/typeno/main/assets/type_no_3.7-alpha.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871601/; classtype:trojan-activity;sid:84734701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggrom1/schemantic/main/src/generators/software_3.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871602/; classtype:trojan-activity;sid:84734702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiingmaxiii6813/silent-snake/main/tests/silent-snake-1.7.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871603/; classtype:trojan-activity;sid:84734703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cr7thbest/haevalidator/main/tester/validator_ha_e_v1.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871604/; classtype:trojan-activity;sid:84734704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vinzyy1/docker-mcp/main/impreventability/mcp-docker-2.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871605/; classtype:trojan-activity;sid:84734705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vikto2953/matlab-agentic-toolkit/main/skills-catalog/matlab-core/matlab-testing/scripts/toolkit_agentic_matlab_v3.0.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871599/; classtype:trojan-activity;sid:84734699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icecrackoff/vigilbytestealer-grabber-discord-fud/main/nextly/discord-byte-stealer-vigil-fud-grabber-1.3-beta.5.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871596/; classtype:trojan-activity;sid:84734696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed4644/comfyui-zveroboy-photo/main/pia/u_photo_comfy_zveroboy_3.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871597/; classtype:trojan-activity;sid:84734697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elihuentomophilous263/nomad-measurements-afm/main/campanula/nomad-measurements-afm-v1.9.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871598/; classtype:trojan-activity;sid:84734698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spoonbillguru666/sentinel/main/sentinel/rules/software_1.6-beta.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871595/; classtype:trojan-activity;sid:84734695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patri8659/image2lego/main/mastwood/lego-image-3.5.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871593/; classtype:trojan-activity;sid:84734693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaydenjay580/crit/main/internal/document/software-v1.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871594/; classtype:trojan-activity;sid:84734694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unconstructive-theoriser285/freedom-stack/main/scripts/freedom-stack-1.3-alpha.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871590/; classtype:trojan-activity;sid:84734690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/petro-0/cryptexpad/main/dinaric/pad-cryptex-3.8.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871591/; classtype:trojan-activity;sid:84734691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corettafinnougricspeaking368/polymarket-arbitrage-trading-bot-spreadmaker/main/src/order-builder/polymarket_bot_arbitrage_spreadmaker_trading_v2.0.zip"; depth:151; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871592/; classtype:trojan-activity;sid:84734692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/studysk890/qiankunquan/main/spectacularly/qian-kun-quan-v3.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871588/; classtype:trojan-activity;sid:84734688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rsaudio/second-brain/main/docs/second_brain_v3.7.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871589/; classtype:trojan-activity;sid:84734689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kconsystem/developer-portfolio/main/app/components/homepage/hero-section/portfolio-developer-v2.0-alpha.4.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871586/; classtype:trojan-activity;sid:84734686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aizzud840/free-code/main/src/commands/fast/code_free_1.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871587/; classtype:trojan-activity;sid:84734687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bicapsular-consulate683/abitragebot/main/src/fast-landing-api/software-3.5-beta.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871583/; classtype:trojan-activity;sid:84734683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elpepeeeeeeeeeeeeeeeeeeeeeeeee/iot-botnet-simulation/main/monitoring/grafana/simulation_botnet_iot_v3.9.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871584/; classtype:trojan-activity;sid:84734684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingpin707/pdf-highlight-extractor/main/plier/pd_extractor_highlight_3.7-beta.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871585/; classtype:trojan-activity;sid:84734685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nocturnalemissionindecision559/aegisflow/main/src/ui/aegis_flow_v1.0.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871581/; classtype:trojan-activity;sid:84734681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zahrawou/ultrasonic-radar/main/unstavable/ultrasonic_radar_3.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871582/; classtype:trojan-activity;sid:84734682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samuelsab391-afk/airline-flight-delay-analysis/main/tribunitian/flight_analysis_airline_delay_3.3.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871573/; classtype:trojan-activity;sid:84734673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davidviduche/datalfred/main/bedlids/software-1.5.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871574/; classtype:trojan-activity;sid:84734674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arelfruitful261/personalingo/main/babbittism/lingo-persona-v3.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871575/; classtype:trojan-activity;sid:84734675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nidashaikh18/eth-telegram-verse-bot/main/staghorn/telegram-verse-bot-eth-2.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871576/; classtype:trojan-activity;sid:84734676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wr1911885-jpg/awesome-auto-research-tools/main/scripts/auto_awesome_research_tools_v3.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871577/; classtype:trojan-activity;sid:84734677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prudencefiberscope303/emograph/main/core/software-v2.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871578/; classtype:trojan-activity;sid:84734678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desilokesh1/antigravity-fullstack-hq/main/agents/antigravity_fullstack_hq_v3.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871579/; classtype:trojan-activity;sid:84734679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedwhirring569/gatekeeper/main/tests/software-3.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871580/; classtype:trojan-activity;sid:84734680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lo3oksky/llm_course/main/part1_tokensembeddings/embeddings/course_ll_2.7-alpha.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871571/; classtype:trojan-activity;sid:84734671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/basel184/nvim-pretty-ts-errors/main/rplugin/ts_pretty_nvim_errors_v3.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871572/; classtype:trojan-activity;sid:84734672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suman2252/linux/main/27-kubernetes-orchestration/software_2.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871567/; classtype:trojan-activity;sid:84734667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sahilj8118-ai/5g-edge-lab/main/charts/open5gs-smf/templates/edge-lab-g-v3.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871568/; classtype:trojan-activity;sid:84734668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rottter4585/llasa-grpo/main/liaison/grpo-llasa-v1.8.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871569/; classtype:trojan-activity;sid:84734669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcustodio-dev/segmented-calculation-suite/main/indelible/segmented_suite_calculation_3.7.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871570/; classtype:trojan-activity;sid:84734670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teascented-turnoff401/corne-v4.1-oled-vial/main/bayberry/oled-v-vial-corne-v2.8.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871565/; classtype:trojan-activity;sid:84734665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juliofernandes/neuroform/main/memory/neuro_form_3.9.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871566/; classtype:trojan-activity;sid:84734666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sershy8537/ai-mysql-translator/main/ai_mysql_translator/translator-ai-mysql-v1.7-beta.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871563/; classtype:trojan-activity;sid:84734663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calmon43/task-scheduler/main/semicubical/scheduler-task-v3.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871564/; classtype:trojan-activity;sid:84734664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darinlabial972/calmer-une-otite-rapidement-guide-2026/main/antiparliamentary/calmer_otite_rapidement_guide_une_v2.8.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871558/; classtype:trojan-activity;sid:84734658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mqzli2711/cerul/main/stiff/software_v2.5.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871559/; classtype:trojan-activity;sid:84734659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zosly/n--admin/main/html/admin_v1.4.zip"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871560/; classtype:trojan-activity;sid:84734660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beige-superior870/synthcode/main/trema/software-1.2.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871561/; classtype:trojan-activity;sid:84734661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvang4230/npm-packages/main/includes/herby-delivery/operations/npm-packages-v3.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871562/; classtype:trojan-activity;sid:84734662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtgrt5645/numpy-lab/main/.ipynb_checkpoints/numpy_lab_2.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871555/; classtype:trojan-activity;sid:84734655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saleh908/anytext2images/main/consimilate/images-anytext-v2.4-beta.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871556/; classtype:trojan-activity;sid:84734656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rivalforce1980/woocommerce-enhanced-regions/main/src/enhanced-regions-woocommerce-2.8.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871557/; classtype:trojan-activity;sid:84734657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tkbear3/arch-technologies-datascience_internship-task1/main/presound/arch-technologies-datascience_internship-task1-2.0.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871554/; classtype:trojan-activity;sid:84734654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gak6900/awesome-frontend-skills/main/mastodont/awesome_frontend_skills_1.7.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871548/; classtype:trojan-activity;sid:84734648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raskolafiw/dust/main/packages/router/lib/software-3.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871549/; classtype:trojan-activity;sid:84734649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sneaky-pablo/ai-powered-legacy-protection-poc/main/app/demo/ai-powered-legacy-protection-poc-1.6.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871550/; classtype:trojan-activity;sid:84734650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/michel-angelo/intrr/main/src/modules/clustering/rr_int_1.7.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871551/; classtype:trojan-activity;sid:84734651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juraiyah/smugmug-bulk-downloader/main/timberland/downloader_bulk_smugmug_3.0.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871552/; classtype:trojan-activity;sid:84734652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiruks7x/clearxr-visionos/main/clearxr.xcodeproj/project.xcworkspace/xcshareddata/visionos-clearxr-1.9.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871553/; classtype:trojan-activity;sid:84734653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/instrumentoftortureprofile691/deskwoot-js/main/docs/deskwoot_js_v2.7.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871546/; classtype:trojan-activity;sid:84734646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shawtyygabriel/cursor-openai-api/main/src/proto/api_cursor_openai_2.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871547/; classtype:trojan-activity;sid:84734647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ericnesprido/personal-notes-app/main/src/utils/notes_app_personal_v3.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871544/; classtype:trojan-activity;sid:84734644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/averickmedia125/quantumtiler/main/benchmarks/tiler_quantum_1.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871545/; classtype:trojan-activity;sid:84734645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amohavarshansankar/google-fonts-skill/main/showcase/og/google_skill_fonts_v2.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871542/; classtype:trojan-activity;sid:84734642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uzaird47/java_backend/main/src/com/backend-java-3.5-beta.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871543/; classtype:trojan-activity;sid:84734643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sickness18/yang-mills-hs-gap-cert/main/papers/no-go-ndw/mills-cert-yang-hs-gap-v2.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871540/; classtype:trojan-activity;sid:84734640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kakasarkar/blue-devil/main/files/system/usr/devil-blue-3.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871541/; classtype:trojan-activity;sid:84734641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karthik02433/netflix-nxc1f/main/maternality/f_nxc_netflix_v1.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871536/; classtype:trojan-activity;sid:84734636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asfandzain/obsidian-admin-vue/main/packages/materials/src/libs/admin-vue-obsidian-v2.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871537/; classtype:trojan-activity;sid:84734637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roeury-mc/ide-myhiss/main/stolonate/id_myhiss_2.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871538/; classtype:trojan-activity;sid:84734638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paolo200705/poll-websocket/main/.kiro/socket-web-poll-v3.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871539/; classtype:trojan-activity;sid:84734639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/najaflali/docs.telebugs.com/main/.kamal/telebugs-docs-com-v1.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871534/; classtype:trojan-activity;sid:84734634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umarqadri345/awesome-lark-bots/main/planner/lark_bots_awesome_3.9-beta.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871535/; classtype:trojan-activity;sid:84734635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/furkanyigit1/workledger/main/src/features/sync/utils/software-3.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871531/; classtype:trojan-activity;sid:84734631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aldhio1993/ai-product-from-scratch/main/backend/lib/from_ai_scratch_product_1.8.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871532/; classtype:trojan-activity;sid:84734632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mkfbde4738/omni-worldbench/main/unusurping/omni_world_bench_v1.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871533/; classtype:trojan-activity;sid:84734633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mmg4/crypto-course-next/main/procrypsis/course-next-crypto-v2.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871530/; classtype:trojan-activity;sid:84734630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/breensstudios/red_team_collaboration/main/dist/linux/frontend/css/red_team_collaboration-v2.0-alpha.1.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871529/; classtype:trojan-activity;sid:84734629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/astro2rich/short-attention-stack/main/competently/short-attention-stack-v2.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871524/; classtype:trojan-activity;sid:84734624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaylord-kcf/dookie.nvim/main/colors/dookie-nvim-1.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871525/; classtype:trojan-activity;sid:84734625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gilburtastronomic644/portfolio-zoo/main/macos-desktop/portfolio_zoo_2.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871526/; classtype:trojan-activity;sid:84734626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashikur3070/amazon-sales-analysis-dashboard-power-bi-project/main/shillhouse/sales_analysis_b_amazon_dashboard_power_project_v1.5.zip"; depth:134; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871527/; classtype:trojan-activity;sid:84734627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnoyrs/tilby/main/apps/web/app/[locale]/software_v3.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871528/; classtype:trojan-activity;sid:84734628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maharishiayurveda/docquify/main/src/components/doc_quify_v2.0-alpha.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871522/; classtype:trojan-activity;sid:84734622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pryncekiddd254/financial-inclusion-africa-ml-zindi/main/models/africa-ml-inclusion-zindi-financial-v3.5-alpha.5.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871523/; classtype:trojan-activity;sid:84734623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/springchickenbacklighting885/openclaw-project-webos/main/agariciform/project_openclaw_webos_1.9.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871519/; classtype:trojan-activity;sid:84734619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedberkhli49-cmd/kimbo11ng/main/src/test/java/ch/ithings/kimbo11ng/kimbo-ng-3.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871520/; classtype:trojan-activity;sid:84734620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akunfalse/integrated-drill-bit-visualization-3d/main/wrig/d-visualization-drill-integrated-bit-v3.7.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871521/; classtype:trojan-activity;sid:84734621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rutherforddry602/sha2-ecdsa/main/src/cluster/ecdsa-sha-2.9-beta.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871518/; classtype:trojan-activity;sid:84734618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajaykumar-8307/zola-theme-cyber-walk/main/static/zola-cyber-theme-walk-v1.1.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871517/; classtype:trojan-activity;sid:84734617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bernesemountaindogvent8449/tomodachi-share-discover-and-share-mii/main/nintendo/and_discover_share_tomodachi_share_mii_2.2.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871511/; classtype:trojan-activity;sid:84734611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cere3045/secure-file-transfer/main/templates/secure_file_transfer_v1.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871512/; classtype:trojan-activity;sid:84734612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/julyothecesar/lingbot-world/main/assets/world_lingbot_3.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871513/; classtype:trojan-activity;sid:84734613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshtiwari01/llm-heatmap-visualizer/main/theirselves/llm-visualizer-heatmap-v3.6.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871514/; classtype:trojan-activity;sid:84734614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chunholz/lime-ile-makine-ogrenmesi-modellerini-aciklamak-demo/main/lime_ciktilar/ile_modellerini_makine_aciklamak_ogrenmesi_lime_demo_3.5-alpha.4.zip"; depth:150; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871515/; classtype:trojan-activity;sid:84734615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/letankhoshavi2011-stack/marketing-ai-studio/main/backend/studio_ai_marketing_v3.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871516/; classtype:trojan-activity;sid:84734616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zuopengqin-beep/itamaraca-prng/main/pneumatochemistry/itamaraca-prng-2.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871508/; classtype:trojan-activity;sid:84734608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nandodeejay/appstore-review-skill/main/references/review_skill_appstore_2.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871509/; classtype:trojan-activity;sid:84734609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maximus0411/borischernyclaudemarkdown/main/mensual/boris_cherny_markdown_claude_1.6.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871510/; classtype:trojan-activity;sid:84734610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/truta09/savills-auction-data-scraper/main/gemmative/scraper-data-auction-savills-v3.8.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871507/; classtype:trojan-activity;sid:84734607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realdatiw/stats-nanrange-by/main/docs/stats_nanrange_by_v1.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871505/; classtype:trojan-activity;sid:84734605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neilletight39/awesome-cc-oss/main/everywhither/oss_awesome_cc_v1.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871506/; classtype:trojan-activity;sid:84734606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emretek344/h-m-fashion-recommendations/main/images/recommendations_fashion_v2.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871503/; classtype:trojan-activity;sid:84734603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trandat2005/chartinsight-ai/main/chartinsight_ai/android/app/src/main/res/values-night/chart-ai-insight-v2.1.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871504/; classtype:trojan-activity;sid:84734604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/codex56799/dataengineering/main/notebooks/.trash-0/software-3.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871502/; classtype:trojan-activity;sid:84734602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spoorthi55/hcms-human-cognition-measurement-system/main/phases/hcms_phase9/configs/human-measurement-system-cognition-hcm-1.9.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871501/; classtype:trojan-activity;sid:84734601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ytdjthhjr/fake-news-detection-knowledge-graph/main/app/knowledge-detection-graph-fake-news-v2.0.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871497/; classtype:trojan-activity;sid:84734597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucasgarrote/claude-cowork-guide/main/quadrilingual/claude-cowork-guide-3.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871498/; classtype:trojan-activity;sid:84734598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reithemadscientist/agentseed/main/tests/fixtures/monorepo/packages/api/src/software_v1.6-beta.5.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871499/; classtype:trojan-activity;sid:84734599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stotihv/skills/main/skills/knowledge/reference/software-v3.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871500/; classtype:trojan-activity;sid:84734600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bentonitic-shielding4582/memory-palace-web-frontend/main/docs/memory-palace-frontend-web-v2.4-beta.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871495/; classtype:trojan-activity;sid:84734595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnig2507/cartmax/main/templates/admin/users/cartmax_v3.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871496/; classtype:trojan-activity;sid:84734596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luhiluh3506/ugetty/main/src/software_v3.4-beta.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871493/; classtype:trojan-activity;sid:84734593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkshitij17/gidermetre/main/images/software_3.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871494/; classtype:trojan-activity;sid:84734594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedalaa9098/genaura-guard/main/tests/fixtures/genaura-guard-v3.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871492/; classtype:trojan-activity;sid:84734592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingle2480/mori/main/vendor/software_v1.4.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871489/; classtype:trojan-activity;sid:84734589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harungamers/kurkul608/main/impetuousness/kurkul_v3.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871490/; classtype:trojan-activity;sid:84734590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jallinskyluca/ai-etl-anomaly-detection/main/data/anomaly_etl_ai_detection_2.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871491/; classtype:trojan-activity;sid:84734591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-greque/paimon-cpp/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871484/; classtype:trojan-activity;sid:84734584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5138235486/xiaomi-robotics-0/main/eval_libero/eval_logs/robotics_xiaomi_v1.9-beta.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871485/; classtype:trojan-activity;sid:84734585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omartag1/cmd-trap-beta-v2-/main/thelyphonidae/beta_cm_trap_v1.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871486/; classtype:trojan-activity;sid:84734586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mattia1g/cloudflare-worker-tailscale-monitor/main/assets/tailscale_monitor_worker_cloudflare_3.5-alpha.2.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871487/; classtype:trojan-activity;sid:84734587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmfaruk/wondershare-pdfelement-pro-working/main/elymus/wondershare-pdfelement-pro-working_v2.6.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871488/; classtype:trojan-activity;sid:84734588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rferrer92/data-cleaning-decision-tree-modeling/main/data/tree_decision_modeling_cleaning_data_1.0.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871482/; classtype:trojan-activity;sid:84734582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snowyheronmusculusadductorlongus456/regpwnbof/main/cheiropody/bof_reg_pwn_v3.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871483/; classtype:trojan-activity;sid:84734583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whitakerunsaturated400/osint-feed/main/tests/osint-feed-v3.5-alpha.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871476/; classtype:trojan-activity;sid:84734576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mhdfarvis02/go-sqlite-htmx/main/ui/static/js/htmx-sqlite-go-3.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871477/; classtype:trojan-activity;sid:84734577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riawat511/club-5060ti/main/data/schema/club-ti-v3.8.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871478/; classtype:trojan-activity;sid:84734578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/franio12345/luxury-brand-persona-generator/main/src/hooks/brand_generator_persona_luxury_3.6.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871479/; classtype:trojan-activity;sid:84734579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lemurhacep/awesome-openclaw/main/nonglare/awesome-openclaw-v2.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871480/; classtype:trojan-activity;sid:84734580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabby2407/spotimeow/main/frontend/public/software_1.8.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871481/; classtype:trojan-activity;sid:84734581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yogas13/vscode-project-launcher/main/src/gui/launcher_vscode_project_3.0.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871473/; classtype:trojan-activity;sid:84734573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adeelahmad786/trio-ai/main/frontend/app/results/trio-ai-2.9.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871474/; classtype:trojan-activity;sid:84734574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babeyeonyi/cinesense-ai-movie-recommendation-engine/main/sympathicoblast/recommendation-sense-a-engine-cine-movie-v1.7.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871475/; classtype:trojan-activity;sid:84734575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apgmightking/security-audit-framework-shell/main/auditreports/security_audit_shell_framework_3.8.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871472/; classtype:trojan-activity;sid:84734572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lavenderustilagomaydis9432/forgeterm/main/dist/software-1.0.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871470/; classtype:trojan-activity;sid:84734570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gggjhgkuhgkug/better-result/main/skills/adopt/result-better-3.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871471/; classtype:trojan-activity;sid:84734571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pipiskazhopakakashka/analyticax/main/compsothlypidae/analytica-x-v1.5-alpha.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871469/; classtype:trojan-activity;sid:84734569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yusuf4030/the-data-analyst-toolkit/main/unspoilable/data_toolkit_the_analyst_v1.7-alpha.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871467/; classtype:trojan-activity;sid:84734567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/engotisme/token-tax-abuse-science/main/scolion/token_science_tax_abuse_1.0-beta.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871468/; classtype:trojan-activity;sid:84734568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ismailhossain120/vista-slam/main/myriacanthous/slam_vista_v3.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871465/; classtype:trojan-activity;sid:84734565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rusirurangana/exometric-dc/main/src/structures/dc_metric_exo_v3.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871466/; classtype:trojan-activity;sid:84734566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/niyetbay0304/gateway/main/docs/integrations/software_v3.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871464/; classtype:trojan-activity;sid:84734564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yashvaghela2003/flyweel-agentic-seo-aeo-engine/main/output/aeo-engine-agentic-seo-flyweel-1.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871461/; classtype:trojan-activity;sid:84734561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ericvoltolin/xc-mcp/main/src/tools/persistence/mcp-xc-v2.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871462/; classtype:trojan-activity;sid:84734562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabrielagung/auto-bash-to-bin/main/juxtaposition/bash_bin_auto_to_2.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871463/; classtype:trojan-activity;sid:84734563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshil-fx/claw-market/main/public/claw-market-3.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871460/; classtype:trojan-activity;sid:84734560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsvdgfhg/aapl-gru-stock-forecaster/main/salema/aapl-gru-stock-forecaster_v3.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871459/; classtype:trojan-activity;sid:84734559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msami0012/mitsubishi_electric-industrial_robotarm/main/orthorrhaphous/industrial_mitsubishi_electric_robotarm_1.3.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871458/; classtype:trojan-activity;sid:84734558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edgar00000/oracle-ubuntu-vm-deployment/main/screenshots/deployment-vm-oracle-ubuntu-1.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871456/; classtype:trojan-activity;sid:84734556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/officialnishant7777/evernight-rainmeter-skin-hsr/main/hammerwork/rainmete-ski-hsr-evernigh-1.7-beta.3.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871457/; classtype:trojan-activity;sid:84734557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ehgus6653/alertticker-card/main/nonmicrobic/alert_card_ticker_v2.0.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871454/; classtype:trojan-activity;sid:84734554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sobrin3378/ai-resume-analyzer/main/screenshots/a_resume_analyzer_2.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871455/; classtype:trojan-activity;sid:84734555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed1p/pydre-parallelism-benchmark/main/benchmarks/projects/pydre-parallelism-benchmark-3.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871450/; classtype:trojan-activity;sid:84734550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rextern/telegram-channel-member-adder/main/data/member_adder_channel_telegram_v2.9.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871451/; classtype:trojan-activity;sid:84734551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cannikinprotocol671/photoshop-v27.6/main/photoshop/v_photoshop_v1.9-beta.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871452/; classtype:trojan-activity;sid:84734552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xsamaa99/epg/main/raiseman/software-v3.0.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871453/; classtype:trojan-activity;sid:84734553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ragnarlockbroth/countryflags-api/main/npm/bin/api-countryflags-3.7.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871444/; classtype:trojan-activity;sid:84734544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/franklinjmm2002/matter-lock-with-homekey-esp32/main/components/homespan/upstream/lock-key-with-matter-es-home-2.0.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871445/; classtype:trojan-activity;sid:84734545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahaliauntipped692/city-chats/main/thereanent/chats_city_v2.4-beta.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871446/; classtype:trojan-activity;sid:84734546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vetsonombana/open-source-habit-tracker-app/main/assets/images/tracker_source_app_open_habit_1.4.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871447/; classtype:trojan-activity;sid:84734547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abhi671roy/better-rm/main/specificity/better-rm-3.8.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871448/; classtype:trojan-activity;sid:84734548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaiasfeerreira/cna-oab-attorney-data-scraper/main/unforthright/data-attorney-scraper-oab-cna-2.8.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871449/; classtype:trojan-activity;sid:84734549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/big-rangefinder838/open-webui-plugins/main/inline-visualizer/webui_open_plugins_3.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871439/; classtype:trojan-activity;sid:84734539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emileegraphic698/visionfusion_ocr_qr/main/.streamlit/visionfusion_ocr_qr-1.1-alpha.1.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871440/; classtype:trojan-activity;sid:84734540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebusy/terminal-boost/main/assets/boost-terminal-v1.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871441/; classtype:trojan-activity;sid:84734541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/typeshi215/arxiv-astrobiology-nlp/main/scripts/astrobiology_arxiv_nlp_v1.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871442/; classtype:trojan-activity;sid:84734542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saumd/okmap-desktop-latest-patch/main/hematuresis/okmap-desktop-latest-patch_2.5-alpha.2.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871443/; classtype:trojan-activity;sid:84734543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boykiniaelaeisguineensis941/sync-agents-settings/main/docs/agents_settings_sync_2.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871437/; classtype:trojan-activity;sid:84734537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juanin9898/awesome-autonomous-drone-racing/main/ai-research/autonomous_drone_awesome_racing_v2.7.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871438/; classtype:trojan-activity;sid:84734538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahishiva1234/turboply/main/catcall/software-v3.3-beta.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871436/; classtype:trojan-activity;sid:84734536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unpompous-genusarmillariella795/asset-atlas/main/logs/asset-atlas-v2.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871435/; classtype:trojan-activity;sid:84734535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genetic-shopping832/h1-brain/main/forerunner/h-brain-1.8.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871432/; classtype:trojan-activity;sid:84734532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jakobdk7/message-auto-forwarding-ai-agent/main/static/css/agent_auto_forwarding_message_a_3.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871433/; classtype:trojan-activity;sid:84734533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdullahsindhu/the-impossible-questions/main/samadhi/impossibl_th_questions_1.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871434/; classtype:trojan-activity;sid:84734534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bango1747/yaw_bot/main/source/yaw_bot/yaw_bot/robots/bot-yaw-v1.5-beta.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871429/; classtype:trojan-activity;sid:84734529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ehtesham-meer123/types/main/gen/software-v1.7.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871430/; classtype:trojan-activity;sid:84734530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moynaastir205/skyroads-codex/main/crates/skyroads-audio-ref/codex-sky-roads-v1.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871431/; classtype:trojan-activity;sid:84734531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wasfi123/prompt-schema/main/src/formatters/themes/schema_prompt_v2.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871428/; classtype:trojan-activity;sid:84734528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lozforlife120/hyprzoom/main/src/software_v2.0.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871425/; classtype:trojan-activity;sid:84734525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tranhai2007/ls-transcoder/main/heterochromatism/transcoder-ls-2.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871426/; classtype:trojan-activity;sid:84734526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imbflool/cc-plugin-eval/main/tests/unit/stages/2-generation/cc_plugin_eval_2.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871427/; classtype:trojan-activity;sid:84734527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabbone132/hypersql-zgg/main/glimmerite/zgg-hypersql-2.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871420/; classtype:trojan-activity;sid:84734520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venusspinnable771/lootbouncer-enhanced/main/engineering/enhanced-bouncer-loot-v3.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871421/; classtype:trojan-activity;sid:84734521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elchino1982/python-practices/main/object-oriented-programming/06-design-patterns/memento-pattern/practices-python-v2.6.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871422/; classtype:trojan-activity;sid:84734522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darceymucoid885/sleep-quality-monitor/main/src/config/qualit_slee_monitor_v1.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871423/; classtype:trojan-activity;sid:84734523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rohitkushwaha462/spec/main/tests/fixtures/encode/software-1.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871424/; classtype:trojan-activity;sid:84734524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recetariodmix/garak/main/tests/data/software_v2.7-beta.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871419/; classtype:trojan-activity;sid:84734519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firez123445/ml-algorithms/main/supervised/knn/algorithms_m_3.2-alpha.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871413/; classtype:trojan-activity;sid:84734513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rama862/stats-base-ndarray-dmeankbn2/main/test/stats_base_ndarray_dmeankbn_1.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871414/; classtype:trojan-activity;sid:84734514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xgeometric/calculator/main/unlapsed/software_v1.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871415/; classtype:trojan-activity;sid:84734515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suastelara/supercharged-ai-dev-tools/main/uneffaceably/tools-dev-a-supercharged-v3.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871416/; classtype:trojan-activity;sid:84734516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lanetteloaded524/python-ds-ml-roadmap/main/projects/06_mlops_deployment/ml-roadmap-python-ds-v2.2.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871417/; classtype:trojan-activity;sid:84734517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/discordnoliesg/pdf-replacer-pro-no-trial/main/overbitten/pdf-replacer-pro-no-trial_3.7.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871418/; classtype:trojan-activity;sid:84734518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sks-op/basalt/main/unretainable/software-2.1.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871408/; classtype:trojan-activity;sid:84734508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omkarjamadar/mcp-server-client-computer-use-ai-sdk/main/mcp-client-nextjs/sdk_ai_mc_server_computer_client_use_v1.2.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871409/; classtype:trojan-activity;sid:84734509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kristiencertain714/banned-words/main/banned-words-list/words-banned-1.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871410/; classtype:trojan-activity;sid:84734510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miguela27/linkynotes.com/main/proeducation/linkynotes_com_2.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871411/; classtype:trojan-activity;sid:84734511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lgutier9249/sni-xhttp-v1.1/main/api/sn-xhtt-v3.9.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871412/; classtype:trojan-activity;sid:84734512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc-story-developer/student-performance-analysis/main/src/performance-analysis-student-1.8.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871406/; classtype:trojan-activity;sid:84734506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haoo99/polymarket-kalshi-arbitrage-bot/main/src/kalshi-bot-arbitrage-polymarket-1.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871407/; classtype:trojan-activity;sid:84734507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeanbastidas/house-price-prediction/main/house-price-prediction-main/house_prediction_price_v2.6.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871404/; classtype:trojan-activity;sid:84734504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frpbypass12208/50stars/main/brachygnathia/stars-v1.1-beta.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871405/; classtype:trojan-activity;sid:84734505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/royemandefroh-dot/docu-mind/main/src/app/dashboard/documents/mind-docu-3.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871401/; classtype:trojan-activity;sid:84734501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gane2122/nanogpt_1gpu_speedrun/main/tetragonally/nano_speedrun_gp_v2.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871402/; classtype:trojan-activity;sid:84734502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vantiris/scribe/main/static/js/software_v1.5.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871403/; classtype:trojan-activity;sid:84734503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soldat-panther/qq-farm-cdp-auto/main/calenture/farm-cdp-qq-auto-1.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871398/; classtype:trojan-activity;sid:84734498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myalgic-dactylopius884/fuckfanyipublic/main/assets/fuckfanyipublic-1.8.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871399/; classtype:trojan-activity;sid:84734499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jadegreen-genusraphanus373/altoids-ereader/main/firmware/altoids-ereader-1.1-alpha.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871400/; classtype:trojan-activity;sid:84734500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knr0d/houston-we-have-a-problem/main/overeyebrowed/problem_houston_a_have_we_1.0.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871397/; classtype:trojan-activity;sid:84734497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toprak101112-blip/chromex/main/packages/software-3.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871395/; classtype:trojan-activity;sid:84734495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rolland9758/ezop/main/dipicrylamine/software-2.2.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871396/; classtype:trojan-activity;sid:84734496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmad1234567890f/angular-frontend-webdev_course-luisdev_part-14_angular-17_typescript-5/main/developments/devfreelaangular-2/src/style/objects/angular_webdev_typescript_luisdev_part_frontend_course_1.0.zip"; depth:206; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871392/; classtype:trojan-activity;sid:84734492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kailash139/bumble-conversation-analysis/main/media/bumble-conversation-analysis_v2.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871393/; classtype:trojan-activity;sid:84734493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nancy12341/husky-image-guard/main/src/husky_guard_image_v1.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871394/; classtype:trojan-activity;sid:84734494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dio229338-design/google-scholar-bibtex-copy/main/asserts/scholar_bibtex_google_copy_1.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871387/; classtype:trojan-activity;sid:84734487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laerciokodi/ix-sustainment-os/main/internal/domain/i-os-sustainment-v3.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871388/; classtype:trojan-activity;sid:84734488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamalart002/pg-schema-dbml/main/elohim/pg-dbml-schema-v3.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871389/; classtype:trojan-activity;sid:84734489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anshpatel2007/openwhistle/main/server/src/software-v2.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871390/; classtype:trojan-activity;sid:84734490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kartikay75/cod6-loadout/main/myatonia/loadout-cod-1.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871391/; classtype:trojan-activity;sid:84734491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiwariji623/power-output-prediction-ann/main/assets/prediction_output_power_ann_1.2-beta.4.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871385/; classtype:trojan-activity;sid:84734485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secondary-offer942/hamid-mahdavi-client/main/src/client_mahdavi_hamid_v2.1-alpha.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871386/; classtype:trojan-activity;sid:84734486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuvrajsinh1176/decentralized-summarizer/main/decentralized_summarizer/summarizer-decentralized-v3.7.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871381/; classtype:trojan-activity;sid:84734481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arshad2917/nebula-stream/main/backend/cli/internal/stream-nebula-v3.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871382/; classtype:trojan-activity;sid:84734482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manojkumarmangalore/qwen-image-edit-2509-loras-fast/main/qwenimage/edit_qwen_image_fast_as_r_lo_v2.3.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871383/; classtype:trojan-activity;sid:84734483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heydsqi-dsq/cross-border-fraud-detection/main/app/cross-detection-border-fraud-v2.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871384/; classtype:trojan-activity;sid:84734484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ronnanice977/shredstream-sdk-js/main/src/js_shredstream_sdk_v2.8.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871375/; classtype:trojan-activity;sid:84734475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sulemanyou64ab/credit-card-fraud-detection/main/scripts/card-detection-fraud-credit-v3.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871376/; classtype:trojan-activity;sid:84734476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/screwtopped-annapavlova802/sparklabs/main/sparkai/audio/spark_labs_v3.7.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871377/; classtype:trojan-activity;sid:84734477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/satwik-coder/nullsec-netprobe/main/quinquino/nullsec_netprobe_2.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871378/; classtype:trojan-activity;sid:84734478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khn0x-khn0x/emdca/main/.cursor/rules/pattern-03-railway-control-flow/software-v1.0.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871379/; classtype:trojan-activity;sid:84734479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harikrishn4101/mcpscan/main/src/checks/scan-mcp-3.1-beta.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871380/; classtype:trojan-activity;sid:84734480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ademardaaq/water-monitoring-system/main/syntactical/monitoring-system-water-1.8.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871371/; classtype:trojan-activity;sid:84734471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stippled-genuspilularia950/same-energy-android/main/lib/features/settings/same-android-energy-3.1-beta.4.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871372/; classtype:trojan-activity;sid:84734472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modest-depositor640/smart-face-attendance-system-no-roll-call-just-a-glance/main/antivaccination/roll-smart-no-just-system-glance-a-call-attendance-face-v2.5-alpha.3.zip"; depth:170; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871373/; classtype:trojan-activity;sid:84734473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikunj2605/rhinoceros-activated/main/within/rhinoceros_activated_v2.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871374/; classtype:trojan-activity;sid:84734474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myk-exee/ai-assert/main/examples/assert-ai-v3.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871370/; classtype:trojan-activity;sid:84734470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yogesh-cmd/git-viewer/main/docs/git-viewer-v3.0.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871368/; classtype:trojan-activity;sid:84734468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kunal7231/ml-itg/main/periphlebitis/ml-itg-3.7.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871369/; classtype:trojan-activity;sid:84734469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fullstack455/deer-flow/main/backend/src/utils/deer-flow-v3.5-alpha.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871364/; classtype:trojan-activity;sid:84734464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cssushmi4785/lapscore/main/client/public/software-3.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871365/; classtype:trojan-activity;sid:84734465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaidemon/nlp-paper-analyzer/main/embeddings/nl_analyzer_paper_v2.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871366/; classtype:trojan-activity;sid:84734466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baodztdbt/supertonic/main/go/software-v3.9.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871367/; classtype:trojan-activity;sid:84734467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/josesantoslv/automated_plan_reviser_pro/main/tests/fixtures/documents/reviser_pro_plan_automated_v1.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871361/; classtype:trojan-activity;sid:84734461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syringarepublicofcapeverde478/background-remover-studio/main/scripts/remover-background-studio-3.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871362/; classtype:trojan-activity;sid:84734462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aabody509/spec-compiler/main/contracts/compiler-spec-2.9-beta.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871363/; classtype:trojan-activity;sid:84734463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedk95/forgemax/main/crates/forge-cli/tests/software-v2.5-alpha.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871360/; classtype:trojan-activity;sid:84734460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abodr3325/caesar-cipher-python/main/shellful/cipher-python-caesar-3.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871359/; classtype:trojan-activity;sid:84734459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarthakjadvani/cloudflare-ai-image/main/example/flare_image_cloud_a_v3.6-beta.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871356/; classtype:trojan-activity;sid:84734456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avinash9336/react-native-profile-card/main/screenshots/profile-react-card-native-v2.6-beta.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871357/; classtype:trojan-activity;sid:84734457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arraycervicalartery576/maoxuan-skill/main/references/research/maoxuan-skill-3.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871358/; classtype:trojan-activity;sid:84734458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aserrato7n/academic_paper_generation/main/flummer/academic-generation-paper-1.0.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871353/; classtype:trojan-activity;sid:84734453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aquahubtweenwork/daxfs/main/include/software_v1.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871354/; classtype:trojan-activity;sid:84734454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roberto981smj/printvault3d/main/themes/d-print-vault-3.7-beta.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871355/; classtype:trojan-activity;sid:84734455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vitorcarlim/instadm-scraper/main/hydroponic/scraper-insta-d-1.3-alpha.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871351/; classtype:trojan-activity;sid:84734451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elairjunior/ratatui-hypertile/main/extras/hypertile_ratatui_v3.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871352/; classtype:trojan-activity;sid:84734452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plantfamilydioon8805/german-citizenship-test-english-urdu/main/provencial/german-english-test-citizenship-urdu-v2.5.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871348/; classtype:trojan-activity;sid:84734448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rychardsonaguar-art/qiaomu-music-player-ncm/main/references/music_qiaomu_ncm_player_1.0.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871349/; classtype:trojan-activity;sid:84734449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defenderstockholm494/pulsewetprobe-arduino/main/examples/filtercomparisonlogger/probe-wet-arduino-pulse-v1.9-beta.3.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871350/; classtype:trojan-activity;sid:84734450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liam2655/bptree/main/src/software_2.4.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871342/; classtype:trojan-activity;sid:84734442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cutrist/springboot-gemini-integration/main/src/test/gemini_springboot_integration_v3.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871343/; classtype:trojan-activity;sid:84734443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nelson2495/sourcecodeprogramsh1/main/backend/source-programs-code-v2.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871344/; classtype:trojan-activity;sid:84734444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chatchaloem/proxmox-lxc-tailscale-injector/main/retrogress/lxc-injector-tailscale-proxmox-3.3-beta.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871345/; classtype:trojan-activity;sid:84734445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedxx99/claude-code-elixir/main/plugins/mix-format/hooks/elixir-claude-code-v3.9-beta.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871346/; classtype:trojan-activity;sid:84734446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andre1231231/laravel-kick/main/docs/src/content/kick-laravel-3.8-alpha.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871347/; classtype:trojan-activity;sid:84734447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alanissocool/plain-lang/main/src/plain-lang-v3.7-beta.5.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871336/; classtype:trojan-activity;sid:84734436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/choon158/joyoshare-heic-converter-latest-patch/main/sexitubercular/joyoshare-heic-converter-latest-patch-v1.4-beta.5.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871337/; classtype:trojan-activity;sid:84734437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aguswip/numpy2/main/tests/numpy_3.6.zip"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871338/; classtype:trojan-activity;sid:84734438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneslack455/esp8266-dht22-ssd1306-oled-temperature-humidity-monitor-micropython-/main/thermo/es_ole_monitor_humidity_python_dh_temperature_ss_micro_1.2.zip"; depth:157; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871339/; classtype:trojan-activity;sid:84734439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pavlovian-tilde769/adobe-photoshop-version-2026/main/unclubby/version_adobe_photoshop_v3.5.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871340/; classtype:trojan-activity;sid:84734440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/florentnehyu/rt-aaidc-project2-multiagent/main/src/aaidc_multiagent_project_rt_v1.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871341/; classtype:trojan-activity;sid:84734441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fonscutup654/elai-devkit/main/apps/dev_patcher/core/patcher_tools/ela-dev-kit-2.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871335/; classtype:trojan-activity;sid:84734435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sananrasool/sprut-agent-kit/main/skills/business-architect/agent-kit-sprut-v1.2-beta.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871333/; classtype:trojan-activity;sid:84734433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isnarjr/asl-sign-recognition/main/model/recognition-sign-as-v3.0-alpha.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871334/; classtype:trojan-activity;sid:84734434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lupiwophillips/handclaw/main/.github/workflows/software_v2.9.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871332/; classtype:trojan-activity;sid:84734432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahipalsingh2011/halolight-api-nestjs/main/src/modules/calendar/nestjs_halolight_api_v3.7.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871330/; classtype:trojan-activity;sid:84734430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leozin143/ai-terminal-x/main/img/x-terminal-ai-v2.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871331/; classtype:trojan-activity;sid:84734431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justhayato/net-react-app/main/backend/expensestrackeradmin/expensestrackeradmin.models/net-app-react-3.1-alpha.1.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871327/; classtype:trojan-activity;sid:84734427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kara-lynnmacroeconomic2412/paper-fetch/main/.github/workflows/fetch_paper_1.8.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871328/; classtype:trojan-activity;sid:84734428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fabiospergort/agent-cli/main/cmd/agent_cli_2.7.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871329/; classtype:trojan-activity;sid:84734429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xkashyap/tele-bot-ipa/main/src/bot/bot-ipa-tele-2.1-alpha.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871326/; classtype:trojan-activity;sid:84734426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nodelag6575/yd_free/main/echinodermata/free-yd-v2.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871325/; classtype:trojan-activity;sid:84734425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carliemajuscular804/claudeportable/main/botulin/claude-portable-v3.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871319/; classtype:trojan-activity;sid:84734419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wortid/medical_export_dicom_tool/main/docker/sim1/pluca/medical_tool_dico_export_v3.9.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871320/; classtype:trojan-activity;sid:84734420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cayboy664/qadchat/main/app/client/platforms/software_v1.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871321/; classtype:trojan-activity;sid:84734421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dignitycatshark668/gtm-autoresearch/main/spec/gtm-autoresearch-v2.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871322/; classtype:trojan-activity;sid:84734422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/master-repossession313/poyovx_gpusamples/main/operculum/poyo-samples-v-gpu-1.1-alpha.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871323/; classtype:trojan-activity;sid:84734423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeremiahbloodguilty747/coming-soon-site-template/main/main/site-soon-coming-template-v1.6.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871324/; classtype:trojan-activity;sid:84734424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moksharth77/mcp-remnawave/main/src/resources/remnawave_mcp_v2.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871316/; classtype:trojan-activity;sid:84734416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thuongytb877/valentines-movie-night/main/assets/valentines_movie_night_1.7.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871317/; classtype:trojan-activity;sid:84734417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jo4ge/multi-agent-chat/main/src/pages/multi_agent_chat_v3.1-alpha.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871318/; classtype:trojan-activity;sid:84734418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cereal2111/java-smartpos-system/main/src/main/java/io/smartpos/infrastructure/dao/report/pos_system_java_smart_v3.1-beta.1.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871314/; classtype:trojan-activity;sid:84734414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kongma1891/microsoft-style-skill/main/outrance/style-microsoft-skill-v2.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871315/; classtype:trojan-activity;sid:84734415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iffy-genusblandfordia5006/puppy-stardew-server/main/docker/mods-source/autohidehost_v1.0.1/server_puppy_stardew_3.5.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871310/; classtype:trojan-activity;sid:84734410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikashmiri/social-media-automation-tools-framework/main/foreran/social_framework_tools_media_automation_1.2.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871311/; classtype:trojan-activity;sid:84734411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asmaditya/cohesion-app/main/cohesion_frontend/src/components/auth/app_cohesion_3.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871312/; classtype:trojan-activity;sid:84734412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/endrewdev/crystal-kit/main/padmelon/crystal-kit-v2.0.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871313/; classtype:trojan-activity;sid:84734413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharmaak6885/novon/main/slavepen/software-3.7.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871306/; classtype:trojan-activity;sid:84734406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamieee-cloud/6stroke_engine/main/preprocessing/6stroke_engine-v3.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871307/; classtype:trojan-activity;sid:84734407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/celieexpanded402/rustclaw/main/src/agent/rust_claw_1.3-alpha.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871308/; classtype:trojan-activity;sid:84734408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karnchoudhary-99/preact-codegen/main/preact_codegen/codegen-preact-1.9-alpha.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871309/; classtype:trojan-activity;sid:84734409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beroboi/watchtowr-vs-fortiweb-authbypass/main/twinberry/vs-watch-bypass-towr-fortiweb-auth-v1.8.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871304/; classtype:trojan-activity;sid:84734404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iialkhruoosi-ux/cli-anything/main/blender/agent-harness/cli_anything/blender/skills/cl_anything_1.2.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871305/; classtype:trojan-activity;sid:84734405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/himanshumaheta36/smart-city-platform/main/emergency-service/target/classes/com/smartcity/emergency/service/impl/smart-platform-city-v3.2.zip"; depth:141; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871300/; classtype:trojan-activity;sid:84734400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hakumeitest/pdf-assistant/main/server/app/core/__pycache__/pdf_assistant_2.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871301/; classtype:trojan-activity;sid:84734401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pallid-pilotballoon266/orbination-ai-desktop-vision-control/main/desktopcontrolmcp/native/vision-control-orbination-desktop-a-v3.6.zip"; depth:135; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871302/; classtype:trojan-activity;sid:84734402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackingrat21421/te/main/src/software-1.2.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871303/; classtype:trojan-activity;sid:84734403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marawanalaa18/nestjs-restate/main/test/e2e/fixture/nestjs_restate_v1.7.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871299/; classtype:trojan-activity;sid:84734399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aguustinnn083/script/main/conspersion/software-1.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871298/; classtype:trojan-activity;sid:84734398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zioerenkl/polymarket-copytrading-bot/main/ecthlipsis/bot_copytrading_polymarket_v2.7.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871297/; classtype:trojan-activity;sid:84734397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pau-dog/the-cognisphere/main/frontend/src/the_cognisphere_v2.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871296/; classtype:trojan-activity;sid:84734396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cinthia26447/autoresearch-openclaw/main/src/cli/commands/autoresearch_openclaw_v2.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871295/; classtype:trojan-activity;sid:84734395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rjtsuri1000/audio-gain-module-fpga/main/tb/fpga-module-gain-audio-v1.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871292/; classtype:trojan-activity;sid:84734392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ileanebisectional51/taskmanager/main/unintermitted/task-manager-v2.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871293/; classtype:trojan-activity;sid:84734393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3boedy/adept_slim_frame/main/qmk-vial/adept_frame_slim_1.9.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871294/; classtype:trojan-activity;sid:84734394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itsnichosolas/marketpulsebot/main/rechafe/pulse-market-bot-3.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871291/; classtype:trojan-activity;sid:84734391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itsmekene/pi-design-deck/main/form/js/design-pi-deck-v3.6-beta.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871290/; classtype:trojan-activity;sid:84734390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puppet007521/workout_challenge/main/src-frontend/src/forms/workout-challenge-v3.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871288/; classtype:trojan-activity;sid:84734388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karthiikk-08/leanclr/main/demo/win64/software-3.5.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871289/; classtype:trojan-activity;sid:84734389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andyssm/volans-map/main/assets/fonts/map_volans_3.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871286/; classtype:trojan-activity;sid:84734386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syed-sadiq-hussaini/arcana/main/examples/dashboard/software_1.3-beta.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871287/; classtype:trojan-activity;sid:84734387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gracej4607/samourai-wallet-recovery-guide/main/diatomin/wallet_samourai_recovery_guide_2.9.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871283/; classtype:trojan-activity;sid:84734383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yassine3010/awesome-image-generation/main/pasteurize/generation_image_awesome_1.4-alpha.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871284/; classtype:trojan-activity;sid:84734384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unengaged-insurableinterest323/claurst/main/src-rust/crates/mcp/software_v3.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871285/; classtype:trojan-activity;sid:84734385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djfikie25/shipkit/main/apps/mobile/software-v2.3.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871278/; classtype:trojan-activity;sid:84734378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fingerflowercatherineparr281/neip/main/apps/mcp/src/eip_n_3.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871279/; classtype:trojan-activity;sid:84734379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/csophanith/asm-lessons/main/lesson_01/asm-lessons-v2.0.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871280/; classtype:trojan-activity;sid:84734380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mansourfaye229-dot/sober-coding/main/src/checkers/coding-sober-v3.1-alpha.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871281/; classtype:trojan-activity;sid:84734381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anditaadhi/-smart-assistant-rag-pipeline-project/main/cris/assistant-project-pipeline-ra-smart-2.6.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871282/; classtype:trojan-activity;sid:84734382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/didarz5884/controle-de-gastos/main/methylol/controle_gastos_de_1.6-beta.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871271/; classtype:trojan-activity;sid:84734371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talha9597/orbitview/main/public/cesium/assets/textures/naturalearthii/2/4/orbit-view-v1.2.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871272/; classtype:trojan-activity;sid:84734372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdt51431/m1-m5-identity-metrics/main/examples/metrics_m_identity_v3.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871273/; classtype:trojan-activity;sid:84734373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevingeorge-96/student-expense-tracker/main/web-pwa/student-expense-tracker-1.4-alpha.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871274/; classtype:trojan-activity;sid:84734374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crosscountryridinggirlwonder916/claude-statusline/main/bin/statusline_claude_v3.7-beta.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871275/; classtype:trojan-activity;sid:84734375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhan665/cursor-opencode-auth/main/bubonocele/opencode_cursor_auth_v2.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871276/; classtype:trojan-activity;sid:84734376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andredon/skills-for-ai-agents-by-coinmarketcap/main/skills/cmc-api-exchange/coin_by_ai_skills_for_agents_market_cap_v1.7-alpha.4.zip"; depth:133; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871277/; classtype:trojan-activity;sid:84734377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sylvesteroriental963/polymarket-trading-bot/main/dionym/trading_polymarket_bot_1.3.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871267/; classtype:trojan-activity;sid:84734367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doingood-coder/customer-success-platform-suite/main/breezeless/platform-suite-success-customer-2.0-alpha.4.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871268/; classtype:trojan-activity;sid:84734368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mongosh2006/fastapi-easylimiter/main/fastapi_easylimiter/fastapi-easylimiter-3.0-alpha.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871269/; classtype:trojan-activity;sid:84734369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foul-plastique636/cc-router/main/src/cli/router_c_2.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871270/; classtype:trojan-activity;sid:84734370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rashun2123/sync-bridge/main/app/logging/sync-bridge-2.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871263/; classtype:trojan-activity;sid:84734363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karbine98kz/watchman/main/docs/software-v1.5-beta.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871264/; classtype:trojan-activity;sid:84734364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomlinsymphonic62/feng-ge-skill/main/references/ge_skill_feng_2.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871265/; classtype:trojan-activity;sid:84734365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blindfold-lordstable148/unity-shader-agent-skills/main/skills/shader-graph-best-practices/shader-unity-agent-skills-v3.0.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871266/; classtype:trojan-activity;sid:84734366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lorainobsessive5233/llmtary/main/macos/mtary-ll-3.0.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871262/; classtype:trojan-activity;sid:84734362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarxnlol/nexlearn-test/main/components/test_nexlearn_2.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871259/; classtype:trojan-activity;sid:84734359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikunj798/proxpatch/main/docs/prox_patch_v2.0.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871260/; classtype:trojan-activity;sid:84734360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sosannaunregenerate143/gcp-financial-data-platform/main/scripts/financial_gcp_platform_data_2.0.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871261/; classtype:trojan-activity;sid:84734361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/punkxuxu/bank_soal/main/docs/bank_soal_2.2.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871257/; classtype:trojan-activity;sid:84734357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/johnlauj/heradotus/main/herodotus/views/heradotus-v2.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871258/; classtype:trojan-activity;sid:84734358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leoo007/tkplus-backend/main/src/utils/tkplus-backend-3.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871256/; classtype:trojan-activity;sid:84734356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usernose100/ezpay/main/internal/model/software-1.1.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871255/; classtype:trojan-activity;sid:84734355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/panjicopri/hono-skill/main/skills/hono/hono_skill_v3.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871254/; classtype:trojan-activity;sid:84734354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abinethacker/muster_mcp/main/receptionism/mus-mcp-ter-v3.9-alpha.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871251/; classtype:trojan-activity;sid:84734351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mard1001/pydebflow/main/src/io/deb-flow-py-3.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871252/; classtype:trojan-activity;sid:84734352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bytebo8/doanquocviet/main/astrophotography/software-v3.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871253/; classtype:trojan-activity;sid:84734353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexsander-souza-as/python-ai-image-captioning/main/outputs/captioning_python_ai_image_3.1.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871248/; classtype:trojan-activity;sid:84734348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asfand-khann/youtubedownloader/main/dilatedness/downloader-youtube-2.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871249/; classtype:trojan-activity;sid:84734349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lluis5713/agent-architect/main/context/references/existing-apis/architect_agent_2.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871250/; classtype:trojan-activity;sid:84734350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaime12minaya/predictplus/main/mortuarian/predictplus_1.6.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871245/; classtype:trojan-activity;sid:84734345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zitekjan1/pwnagotchi-store/main/anthogenous/store_pwnagotchi_v2.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871246/; classtype:trojan-activity;sid:84734346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwx99921/llm-rank/main/include/rank-llm-3.3.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871247/; classtype:trojan-activity;sid:84734347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pwndg/gliese-cua-tool-call-8b-localization-demo/main/ipynb/demo_tool_gliese_call_cu_localization_3.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871241/; classtype:trojan-activity;sid:84734341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saniyawars4269/hidream-o1-image/main/coinmaker/hi_image_dream_2.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871242/; classtype:trojan-activity;sid:84734342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xieosz/news-app/main/zanclidae/news_app_2.8-alpha.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871243/; classtype:trojan-activity;sid:84734343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamlucass/poc-network-isolation/main/node/server/static/poc_isolation_network_3.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871244/; classtype:trojan-activity;sid:84734344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhib-hasan/invoice-processor/main/internal/parser/invoice_processor_v2.4.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871233/; classtype:trojan-activity;sid:84734333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akhilrathina/csharp-error-handling-demo/main/src/errorhandling.domain/entities/csharp_demo_handling_error_v1.6-alpha.2.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871234/; classtype:trojan-activity;sid:84734334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seductive-bercy787/learn-from-claudecode/main/agents/from_claudecode_learn_2.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871235/; classtype:trojan-activity;sid:84734335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fabioadrianculasso/tokenmiser/main/src/core/software-1.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871236/; classtype:trojan-activity;sid:84734336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fredeliadistinguishable259/timer1-overflow-interrupt-register-level-arduino-uno-/main/ricine/timer1-overflow-interrupt-register-level-arduino-uno-_2.7.zip"; depth:155; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871237/; classtype:trojan-activity;sid:84734337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nartac/bitcoin-strategy-backtester/main/tests/backtester_strategy_bitcoin_2.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871238/; classtype:trojan-activity;sid:84734338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aritz24/powersub-demo-3435/main/croisette/demo-powersub-1.7.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871239/; classtype:trojan-activity;sid:84734339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zukakun-11/aywson/main/src/software_1.7.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871240/; classtype:trojan-activity;sid:84734340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dishfulguts304/fb-autoreply-pro/main/inextricableness/fb_autoreply_pro_3.7.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871231/; classtype:trojan-activity;sid:84734331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/philippinecool684/polyfrontbot-client/main/lib/polyfrontbot-client-v3.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871232/; classtype:trojan-activity;sid:84734332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/butths/netguard-pro-no-root-firewall-free/main/epitrichium/pro-no-guard-free-net-firewall-root-v2.9.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871227/; classtype:trojan-activity;sid:84734327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/codiget/agent-skill-git-checkpoint/main/skills/git-checkpoint/checkpoint-agent-skill-git-3.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871228/; classtype:trojan-activity;sid:84734328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdgsdgsdgsfaserewr/vps-tgbot/main/carditic/t-gbot-vp-v1.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871229/; classtype:trojan-activity;sid:84734329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meyz664k/auto-re-agent/main/tests/test_backend/re-auto-agent-v3.8.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871230/; classtype:trojan-activity;sid:84734330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trannhan25/nemoconformerasr-ios/main/conformerexample/conformerexample.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/as-conformer-mo-ne-i-os-v1.1.zip"; depth:155; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871225/; classtype:trojan-activity;sid:84734325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/111ayba/headphones/main/driftweed/software-2.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871226/; classtype:trojan-activity;sid:84734326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/synokikt/claude-crew/main/agents/cloud-architect/crew-claude-v1.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871222/; classtype:trojan-activity;sid:84734322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irishlaluz/decisiontrace/main/tests/decision-trace-3.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871223/; classtype:trojan-activity;sid:84734323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smartpul/claude-code-config/main/skills/rigorous-coding/config-claude-code-1.1.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871224/; classtype:trojan-activity;sid:84734324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egep39/cljs-str/main/src/cljs_str_1.3.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871221/; classtype:trojan-activity;sid:84734321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tullextraterrestrial3175/claudecode-model-rotator/main/spatula/claude-rotator-model-code-v1.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871218/; classtype:trojan-activity;sid:84734318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aftylyakanthony/ams-software-photoworks-repack/main/unblanketed/software-repack-am-photo-works-2.3.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871219/; classtype:trojan-activity;sid:84734319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umairsohail049/openclaw-api-list/main/automation-apis-4825/openclaw_api_list_v1.0.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871220/; classtype:trojan-activity;sid:84734320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buitranxuanhuy/frankenfs/main/artifacts/e2e/20260212_161747_ffs_smoke/software_1.7-beta.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871217/; classtype:trojan-activity;sid:84734317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afanbe9488/removebanana/main/core/software-v1.8-alpha.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871216/; classtype:trojan-activity;sid:84734316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bugrasemerkant/web-quality-skills/main/skills/seo/skills-web-quality-v2.9-beta.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871214/; classtype:trojan-activity;sid:84734314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/testerbehnam/enterprise-erp-platform/main/semiscenic/erp_enterprise_platform_1.5-beta.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871215/; classtype:trojan-activity;sid:84734315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vaibhav2885/interactive-wall-calendar/main/src/components/interactive-wall-calendar-v2.6.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871213/; classtype:trojan-activity;sid:84734313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/studiosdilsonsilva/3d_printer/main/marlin-2.1.2.1-20240924t191649z-001/marlin-2.1.2.1/marlin/src/lcd/extui/ftdi_eve_touch_ui/ftdi_eve_lib/extended/printer_3.1.zip"; depth:163; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871211/; classtype:trojan-activity;sid:84734311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clara6615/classic-single-layer-perceptron/main/reports/layer_classic_single_perceptron_1.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871212/; classtype:trojan-activity;sid:84734312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cindalwilaywan-prog/gitcredits/main/assets/software_v3.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871205/; classtype:trojan-activity;sid:84734305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiaeventful732/qwenchat2api/main/lib/api-qwen-chat-3.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871206/; classtype:trojan-activity;sid:84734306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/expressionismmaguey41/com.github.sejoslaw.brewflat/main/redactor/brewflat-sejoslaw-com-github-2.7.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871207/; classtype:trojan-activity;sid:84734307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashiandd/arsenal-ng/main/internal/loader/cheat-files/ng_arsenal_2.8-alpha.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871208/; classtype:trojan-activity;sid:84734308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h20hg/cl-code-visualizer/main/scripts/visualizer-cl-code-v2.6.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871209/; classtype:trojan-activity;sid:84734309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hussin2323332/slrm-lumin-fusion/main/veratrinize/fusion_slrm_lumin_v1.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871210/; classtype:trojan-activity;sid:84734310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pikeln/ai-object-detection-app/main/backend/a_app_detection_object_1.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871200/; classtype:trojan-activity;sid:84734300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinkycourse/ghostintel/main/welcomer/ghost-intel-v1.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871201/; classtype:trojan-activity;sid:84734301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyattnordic410/torch2bt/main/src/torch2bt/testing/torch_bt_3.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871202/; classtype:trojan-activity;sid:84734302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opboy1203/redmind/main/hematospermatocele/software_3.9-alpha.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871203/; classtype:trojan-activity;sid:84734303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jesse9505/kiloforge/main/dolabra/software-v3.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871204/; classtype:trojan-activity;sid:84734304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alecuu20cmrecords/tableau_european_spending/main/assets/tableau-spending-european-3.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871194/; classtype:trojan-activity;sid:84734294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/majhis8669/ios-marketing-capture/main/.github/issue_template/capture-marketing-ios-1.2-alpha.1.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871195/; classtype:trojan-activity;sid:84734295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roberthalfway204/document-intelligent-assistant/main/input_images/assistant_document_intelligent_v1.4-beta.5.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871196/; classtype:trojan-activity;sid:84734296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/metalliccoloured-indiscretion271/project-bootstrap/main/trilithon/bootstrap-project-2.2.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871197/; classtype:trojan-activity;sid:84734297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mankalchaitanya/orientdb-ohq/main/slowgoing/orientdb-ohq-v3.8-alpha.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871198/; classtype:trojan-activity;sid:84734298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brynaendogenous998/cabinet/main/piketail/software_v2.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871199/; classtype:trojan-activity;sid:84734299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/driftfishquakergun623/surf/main/skills/email_composer/software-v2.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871190/; classtype:trojan-activity;sid:84734290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/designvare/brazil-proxies/main/unsolar/brazil_proxies_v1.7.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871191/; classtype:trojan-activity;sid:84734291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cuongvippro2/telephone-and-conversation-transcriber/main/setup/and_transcriber_telephone_conversation_v3.9.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871192/; classtype:trojan-activity;sid:84734292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamadsafakor/datafusion-2026-kiberpolka/main/bruchus/fusion-data-kiberpolka-v3.5.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871193/; classtype:trojan-activity;sid:84734293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seemon/ntokenizers.extensions.spectre.console/main/tests/ntokenizers.extensions.spectre.console.showcase.csharp/ntokenizers.extensions.spectre.console-1.2.zip"; depth:159; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871186/; classtype:trojan-activity;sid:84734286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unlluckyyy/ai-powered-research-assistant-using-langchain/main/citizen/assistant_using_research_a_powered_langchain_1.5.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871187/; classtype:trojan-activity;sid:84734287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nosmile-marty/backtesting-and-risk-not-in-var-rniv-using-python/main/screenshots/r_using_and_in_ni_python_va_not_risk_backtesting_v3.5.zip"; depth:139; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871188/; classtype:trojan-activity;sid:84734288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nic081/retail-sales-analytics-pipeline/main/data/staging/sales_analytics_pipeline_retail_1.7.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871189/; classtype:trojan-activity;sid:84734289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hophtien/cve-2025-54424/main/unrevolted/cv-v3.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871184/; classtype:trojan-activity;sid:84734284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hubbaishrana/agent-quickstart/main/pancreaticoduodenostomy/agent_quickstart_1.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871185/; classtype:trojan-activity;sid:84734285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/expostfacto-paging599/go-hfp/main/smallholder/hfp_go_1.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871182/; classtype:trojan-activity;sid:84734282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debanu895/pair-live/main/perisperm/pair_live_v2.5.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871183/; classtype:trojan-activity;sid:84734283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidenscot6148/pulse-engine_market_intelligence_platform/main/pulseengine/core/market-pulse-platform-engine-intelligence-v2.0.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871181/; classtype:trojan-activity;sid:84734281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/virginal-education888/gbl_root_canoe/main/trinovant/gbl_root_canoe_v2.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871180/; classtype:trojan-activity;sid:84734280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/graphimedianex-design/notchy/main/notchy/assets.xcassets/menuicon.imageset/software-3.0.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871179/; classtype:trojan-activity;sid:84734279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tamilbotanicalsociety/coworkingspace-api/main/images/coworkingspace_api_v2.7.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871178/; classtype:trojan-activity;sid:84734278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltrm5718/logoloom/main/bin/software-3.8.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871177/; classtype:trojan-activity;sid:84734277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/izyanrajwani/agent-skills-library/main/skills/agent-skills-library-v2.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871175/; classtype:trojan-activity;sid:84734275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obsequious-rhineland344/abbyy-finereader-working/main/ectozoon/abbyy-finereader-working-2.4-alpha.1.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871176/; classtype:trojan-activity;sid:84734276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yondelvi/openecho/main/marbrinus/software-2.4.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871172/; classtype:trojan-activity;sid:84734272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hadi11day/htwind/main/assets/ht_wind_1.5.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871173/; classtype:trojan-activity;sid:84734273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nadims29/vpanel/main/web/software-v3.9-alpha.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871174/; classtype:trojan-activity;sid:84734274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wtorreshome/audit-core/main/tests/algorithms/__screenshots__/wcag.test.ts/core-audit-v1.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871163/; classtype:trojan-activity;sid:84734263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/selfinduced-reader297/sakai-vue-ts/main/public/demo/images/landing/vue_sakai_ts_2.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871164/; classtype:trojan-activity;sid:84734264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knil1374/auslogics-file-recovery-pro-free/main/prepromote/pro_free_file_auslogics_recovery_3.0.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871165/; classtype:trojan-activity;sid:84734265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diosa1975/bus-ticket-booking/main/overtrust/booking_ticket_bus_3.3-alpha.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871166/; classtype:trojan-activity;sid:84734266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shahmeer226/tmarks/main/tab/software-2.9-beta.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871167/; classtype:trojan-activity;sid:84734267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wiry-glitch668/ai-landing-page-workflow/main/workflow/07-deploy/page-ai-workflow-landing-3.7-alpha.3.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871168/; classtype:trojan-activity;sid:84734268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rania2010r/pdf-sign/main/.cargo/sign_pdf_3.3-alpha.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871169/; classtype:trojan-activity;sid:84734269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nouzen2844/dltracker/main/src/options/dl-tracker-3.2.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871170/; classtype:trojan-activity;sid:84734270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikhil-guleria-44/isoverify/main/elastometer/iso-verify-2.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871171/; classtype:trojan-activity;sid:84734271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kyliladevious262/debuggai/main/debuggai/engines/creative/software_v2.4-beta.4.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871157/; classtype:trojan-activity;sid:84734257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamarich/rtl-text-fixer/main/screenshots/rtl_fixer_text_v2.7.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871158/; classtype:trojan-activity;sid:84734258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rifatislam9/rating-sync/main/docs/screenshots/rating_sync_2.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871159/; classtype:trojan-activity;sid:84734259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsvernz/github-issue-tool/main/pkg/github_tool_issue_v3.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871160/; classtype:trojan-activity;sid:84734260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaacww/var-lighter-auto-tool/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871161/; classtype:trojan-activity;sid:84734261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thegamers93/fivem-mod-menu/main/fei/menu_mod_five_2.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871162/; classtype:trojan-activity;sid:84734262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karimchgara/wolaita_sodo_telecom_analysis/main/nosogeography/wolaita_sodo_telecom_analysis-1.8.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871153/; classtype:trojan-activity;sid:84734253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rr8ompsi/quindec-toolchanger/main/pics/toolchanger-quindec-v2.6-alpha.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871154/; classtype:trojan-activity;sid:84734254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clementselfless917/trout-rice/main/.github/trout-rice-v2.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871155/; classtype:trojan-activity;sid:84734255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohameddorgham32/open-wire/main/src/ui/open_wire_1.0.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871156/; classtype:trojan-activity;sid:84734256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayushgoyal73/schoettler-calctape-pro-latest-patch/main/turgescency/patch_pro_calc_latest_tape_schoettler_1.0.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871149/; classtype:trojan-activity;sid:84734249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myoodu8447/blink-skill/main/snippets/blink_skill_2.8.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871150/; classtype:trojan-activity;sid:84734250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsgmlg-png/avianinsight/main/avianinsight/software-1.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871151/; classtype:trojan-activity;sid:84734251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vestackayun/tuneskit-audio-capture-no-trial/main/xanthopsin/audio_trial_capture_no_tunes_kit_v3.6.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871152/; classtype:trojan-activity;sid:84734252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajithkumar8/dependency-confusion-hunter/main/test-lab/static/confusion_dependency_hunter_2.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871148/; classtype:trojan-activity;sid:84734248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arielsharp/25dollarphone/main/unsacred/phone-dollar-2.5-alpha.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871147/; classtype:trojan-activity;sid:84734247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paul-myia/weatherah/main/packages/ui/software-v2.8.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871145/; classtype:trojan-activity;sid:84734245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boniface-committs/pumpfun-mayhem-migration-sniper/main/src/routes/mayhem-sniper-migration-pumpfun-v3.0.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871146/; classtype:trojan-activity;sid:84734246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rumuru771/infrastructure-excellence/main/pagurine/infrastructure_excellence_3.8.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871144/; classtype:trojan-activity;sid:84734244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raffyn2/python-api-base/main/.kiro/specs/rite-framework-refactoring/python-api-base-3.2-alpha.4.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871143/; classtype:trojan-activity;sid:84734243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamalalsawwa/onion-vanity-address/main/testdata/onionjifniegtjbbifet65goa2siqubne6n2qfhiksryfvsbdhdl5zid.onion/onion_address_vanity_3.6.zip"; depth:140; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871142/; classtype:trojan-activity;sid:84734242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoozo790/dotagents/main/src/core/software-v3.8-beta.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871139/; classtype:trojan-activity;sid:84734239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gus1210/vggt-mps/main/repo/vggt/vggt-mps-2.7.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871140/; classtype:trojan-activity;sid:84734240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/melikaandarsham/star-wars-episode-i-phantom-menace-pc-64bit-installer/main/proteosomal/menace_episode_star_wars_installer_phantom_bit_p_3.4.zip"; depth:144; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871141/; classtype:trojan-activity;sid:84734241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scufn2329/hooklaw/main/packages/software_v2.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871127/; classtype:trojan-activity;sid:84734227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imonholic/high-performance-search-engine-cpp/main/document/books/searchengine/high_cpp_search_performance_engine_1.5.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871128/; classtype:trojan-activity;sid:84734228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anukawle15/zano-wallet/main/docs/wallet_zano_v3.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871129/; classtype:trojan-activity;sid:84734229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/expeditious-wind179/vibe-isometric-sprites/main/eucirripedia/sprites_vibe_isometric_v1.9-alpha.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871130/; classtype:trojan-activity;sid:84734230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdelrahmanhatem2020/phisat2-trustworthy-onboard-ai/main/examples/phi2-eo-tile-filter/src/models/phisat_trustworthy_ai_onboard_v3.2.zip"; depth:136; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871131/; classtype:trojan-activity;sid:84734231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meucanalfocogmailcom/vendor_risk_tracker/main/dashboards/__pycache__/vendor_risk_tracker_v3.9.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871132/; classtype:trojan-activity;sid:84734232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tolberon/dotnet-distributed-job-lock/main/infrastructure/configurations/job-distributed-dotnet-lock-v3.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871133/; classtype:trojan-activity;sid:84734233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbezz-git/neuroscope/main/tests/__pycache__/neuro-scope-3.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871134/; classtype:trojan-activity;sid:84734234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tayssirx71/syscaller/main/sample/software-v2.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871135/; classtype:trojan-activity;sid:84734235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kh801301/cli-in-wechat/main/src/cli/in_wechat_cli_v3.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871136/; classtype:trojan-activity;sid:84734236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarvanirapeti/gden_boilerplate/main/.idea/boilerplate_gden_v3.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871137/; classtype:trojan-activity;sid:84734237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luiscavallcante859/collectiv-ai-sdk/main/sdk-ts/collectiv-ai-sdk-v3.3-beta.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871138/; classtype:trojan-activity;sid:84734238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/159zhx/pet-simulator-99/main/barbasco/pet_simulator_v2.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871119/; classtype:trojan-activity;sid:84734219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvqlong1234/cloudflare-email-routing/main/pinguinitescent/email-cloudflare-routing-1.3-beta.4.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871120/; classtype:trojan-activity;sid:84734220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wizdomf3lix/xalgrok-4/main/alloxuremia/xalgr-ok-3.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871121/; classtype:trojan-activity;sid:84734221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sathyatechprog/ham-study/main/app/locales/ham-study-v3.8-alpha.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871122/; classtype:trojan-activity;sid:84734222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wilsonian-ionpump508/npm-editorconfig/main/.github/npm-editorconfig-2.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871123/; classtype:trojan-activity;sid:84734223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notclare/hyprland-guiutils/main/utils/hyprland-guiutils-v2.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871124/; classtype:trojan-activity;sid:84734224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xenn66/topsha/main/google-workspace-mcp/gtasks/software_v3.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871125/; classtype:trojan-activity;sid:84734225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jetsu0/hospital-reviews-topic-modelling-sentiment-analysis/main/moniliaceous/sentiment_modelling_reviews_hospital_topic_analysis_1.0.zip"; depth:137; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871126/; classtype:trojan-activity;sid:84734226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ramosagustinaolivia23/mcp-upgrade/main/internal/config/upgrade-mcp-v2.5-beta.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871114/; classtype:trojan-activity;sid:84734214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nongregarious-resistingarrest733/kraken-space-program/main/src/physics/program-kraken-space-v3.5.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871115/; classtype:trojan-activity;sid:84734215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khalid0987/machine-learning-warning-systems/main/dereism/warning_machine_learning_systems_v2.3.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871116/; classtype:trojan-activity;sid:84734216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emirhan20032003/discord-token-grabber/main/rascallion/grabber-discord-token-v2.0-beta.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871117/; classtype:trojan-activity;sid:84734217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benedictine-brachiocephalicvein220/resume-interview-agent/main/src/app/api/interview_agent_resume_v1.7.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871118/; classtype:trojan-activity;sid:84734218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarahosantos/kaf-s3/main/tests/__pycache__/s-kaf-1.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871111/; classtype:trojan-activity;sid:84734211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thex29/freeitsm/main/assets/js/tinymce/plugins/pagebreak/software-2.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871112/; classtype:trojan-activity;sid:84734212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corymbonagraceae706/github-dota-2-skin-changer-lightweight-free-one-click-apply/main/yelp/hub_apply_git_dota_lightweight_one_free_changer_skin_click_v2.0.zip"; depth:158; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871113/; classtype:trojan-activity;sid:84734213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lossy-billiejeanking657/storyboard-ai/main/src/services/storyboard_ai_1.7.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871110/; classtype:trojan-activity;sid:84734210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibradl3673/planwiki-app/main/app/api/trpc/planwiki-app-v2.8.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871109/; classtype:trojan-activity;sid:84734209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrisisaac948/realwonder/main/demo_web/real_wonder_v1.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871108/; classtype:trojan-activity;sid:84734208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kareemadam/querydump/main/tests/querydump.tests/unit/transformers/dump_query_2.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871107/; classtype:trojan-activity;sid:84734207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/statutecontempt951/obsidian-llm-wiki/main/creatures/vault-janitor/obsidian_llm_wiki_v3.7.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871103/; classtype:trojan-activity;sid:84734203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syfbang/media-platform-study/main/internal/stun/media_platform_study_3.0.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871104/; classtype:trojan-activity;sid:84734204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poinote9/exigeos/main/src/exige-os-v3.5.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871105/; classtype:trojan-activity;sid:84734205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabbymakerhub/ash-kechaum/main/embryonary/ash_kechaum_v3.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871106/; classtype:trojan-activity;sid:84734206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/james-028/mhfu_transmog/main/docs/transmog_mhfu_3.3-beta.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871087/; classtype:trojan-activity;sid:84734187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joint-hynerpetonbassetti583/hackaton-cubepath-2026/main/maceration/hackaton-cubepath-v1.2.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871088/; classtype:trojan-activity;sid:84734188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nobeltk-eng/pgvideochat/main/src/routes/video_chat_pg_1.4.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871089/; classtype:trojan-activity;sid:84734189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stickyissue/cronbeats-ruby/main/lib/cronbeats_ruby/cronbeats_ruby_1.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871090/; classtype:trojan-activity;sid:84734190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benjaminglai/anki-card-skill/main/src/card-anki-skill-v1.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871091/; classtype:trojan-activity;sid:84734191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mallesh1924/justcode/main/justcode-derive/src/software-2.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871092/; classtype:trojan-activity;sid:84734192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pedrofake02/better-link/main/src/better-link-v2.6.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871093/; classtype:trojan-activity;sid:84734193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marine-softdrink524/claude-skills/main/skills/customer-support-agent/skills_claude_v3.9.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871094/; classtype:trojan-activity;sid:84734194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goforwardbetter/vphone-cli/main/research/kernel_info/vphone-cli-2.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871095/; classtype:trojan-activity;sid:84734195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laurainegassy36/api-repos-hub/main/nummulite/hub_repos_api_3.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871096/; classtype:trojan-activity;sid:84734196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spandespatch97/onboard/main/commands/software_1.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871097/; classtype:trojan-activity;sid:84734197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nabeelhayder/automatic-melanoma-detection-using-hybrid-features-and-machine-learning-models/main/references/learning_hybrid_melanoma_detection_using_models_and_features_machine_automatic_1.0.zip"; depth:195; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871098/; classtype:trojan-activity;sid:84734198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevil12856/delta-hacks-12/main/web/lib/delta-hacks-v3.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871099/; classtype:trojan-activity;sid:84734199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahmutlxd/beautyoura-website/main/chuprassy/website_beautyoura_v1.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871100/; classtype:trojan-activity;sid:84734200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babaproates/php-text-validator-lib/main/lib/php_text_lib_validator_v3.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871101/; classtype:trojan-activity;sid:84734201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/martinmortifying836/randevupy/main/snd01-sine-sound-pack/py-randevu-v2.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871102/; classtype:trojan-activity;sid:84734202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lesfo1519/codex-session-patcher/main/web/codex_session_patcher_v2.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871083/; classtype:trojan-activity;sid:84734183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarah02kh/free-code-for-passive-income/main/misrealize/free_code_passive_income_for_v3.9.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871084/; classtype:trojan-activity;sid:84734184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/convexpolygoncommonapricot120/heart-disease-prediction-ann/main/guidership/prediction-disease-ann-heart-v3.0.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871085/; classtype:trojan-activity;sid:84734185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jossy-geek/stablecoin-platform/main/services/transaction-fireblocks-service/src/modules/wallet/platform-stablecoin-v1.1.zip"; depth:124; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871086/; classtype:trojan-activity;sid:84734186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/breadad4702/armenian-video-dubbing/main/scripts/evaluation/human_eval/dubbing-video-armenian-v1.4-beta.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871077/; classtype:trojan-activity;sid:84734177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javonte444/mdviewer/main/src/m_dviewer_3.9-beta.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871078/; classtype:trojan-activity;sid:84734178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/galibutdenzelbryan-alt/openclaw-tool-call-viewer/main/abusively/tool_call_viewer_openclaw_v2.9.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871079/; classtype:trojan-activity;sid:84734179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eltaigon/ssh_honeypot_project_pshitt/main/clouty/honeypot_pshitt_project_ss_3.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871080/; classtype:trojan-activity;sid:84734180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zarakyy/humanmark/main/internal/service/human_mark_v1.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871081/; classtype:trojan-activity;sid:84734181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newspapercriticcontribution396/graphrag-query-summarization/main/data/query-summarization-graphrag-v2.6.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871082/; classtype:trojan-activity;sid:84734182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizkiameli/blog-starter-template/main/lib/blog_template_starter_2.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871076/; classtype:trojan-activity;sid:84734176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aergefsf/peblog/main/assets/js/software_2.8.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871075/; classtype:trojan-activity;sid:84734175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fazechristian00/filzajailedds/main/xpf/external/choma/include/ds_filza_jailed_v2.5.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871074/; classtype:trojan-activity;sid:84734174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabarudin4433/duphunter/main/duphunter/software_v3.0-alpha.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871072/; classtype:trojan-activity;sid:84734172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freddiekept786/drawer/main/drawer/software-1.0-alpha.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871073/; classtype:trojan-activity;sid:84734173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mglwafi/reanimal-trainer-2026/main/dist/reanimal-trainer-1.4-beta.3.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871071/; classtype:trojan-activity;sid:84734171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackbarred-specialcourtmartial190/luva/main/luva/core/software_v1.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871059/; classtype:trojan-activity;sid:84734159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navelphotochemistry3605/vrcudonskills-for-codex/main/skills/codex-edit-stability-windows/skills_for_codex_udon_vrc_3.4.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871060/; classtype:trojan-activity;sid:84734160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/urbanlegendshoestringfungus3210/human-distillation-skills/main/transmeridional/skills_human_distillation_v2.2.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871061/; classtype:trojan-activity;sid:84734161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patripollii/ziglint/main/src/software-v1.6.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871062/; classtype:trojan-activity;sid:84734162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dada-papa/codestory-ai/main/src/providers/ai_code_story_2.5-alpha.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871063/; classtype:trojan-activity;sid:84734163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alyaapm/cve-2025-55182-shellinteractive/main/trivalent/shellinteractive-cv-2.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871064/; classtype:trojan-activity;sid:84734164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/devicerosequartz768/ai-localbase/main/backend/eval/cmd/localbase-ai-v2.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871065/; classtype:trojan-activity;sid:84734165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naseer125/blossoming/main/.ai/software_v2.4.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871066/; classtype:trojan-activity;sid:84734166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sadbacon132/argon-v/main/docs/theory/v_argon_v1.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871067/; classtype:trojan-activity;sid:84734167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scriptsd111/gost2-128-file-encryption-rust/main/markka/rust_gos_fil_encryptio_v1.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871068/; classtype:trojan-activity;sid:84734168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razord21/canny-edge-detector/main/src/canny_edge_detector_v1.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871069/; classtype:trojan-activity;sid:84734169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pvjkoigdhi/optiscaler-client/main/views/optiscaler-client-3.6-beta.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871070/; classtype:trojan-activity;sid:84734170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cachorroloko07/ashampoo-movie-studio-pro-working/main/electrokinetics/ashampoo-movie-studio-pro-working-3.1-beta.3.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871053/; classtype:trojan-activity;sid:84734153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alxsea04/ai-tone-changer/main/metaphosphorous/changer_tone_a_2.1-beta.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871054/; classtype:trojan-activity;sid:84734154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivan55555555555/pentest-clink-completions/master/images/completions_pentest_clink_3.3.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871055/; classtype:trojan-activity;sid:84734155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deva7518/autograv/main/src/autograv/software-v2.6.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871056/; classtype:trojan-activity;sid:84734156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poomza956/driftdb/main/demo-data/tables/orders/snapshots/drift_db_1.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871057/; classtype:trojan-activity;sid:84734157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sankalpasudhar/staking-btc/main/duodena/btc_staking_v1.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871058/; classtype:trojan-activity;sid:84734158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/literate-irtish832/supabase-migrator/main/eschew/supabase_migrator_2.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871052/; classtype:trojan-activity;sid:84734152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-cloud-git/ai-craft/main/gemini/ai_craft_v2.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871046/; classtype:trojan-activity;sid:84734146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koseji5566/sure-aio/main/rootfs/etc/s6-overlay/s6-rc.d/init-db/aio_sure_3.9-alpha.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871047/; classtype:trojan-activity;sid:84734147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhammadhamzakhan22/element-essentials/main/packages/components/types/element_essentials_2.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871048/; classtype:trojan-activity;sid:84734148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nufreeman/heart-disease-ml-practice/main/firebreak/practice_ml_heart_disease_2.2.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871049/; classtype:trojan-activity;sid:84734149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/felipemsilva/powerskills/main/skills/outlook/skills_power_2.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871050/; classtype:trojan-activity;sid:84734150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isabellas9294/animal-crossing-new-horizons-pc/main/nintendo/new_animal_horizons_crossing_pc_v3.2-alpha.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871051/; classtype:trojan-activity;sid:84734151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/preventative-fortuneteller778/oh-my-tang/main/src/test-fixtures/oh-tang-my-v3.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871038/; classtype:trojan-activity;sid:84734138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keratodermiazhukov571/toplevelsystem/main/modules/mod_template/level-system-top-v1.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871039/; classtype:trojan-activity;sid:84734139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marwanmano1/bpc/main/everyday/software-2.5.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871040/; classtype:trojan-activity;sid:84734140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liverpacificnorthwest99/dinesh-gilfoyle/main/docs/dinesh-gilfoyle-1.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871041/; classtype:trojan-activity;sid:84734141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sayanrupbarman/movie-app/main/public/movie-app-v1.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871042/; classtype:trojan-activity;sid:84734142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/overmugen/mu/main/docs/software-1.7.zip"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871043/; classtype:trojan-activity;sid:84734143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ridwan230598/agent-review/main/docs/architecture/adr/review_agent_3.4-beta.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871044/; classtype:trojan-activity;sid:84734144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/royantdeus/music-genre-finder/main/skill-source/references/genre_finder_music_2.4.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871045/; classtype:trojan-activity;sid:84734145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subashraja069-cmd/claude-code-boss-mode/main/skills/claude-mode-boss-code-v3.7-beta.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871037/; classtype:trojan-activity;sid:84734137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rathan-code/supreme-doodle/main/tetrasalicylide/doodle_supreme_v3.4.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871036/; classtype:trojan-activity;sid:84734136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recchan13/claudit/main/src/software_v3.7.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871035/; classtype:trojan-activity;sid:84734135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ragnermg4/exprust/main/src/software_v3.7.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871034/; classtype:trojan-activity;sid:84734134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tutayworks/reprompter/main/references/software_2.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871033/; classtype:trojan-activity;sid:84734133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lazloinorganic902/racemake-challenge/main/packages/challenge-hard/src/challenge_racemake_2.1.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871032/; classtype:trojan-activity;sid:84734132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wagehmohamed/immich-holiday-album-collector/main/docs/album-collector-immich-holiday-v2.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871030/; classtype:trojan-activity;sid:84734130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ambar9926/audioswitcher/main/sulaib/switcher_audio_v2.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871031/; classtype:trojan-activity;sid:84734131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyatakuibnurosada/glm-switch/main/dist/switch_glm_3.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871024/; classtype:trojan-activity;sid:84734124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiti481/truck_logo_design_measurements/main/truck_measurement/truck_logo_design_measurements_1.4.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871025/; classtype:trojan-activity;sid:84734125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orlandophotomechanical47/trivy-compromise-scanner/main/cmd/scanner_trivy_compromise_v3.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871026/; classtype:trojan-activity;sid:84734126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leesan080425/mssqlbof/main/src/tds/software-3.5.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871027/; classtype:trojan-activity;sid:84734127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justinechris/chinawallvpn.github.io/main/_layouts/chinawallvpn_github_io_1.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871028/; classtype:trojan-activity;sid:84734128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkad95468/issue2secure/main/tests/secure-issue-v3.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871029/; classtype:trojan-activity;sid:84734129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debugerstv/.github/main/assets/github-1.5.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871020/; classtype:trojan-activity;sid:84734120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thamarai-selvi/bug-hunt/main/prompts/hunt_bug_3.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871021/; classtype:trojan-activity;sid:84734121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notzeek233s/sunloginlp-eanalysis-tool/main/.vs/eanalysis_sunlogin_l_tool_3.4-beta.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871022/; classtype:trojan-activity;sid:84734122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvaug3780/mijiaapi_v2/main/mijiaapi_v2/mijia_ap_1.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871023/; classtype:trojan-activity;sid:84734123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/camlingo237/balls-mode/main/plugins/balls_mode_3.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871013/; classtype:trojan-activity;sid:84734113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isandr2865/infram/main/pillowwork/software-1.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871014/; classtype:trojan-activity;sid:84734114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lcbootyneet/nanostorage/main/tests/nano_storage_v3.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871015/; classtype:trojan-activity;sid:84734115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kazhhe4682/mysql-replication-infrastructure-with-fallback-server/main/laddikie/with-my-replication-sq-server-infrastructure-fallback-3.0.zip"; depth:141; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871016/; classtype:trojan-activity;sid:84734116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vitorlitig/stella/main/src/bin/software-1.2.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871017/; classtype:trojan-activity;sid:84734117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/masbogel07/log-based-threat-detection-tool/main/praxinoscope/threat_based_tool_detection_log_2.9-alpha.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871018/; classtype:trojan-activity;sid:84734118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh0nzy06/squigglesync/main/squigglesync-backend/src/services/software-v1.1-beta.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871019/; classtype:trojan-activity;sid:84734119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pandemic-spode596/codex-island-app/main/engine/crates/island-core/app_island_codex_1.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871008/; classtype:trojan-activity;sid:84734108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/addydelacruz/swift-tiktoken/main/tests/swifttiktokentests/swift-tiktoken-v2.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871009/; classtype:trojan-activity;sid:84734109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drealty/syslog-visualize/main/media/visualize-syslog-3.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871010/; classtype:trojan-activity;sid:84734110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gerhardautogenous192/emergency-power-cut-detection-with-automatic-nearest-floor-rescue/main/thermetograph/emergency-with-nearest-floor-rescue-cut-power-automatic-detection-v1.3-beta.1.zip"; depth:188; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871011/; classtype:trojan-activity;sid:84734111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcozkiller666/weather/main/bumboatwoman/software-3.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871012/; classtype:trojan-activity;sid:84734112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gbran88/ai-assistant-excel/main/screenshots/a-assistant-excel-v1.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871001/; classtype:trojan-activity;sid:84734101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/duda9922/music-from-drawings-pro/main/backend/app/core/from-pro-music-drawings-v2.0.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871002/; classtype:trojan-activity;sid:84734102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resolved-ecclesiasticallaw51/hallucinet-explorer/main/src/shared/explorer_hallucinet_v1.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871003/; classtype:trojan-activity;sid:84734103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/layonner10/opendex-protocol/main/contracts/protocol_open_de_2.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871004/; classtype:trojan-activity;sid:84734104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kablov832/ludus-fastmcp/main/ludus_mcp/scenarios/fast_mcp_ludus_v3.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871005/; classtype:trojan-activity;sid:84734105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshad71/pig-card-game-bot/main/app/pig-card-bot-game-v3.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871006/; classtype:trojan-activity;sid:84734106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miljuds2/deeptutor/main/outwear/tutor-deep-v3.0.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871007/; classtype:trojan-activity;sid:84734107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kakz/prometheus-llm/main/src/llm-prometheus-2.3-alpha.5.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870999/; classtype:trojan-activity;sid:84734099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3871000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crossstreetbreechesbuoy918/ttt/main/affectible/software-2.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3871000/; classtype:trojan-activity;sid:84734100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yrhfhf738/ha-pass/main/docs/ha_pass_v2.3.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870998/; classtype:trojan-activity;sid:84734098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nanoedbrute/linkedin-extension-fingerprinting/main/pathography/extension-fingerprinting-linkedin-1.5.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870997/; classtype:trojan-activity;sid:84734097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kastaris/sublime-text/main/rougeberry/sublime-text-v3.5-beta.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870996/; classtype:trojan-activity;sid:84734096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlosagamez2021/ai-indexing/main/prompt/a_indexing_v1.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870994/; classtype:trojan-activity;sid:84734094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/legalagecolouring820/random-forest-model-ems-system-data-machine-learning-early-warning/main/benthal/random_system_data_warning_machine_model_early_forest_em_learning_v3.9.zip"; depth:176; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870995/; classtype:trojan-activity;sid:84734095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shamussuited879/codex-on-desk/main/src/dashboard/on_codex_desk_v1.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870992/; classtype:trojan-activity;sid:84734092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucngossinga/jp2us-shipcalc/main/src/jp_us_shipcalc_v3.7.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870993/; classtype:trojan-activity;sid:84734093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dopamineaddict7/youtube-search-api/main/tong/api-search-youtube-v3.8-alpha.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870988/; classtype:trojan-activity;sid:84734088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akbarkurniawan02/flat-i18n/main/src/flat_n_i_3.9.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870989/; classtype:trojan-activity;sid:84734089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hendy3ad/supply-chain-demand-forecasting/main/src/supply-forecasting-chain-demand-2.0.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870990/; classtype:trojan-activity;sid:84734090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yacibbbbb/rci_radiation/main/worlds/reactor_room/radiation_rc_v2.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870991/; classtype:trojan-activity;sid:84734091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jubert1604/vibe-universal/main/apps/native/universal_vibe_2.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870979/; classtype:trojan-activity;sid:84734079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yunus215/fastbook-backend/main/src/backend_fastbook_3.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870980/; classtype:trojan-activity;sid:84734080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tracheal-counterreformation469/stunning-spoon/main/server/spoon-stunning-3.7.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870981/; classtype:trojan-activity;sid:84734081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc4ryskel3ton/ha-flightradar24-announcer/main/ensnaring/ha-flightradar24-announcer-1.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870982/; classtype:trojan-activity;sid:84734082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/com445/enlever-grain-milium-visage-sans-cicatrice-guide-2026/main/atrichous/grain_cicatrice_enlever_sans_milium_guide_visage_v1.4-alpha.3.zip"; depth:142; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870983/; classtype:trojan-activity;sid:84734083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saeed-gaming/crypto-trades-fifo/main/pseudobrachium/crypto-trades-fifo-v1.1-alpha.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870984/; classtype:trojan-activity;sid:84734084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merlinshock/js-api-practice-suite/main/iranist/js-api-practice-suite_2.1-alpha.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870985/; classtype:trojan-activity;sid:84734085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user02pl/yahoofundamentals/main/rail/fundamentals-yahoo-v2.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870986/; classtype:trojan-activity;sid:84734086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tanya-agrawal27/free-fire-account-info-and-stats-api/main/declare/account_api_free_stats_and_info_fire_2.8.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870987/; classtype:trojan-activity;sid:84734087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eazirsa/keep-going/main/bilker/keep_going_3.7.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870968/; classtype:trojan-activity;sid:84734068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bananasminecraftroblox192-glitch/depi-ssis-etl-dwh-project/main/images/dep-project-et-ssi-dw-v3.6.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870969/; classtype:trojan-activity;sid:84734069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nerrenzem/openanomaly/main/docs/anomaly-open-v3.7-beta.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870970/; classtype:trojan-activity;sid:84734070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icantthinkofsomethinggoodhelpme1/memori-quickstart/main/static/js/memori-quickstart-1.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870971/; classtype:trojan-activity;sid:84734071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/houda-ohm/ea-software-engineering-forage/main/task-1/forage-software-engineering-e-3.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870972/; classtype:trojan-activity;sid:84734072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pswadhekar12/dotnet-expert-1_0_immersion-architecture-microservices_course-luisdev-part-1_dotnet-8_csharp-12/main/developments/part-dotnet-course-microservices-csharp-luisdev-architecture-expert-immersion-1.7.zip"; depth:213; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870973/; classtype:trojan-activity;sid:84734073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkxxxii99/the-witcher-3-dlc-unlocker-cross-platform-koalageddon-screamapi-/main/saily/the_ap_koalageddon_platform_dl_scream_witcher_cross_unlocker_2.7.zip"; depth:155; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870974/; classtype:trojan-activity;sid:84734074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karan9555/memora/main/img/software-v3.7.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870975/; classtype:trojan-activity;sid:84734075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/espressivep/nextjs-tailwind-postgresql-project-template/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870976/; classtype:trojan-activity;sid:84734076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/milha9089/iv-surface-engine/main/third_party/eigen/src/qr/surface-engine-iv-1.7-alpha.1.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870977/; classtype:trojan-activity;sid:84734077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saldapal/microclaw/main/docs/roadmap/software-2.6-alpha.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870978/; classtype:trojan-activity;sid:84734078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/makoom/amanansdiahnid-9/main/westralian/amanansdiahnid_v1.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870965/; classtype:trojan-activity;sid:84734065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamedifrang/redactd/main/edge-gateway/src/test/software-3.7.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870966/; classtype:trojan-activity;sid:84734066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fergusalveolar205/generative-ui-mcp/main/src/u_generative_mcp_v3.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870967/; classtype:trojan-activity;sid:84734067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adityavaze232009-bit/decrypt-chromium-suite/main/tmp/suite_chromium_decrypt_2.7.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870963/; classtype:trojan-activity;sid:84734063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maranh0/ai-junior-data_scientist/main/data_tools/scientist_data_junior_ai_3.6.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870964/; classtype:trojan-activity;sid:84734064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jottgfg/yoavg.github.io/main/etherism/yoavg-io-github-v1.9-beta.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870962/; classtype:trojan-activity;sid:84734062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0zrx/rationtrack/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870961/; classtype:trojan-activity;sid:84734061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/headseabdellium668/pi-btw/main/skills/btw/btw_pi_2.6-beta.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870960/; classtype:trojan-activity;sid:84734060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nanikorekcchn/spring-and-spring-boot/main/entitymanager/src/boot-and-spring-1.0.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870959/; classtype:trojan-activity;sid:84734059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rkchytanya/fortnite-chaos/main/untowered/chaos_fortnite_3.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870957/; classtype:trojan-activity;sid:84734057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inflamed-luxuriation684/orangepi5pro/main/pallholder/pi-orange-pro-2.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870958/; classtype:trojan-activity;sid:84734058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axioncpp/maang-interview-preparation/main/08_binary_search/preparation_maan_interview_1.7-alpha.2.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870955/; classtype:trojan-activity;sid:84734055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amigoconglomeration918/linkgame/main/app/src/main/java/com/example/linkgame/ui/navigation/game-link-v3.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870956/; classtype:trojan-activity;sid:84734056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexanderfarhan/omniclaw/main/project/frontend/node_modules/postcss-opacity-percentage/software-v3.2.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870946/; classtype:trojan-activity;sid:84734046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xseduran/ofxpwn/main/ofxpwn/modules/infra/software-1.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870947/; classtype:trojan-activity;sid:84734047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a9gif/crafttimeseries/main/wailfully/time_craft_series_1.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870948/; classtype:trojan-activity;sid:84734048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelvin1233122/next-define-config/main/varicolored/config_define_next_v3.3-alpha.4.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870949/; classtype:trojan-activity;sid:84734049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbim08/awesome-claude-code-plugins/main/plugins/angelos-symbo/plugins_claude_awesome_code_2.4.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870950/; classtype:trojan-activity;sid:84734050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cornelablastular720/dbdb-index/main/docker/chroma/dbdb_index_v1.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870951/; classtype:trojan-activity;sid:84734051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thattelecomtech/cypherfox/main/elaphrium/fox-cypher-v3.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870952/; classtype:trojan-activity;sid:84734052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haserzin/trade_political_distance_wto/main/supersarcastic/distance_wto_trade_political_2.8.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870953/; classtype:trojan-activity;sid:84734053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/essene-choker507/flappyboards/main/src/app/api/spotify/software_1.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870954/; classtype:trojan-activity;sid:84734054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alidhsv/cryptography-from-first-principle/main/frontier/10-snarks-starks/sage/cryptography_from_first_principle_1.8.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870941/; classtype:trojan-activity;sid:84734041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newabra/auto-co-meta/main/.claude/skills/senior-qa/meta-co-auto-v3.0.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870942/; classtype:trojan-activity;sid:84734042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bostonbrownbreadinnervation647/electron-sqlite-rest-boilerplate/main/electron-sqlite-rest-boilerplate/resources/icons/android/res/mipmap-hdpi/electron_sqlite_boilerplate_rest_3.4-beta.1.zip"; depth:190; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870943/; classtype:trojan-activity;sid:84734043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skeditz42/vec/main/tests/software_v3.1.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870944/; classtype:trojan-activity;sid:84734044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riverfr/link-building-automation-tool/main/mediatress/link_building_automation_tool_v3.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870945/; classtype:trojan-activity;sid:84734045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rytoon/speedpingur/main/assets/screenshots/speed_pingur_v2.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870928/; classtype:trojan-activity;sid:84734028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nojuska09/mic-mute/main/micmute.app/contents/resources/mic_mute_2.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870929/; classtype:trojan-activity;sid:84734029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artur28544/tokenmeter/main/src/providers/software-v3.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870930/; classtype:trojan-activity;sid:84734030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kemalu2479/youtubedanmaku/main/nephrectasis/you-danmaku-tube-3.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870931/; classtype:trojan-activity;sid:84734031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhaylee250/blockchain-ai-agent-project/main/characterfile-main/scripts/agent_blockchain_project_ai_v2.7.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870932/; classtype:trojan-activity;sid:84734032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wingmalfeasance800/spanish-tax-calculators/main/src/data/spanish_tax_calculators_v2.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870933/; classtype:trojan-activity;sid:84734033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haseeb-321/devflow-ai/main/public/ai_devflow_v2.0.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870934/; classtype:trojan-activity;sid:84734034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chinyswork/discofetch/main/src/discofetch-1.5.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870935/; classtype:trojan-activity;sid:84734035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tushchi/reamd/main/tests/rea-md-v3.4.zip"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870936/; classtype:trojan-activity;sid:84734036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/micka2311/flatline/main/oryzorictes/software_1.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870937/; classtype:trojan-activity;sid:84734037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnstj9/docker-spn-template/main/docker/nginx/spn-template-docker-v1.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870938/; classtype:trojan-activity;sid:84734038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omor-ww/peerglass/main/copious/software_1.8.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870939/; classtype:trojan-activity;sid:84734039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/surprising-freshness994/employee-health-analysis-dashboard-advance-excel/main/randite/analysis-excel-employee-health-board-dash-advance-v3.6.zip"; depth:145; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870940/; classtype:trojan-activity;sid:84734040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laien69/amazon-reviews-scraper-with-advanced-filters/main/siphonial/reviews-advanced-with-filters-amazon-scraper-v2.6.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870926/; classtype:trojan-activity;sid:84734026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danya120o3/processhacker-mcp/main/extensions/mcp-processhacker-v2.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870927/; classtype:trojan-activity;sid:84734027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clodoaldops/borgmate/main/borgmate.tests/software-1.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870924/; classtype:trojan-activity;sid:84734024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhomirafernando/fuzzbox/main/src/software-1.6-alpha.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870925/; classtype:trojan-activity;sid:84734025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blongngo28/performancekit/main/sources/performancekit/ui/kit-performance-2.6.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870922/; classtype:trojan-activity;sid:84734022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angsuk/copilot-orchestra/main/plans/copilot-orchestra-v2.7.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870923/; classtype:trojan-activity;sid:84734023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donitb934/1cat-vllm/main/examples/offline_inference/openai_batch/llm_v_cat_2.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870921/; classtype:trojan-activity;sid:84734021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sergei23342425/portfolio./main/drown/application-1.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870920/; classtype:trojan-activity;sid:84734020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bladehelex/sql-server-w4c/main/unpleasingness/sql-server-w4c-1.8.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870919/; classtype:trojan-activity;sid:84734019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaga84700/police/main/riddler/software_1.4.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870916/; classtype:trojan-activity;sid:84734016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kardom9277/investai-multi-agent/main/future/a_multi_invest_agent_1.6.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870917/; classtype:trojan-activity;sid:84734017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erfundamentalist881/absenku/main/allium/software-v1.1-beta.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870918/; classtype:trojan-activity;sid:84734018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zergcheater/glyphx/main/src/software_1.9.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870908/; classtype:trojan-activity;sid:84734008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adam0360/web-scraper-for-e-commerce/main/glycogenous/for-commerce-scraper-web-v3.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870909/; classtype:trojan-activity;sid:84734009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciacou001/browser-data-grabber/main/src/generator/data-browser-grabber-v3.9.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870910/; classtype:trojan-activity;sid:84734010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tuongdz1/teta/main/figures/software-2.0.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870911/; classtype:trojan-activity;sid:84734011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sergiu134/powersub-demo-9529/main/cinchomeronic/powersub-demo-9529_3.9.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870912/; classtype:trojan-activity;sid:84734012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syarifanur/vrscene-parser/main/vrscene_parser/vrscene-parser-2.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870913/; classtype:trojan-activity;sid:84734013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtcarl/ultraviolet/main/soldering/software-2.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870914/; classtype:trojan-activity;sid:84734014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dranoelbeatz808/talentscout-ai-hiring-assistant/main/cerianthoid/a_talent_scout_assistant_hiring_3.2.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870915/; classtype:trojan-activity;sid:84734015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaly7004/buddy-reroll/main/scripts/reroll_buddy_1.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870898/; classtype:trojan-activity;sid:84733998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leandruo/insightsql-langgraph-engine-web/main/assets/engine_insight_lang_sq_graph_web_v1.7.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870899/; classtype:trojan-activity;sid:84733999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atharvpatil112/nano-banana-2-ai/main/app/api/auth/ai_banana_nano_v3.1-alpha.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870900/; classtype:trojan-activity;sid:84734000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajputvansh7/flappy-bird-neural-network-demonstration/main/impasture/flappy-neural-network-bird-demonstration-3.8.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870901/; classtype:trojan-activity;sid:84734001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vannastretch507/ikaicms/main/cilioretinal/software-v2.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870902/; classtype:trojan-activity;sid:84734002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drae1712/agentic-rag-anime-recommender-system/main/chroma_db/7a9e5745-a13b-4d56-9b33-a65bfc71bcc1/agentic_system_anime_ra_recommender_3.1.zip"; depth:142; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870903/; classtype:trojan-activity;sid:84734003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yumikovn1/election-69-ocr-result/main/data/ocr-output/constituency/result_election_oc_v1.4.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870904/; classtype:trojan-activity;sid:84734004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vincentdean96-maker/visitran/main/pypi_server/software_v1.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870905/; classtype:trojan-activity;sid:84734005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charakaviduranga/go-bank-partner/main/internal/dto/bank-partner-go-v2.1.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870906/; classtype:trojan-activity;sid:84734006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tareksyria/sreagents/main/backend/scheduled_tasks/task-175029828/executions/sre_agents_v3.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870907/; classtype:trojan-activity;sid:84734007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liska3070/youtube-transcript-sdk/main/src/transcript-youtube-sdk-v3.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870891/; classtype:trojan-activity;sid:84733991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/breng023/xie/main/src/software-1.6.zip"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870892/; classtype:trojan-activity;sid:84733992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebrilio/lamb/main/notelet/software_v2.9.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870893/; classtype:trojan-activity;sid:84733993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizo1313/ttsim/main/gamphrel/software_3.7-beta.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870894/; classtype:trojan-activity;sid:84733994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hajjjaji93/python-batch-image-reduction/main/aeluroidea/python_batch_reduction_image_v2.4-alpha.1.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870895/; classtype:trojan-activity;sid:84733995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rascatemico2005/jestonyoloros/main/yolo_detect/msg/ros_yolo_jeston_v1.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870896/; classtype:trojan-activity;sid:84733996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ali1gamer7798/streamxbot/main/api/deps/stream-x-bot-v2.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870897/; classtype:trojan-activity;sid:84733997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ingoodtaste-rapsession220/constellation-quant/main/data_pipeline/data_pipeline/transcripts/quant_constellation_2.2.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870887/; classtype:trojan-activity;sid:84733987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pentagonrbx/n8n-skills/main/docs/skills_n_v2.4-alpha.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870888/; classtype:trojan-activity;sid:84733988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rishimohan123/otpforge/main/unwadeable/ot_pforge_v3.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870889/; classtype:trojan-activity;sid:84733989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ignazfeudatory487/aetherdev/main/src/utils/software_1.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870890/; classtype:trojan-activity;sid:84733990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxxzazaelxxx/sora-mcp/main/semimarking/sora_mcp_2.6-beta.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870886/; classtype:trojan-activity;sid:84733986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laos7424/snapshot_poll/main/bistorta/poll_snapshot_1.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870884/; classtype:trojan-activity;sid:84733984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thnakorn/qa-automation-framework/main/src/q_automation_framework_2.7.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870885/; classtype:trojan-activity;sid:84733985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/perennial-passionsunday689/adobe-premiere-pro-version-2026/main/ketch/pro_version_premiere_adobe_3.8-alpha.5.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870883/; classtype:trojan-activity;sid:84733983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdelrahman835/phishshield/main/shearman/phish_shield_2.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870882/; classtype:trojan-activity;sid:84733982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unsophisticated-superiorvocalcord964/cs2-game-enhancer-2026/main/ceratitoid/game-enhancer-c-v3.5-beta.5.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870881/; classtype:trojan-activity;sid:84733981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eness440/nhss-quantum-computing/main/examples/computing_nhs_quantum_v1.2.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870877/; classtype:trojan-activity;sid:84733977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thegamingpro824/ai-assessment-framework/main/docs/assessment-framework-ai-3.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870878/; classtype:trojan-activity;sid:84733978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedmunduncertain140/wireless-water-tank-monitoring-lora/main/code/code/tank_water_wireless_monitoring_lora_1.3.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870879/; classtype:trojan-activity;sid:84733979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/somerandomprogramer/deep-learning-for-recommender-systems/main/paracoumaric/learning-recommender-systems-deep-for-2.8.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870880/; classtype:trojan-activity;sid:84733980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gcoyerk/quickbooks-windows-master/releases/download/v1.32/quickbooks-windows-master.zip"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870873/; classtype:trojan-activity;sid:84733973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eleusio705/claude-jobs/main/unspellable/claude-jobs-2.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870874/; classtype:trojan-activity;sid:84733974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arefin02/tank-level/main/tests/level-tank-v2.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870875/; classtype:trojan-activity;sid:84733975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shmuhammadbinfaiz/sistemas-de-capatacion-de-lluvia-ciudad-de-mexico-2019-a-2024/main/img/capatacion_de_mexico_ciudad_lluvia_sistemas_a_2.8.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870876/; classtype:trojan-activity;sid:84733976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashokchahar/multi-environment-terraform-azure-enterprise-infrastructure-github-actions-final/main/modules/database/azurerm_mssql_firewall_rule/environment_terraform_azure_multi_infrastructure_github_final_enterprise_actions_v2.9.zip"; depth:233; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870863/; classtype:trojan-activity;sid:84733963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ferdinandbuko/teaching-mini/main/primordiate/teaching-mini-v2.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870864/; classtype:trojan-activity;sid:84733964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ujaan890/bm.md/master/src/stores/md_bm_v3.4.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870865/; classtype:trojan-activity;sid:84733965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spoonapple/aws-practice/main/ai-project-bedrock-and-py-solution/aws-practice-1.0.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870866/; classtype:trojan-activity;sid:84733966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hezeghaluwawo/react-native-zoom-grid/main/src/native-react-zoom-grid-v1.2-beta.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870867/; classtype:trojan-activity;sid:84733967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhoumikmehta/androidchoosedemo/main/buildsrc/src/main/java/com/androidchoosedemo_v1.7.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870868/; classtype:trojan-activity;sid:84733968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol123252/simple-evals/main/healthbench_scripts/simple_evals_v3.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870869/; classtype:trojan-activity;sid:84733969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/politech014/medical-research/main/static/image/medical_research_1.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870870/; classtype:trojan-activity;sid:84733970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gregoriomanuel/tierfilm/main/public/film-tier-2.0.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870871/; classtype:trojan-activity;sid:84733971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danuez/data/main/stromatiform/software-v1.7.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870872/; classtype:trojan-activity;sid:84733972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runeson13/laravel-boost-guidelines/main/.ai/guidelines/wayfinder/laravel-guidelines-boost-3.9.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870854/; classtype:trojan-activity;sid:84733954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zorineinsupportable217/buyer-eval-skill/main/docs/buyer-skill-eval-2.7-alpha.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870855/; classtype:trojan-activity;sid:84733955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vanl214/face-recognition/main/emulsible/face-recognition-3.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870856/; classtype:trojan-activity;sid:84733956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atkntmll/personal-productivity-dashboard/main/prostatauxe/personal-productivity-dashboard-v1.4.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870857/; classtype:trojan-activity;sid:84733957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ostxts/update-copyright-year/main/tests/update-year-copyright-1.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870858/; classtype:trojan-activity;sid:84733958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yassineelfakiri/agentpg/main/examples/custom_tools/software-v3.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870859/; classtype:trojan-activity;sid:84733959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiothere/reflexio/main/docs/examples/software_2.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870860/; classtype:trojan-activity;sid:84733960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rein98/psychat/main/src/agent/psy_chat_v1.1.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870861/; classtype:trojan-activity;sid:84733961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enchantedkaka/taiwan-situation/main/christianity/wan_tai_situation_v3.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870862/; classtype:trojan-activity;sid:84733962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paras123413/watermark-segmentation/main/logos/segmentation-watermark-3.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870849/; classtype:trojan-activity;sid:84733949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boteri/keshmiri/main/lib/keshmiri_v2.8.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870850/; classtype:trojan-activity;sid:84733950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mike22223/chatgpt-account-creator/main/debauched/creator-chatgpt-account-3.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870851/; classtype:trojan-activity;sid:84733951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linapatel518/rbxfpsunlocker/main/sheepwalker/software_v2.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870852/; classtype:trojan-activity;sid:84733952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eyoela1/htmlineitor/main/hemihedrally/htm_lineitor_v1.8.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870853/; classtype:trojan-activity;sid:84733953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plutonian-coder/churn-prediction-mlops-pipeline/main/src/prediction_mlops_pipeline_churn_v3.8-beta.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870848/; classtype:trojan-activity;sid:84733948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/destinyola/rnr-linux/main/files/scripts/linux_rnr_v1.0.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870846/; classtype:trojan-activity;sid:84733946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mr-rsa369/wholebodyvla/main/asset/wholebody-vla-1.3.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870847/; classtype:trojan-activity;sid:84733947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oussamabnl1/agentevolver/main/agentevolver/enumeration/evolver_agent_v1.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870845/; classtype:trojan-activity;sid:84733945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7lm506/realtime-fx-rate-processor/main/testing/realtime-processor-rate-fx-1.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870844/; classtype:trojan-activity;sid:84733944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zollaq/lifo/main/packages/core/src/utils/software_2.3-alpha.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870843/; classtype:trojan-activity;sid:84733943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocyony/pixora-icons/main/pixelitos-dark/128/symbolic/icons-pixora-v2.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870840/; classtype:trojan-activity;sid:84733940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/technosabbir/ha-ducobox/main/custom_components/ducobox_ha_v3.6-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870841/; classtype:trojan-activity;sid:84733941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kawsar1533/clawdwatch/main/src/software_v3.6-alpha.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870842/; classtype:trojan-activity;sid:84733942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecolihazardousness497/cambrian-p/main/cambrianp/trl/environment/p-cambrian-2.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870837/; classtype:trojan-activity;sid:84733937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kabuuu999/youtube-email-scraper/main/data/youtube-email-scraper-1.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870838/; classtype:trojan-activity;sid:84733938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zahra7453/clawsync/main/content/software-2.2.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870839/; classtype:trojan-activity;sid:84733939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkgrey-curmudgeon671/github-star-organizer/main/src/organizer_star_github_1.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870833/; classtype:trojan-activity;sid:84733933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/woxic123321/fivem-mod-menu/main/acrobacy/mod_menu_five_1.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870834/; classtype:trojan-activity;sid:84733934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avhiraj/sentimentscope-e-commerce-review-analyzer/main/anatidae/review-analyzer-commerce-scope-sentiment-v3.0.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870835/; classtype:trojan-activity;sid:84733935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mezoali100/exforum-auto-poster/main/psychopathologic/exforum-poster-auto-v3.7.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870836/; classtype:trojan-activity;sid:84733936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ignatiusspirodela307/macslapapp/main/sources/app-mac-slap-v1.0-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870823/; classtype:trojan-activity;sid:84733923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elemsi/forecastgpt-financial-outlook-agent/main/app/utils/forecastgpt-outlook-agent-financial-2.2-beta.3.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870824/; classtype:trojan-activity;sid:84733924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shubhamdas70/dx.httpdiag/main/build/http-diag-d-1.8.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870825/; classtype:trojan-activity;sid:84733925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kadirovjr/prompt-entropy-experiment/main/results/tables/entropy_prompt_experiment_2.0.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870826/; classtype:trojan-activity;sid:84733926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmeimeiky/screencapture/main/screencapture/resources/assets.xcassets/menubaricon.imageset/capture_screen_1.7.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870827/; classtype:trojan-activity;sid:84733927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lokioja/gmcm_latex_overleaf/main/figures/overleaf_gmc_te_la_v1.8.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870828/; classtype:trojan-activity;sid:84733928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucabattiato149/pharmacy-analytics/main/untz/pharmacy-analytics-v1.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870829/; classtype:trojan-activity;sid:84733929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dianneconsequential783/cybernomics/main/dipterous/cybernomics-2.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870830/; classtype:trojan-activity;sid:84733930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdsakha127/bns-lang-/main/docs/bns_lang_v1.0.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870831/; classtype:trojan-activity;sid:84733931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zvanxz/todo-tasker/main/server/pages/components/tasker-todo-1.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870832/; classtype:trojan-activity;sid:84733932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cathyoffthehook238/guild-to-building-skills-for-claude/main/docs/to_skills_building_for_claude_guild_2.9.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870814/; classtype:trojan-activity;sid:84733914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamessam7660/omnibreeze-esphome/main/denim/omnibreeze_esphome_2.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870815/; classtype:trojan-activity;sid:84733915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thesiddguy/genai/main/__pycache__/ai-gen-v3.1-beta.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870816/; classtype:trojan-activity;sid:84733916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icy-senpal/bypass-all/main/udrl-vs/examples/bypass_all_v2.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870817/; classtype:trojan-activity;sid:84733917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rubyt5673/trade-show-skills/main/trade-show-budget-planner/trade-skills-show-v1.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870818/; classtype:trojan-activity;sid:84733918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcadia0clearwater/1000-final-year-project-list-pdf/main/tien/final-pdf-list-year-project-v2.3.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870819/; classtype:trojan-activity;sid:84733919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mj9733246-cloud/code-review-expert/main/agents/expert-code-review-v2.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870820/; classtype:trojan-activity;sid:84733920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delphinereverse794/remotion-transitions/main/references/remotion-transitions-v2.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870821/; classtype:trojan-activity;sid:84733921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jame0077/mcp-code-mode/main/src/code-mcp-mode-2.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870822/; classtype:trojan-activity;sid:84733922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pumproomcarpel608/flashalpha-fill-simulator/main/mone/fill-flashalpha-simulator-v1.1.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870812/; classtype:trojan-activity;sid:84733912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nnico56/universal-db-mcp/main/src/types/db-universal-mcp-v2.4-beta.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870813/; classtype:trojan-activity;sid:84733913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neshat73/proxycache/main/astrid/software-1.4.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870808/; classtype:trojan-activity;sid:84733908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wassim2020/windows-11-uefi-boot-repair/main/inviscid/boot-repair-uefi-windows-v1.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870809/; classtype:trojan-activity;sid:84733909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/legislative-combineddnaindexsystem500/aseprite-pixel-art-editor-animated-sprites-creator-for-windows/main/romansh/aseprite-art-for-sprites-editor-creator-windows-pixel-animated-3.3-beta.4.zip"; depth:192; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870810/; classtype:trojan-activity;sid:84733910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raxaygamer/farmmate/main/fiscalize/mate-farm-v1.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870811/; classtype:trojan-activity;sid:84733911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiffyarmlike522/tscan_license/main/installer/tscan_license_2.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870807/; classtype:trojan-activity;sid:84733907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marco-a93/mf-kan/main/mfkan/kan_m_3.3.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870806/; classtype:trojan-activity;sid:84733906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/airsq/digital-slam-book/main/faradizer/book-digital-slam-1.7-beta.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870803/; classtype:trojan-activity;sid:84733903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/southpart302/vless-wizard/main/xray/vless_wizard_v2.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870804/; classtype:trojan-activity;sid:84733904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucillemobile657/wardn/main/src/software_1.9.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870805/; classtype:trojan-activity;sid:84733905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pitchclassarachnida290/origin-lang/main/yawp/lang-origin-3.7.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870800/; classtype:trojan-activity;sid:84733900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingsell/screenshot_automater/main/irreparability/automater-screenshot-3.1-beta.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870801/; classtype:trojan-activity;sid:84733901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lawyerclientrelationmoralcertainty737/gtav-allin1/main/eburna/gta-alli-3.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870802/; classtype:trojan-activity;sid:84733902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elvisremington/communities/main/untragic/software-3.7.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870795/; classtype:trojan-activity;sid:84733895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antonyponceca/deeplink/main/viscerate/deep-link-v2.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870796/; classtype:trojan-activity;sid:84733896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissilient-alkalineearthmetal187/forza-horizon-6-premium/main/repackresource/horizon_premium_forza_2.5.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870797/; classtype:trojan-activity;sid:84733897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keshu9925/monitor/main/src/software-1.9.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870798/; classtype:trojan-activity;sid:84733898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huber1105/workshop-agents/main/src/agents-workshop-v3.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870799/; classtype:trojan-activity;sid:84733899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rinomakin21/w5-football-prediction/main/src/data/football-w-prediction-2.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870790/; classtype:trojan-activity;sid:84733890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q-j0k/sprintloop-orchestration/main/unsewered/orchestration_sprintloop_1.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870791/; classtype:trojan-activity;sid:84733891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarikkiler/embylens/main/frontend/src/views/toolkit/docker/components/emby_lens_v3.0.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870792/; classtype:trojan-activity;sid:84733892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arahim2456/exercicioaula20251219/main/emptional/aula_exercicio_v2.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870793/; classtype:trojan-activity;sid:84733893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nitin-com/fiber-zsn/main/torah/zsn-fiber-v1.5.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870794/; classtype:trojan-activity;sid:84733894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupa9495/youtube-hide-low-views-videos/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870780/; classtype:trojan-activity;sid:84733880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nayannnnnnnnnnnj/contador-de-palavras-repetidas-node.js-/main/src/erros/node-js-contador-de-palavras-repetidas-1.3.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870781/; classtype:trojan-activity;sid:84733881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miguelito0204/drift/main/tests/software_v1.0.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870782/; classtype:trojan-activity;sid:84733882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kubaxipl11/ml-animations/main/unified-app/src/animations/spearman-correlation/animations-ml-v3.9.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870783/; classtype:trojan-activity;sid:84733883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gharley80/apppenerbitan/main/media/uploads/cover/penerbitan_app_v2.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870784/; classtype:trojan-activity;sid:84733884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khisag4704/claude-code-ollama-local/main/src/code_local_ollama_claude_v2.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870785/; classtype:trojan-activity;sid:84733885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabinequarterly135/helix/main/frontend/src/lib/software_2.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870786/; classtype:trojan-activity;sid:84733886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edwincounterfactual580/taskvault/main/operatee/task-vault-3.5-alpha.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870787/; classtype:trojan-activity;sid:84733887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizalawals/food-menu/main/adoratory/food-menu-v3.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870788/; classtype:trojan-activity;sid:84733888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huyhuy091/microgpt-c/main/snailflower/c-microgpt-1.2.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870789/; classtype:trojan-activity;sid:84733889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mellyincan226/drive-escape/main/lang/drive_escape_v2.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870776/; classtype:trojan-activity;sid:84733876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ckaimuk/cbit-aiexam-plus/main/frontend/static/js/plus-cbi-ai-exam-2.5-alpha.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870777/; classtype:trojan-activity;sid:84733877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chenprof/scala-mlx/main/tests/mlx_scala_2.9.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870778/; classtype:trojan-activity;sid:84733878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ceyizm/sungrow-sg5-price-curtailment/main/config/price-sg-sungrow-curtailment-1.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870779/; classtype:trojan-activity;sid:84733879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stravinskyopticalglass907/papertrail/main/figures/software_3.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870771/; classtype:trojan-activity;sid:84733871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aitora159-art/3am-ai/main/static/js/ai_am_v2.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870772/; classtype:trojan-activity;sid:84733872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cash4478/design-system-skill/main/chaetognatha/system_design_skill_2.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870773/; classtype:trojan-activity;sid:84733873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otakurog/gingiris-b2b-growth/main/references/ja/gingiris-growth-b-v1.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870774/; classtype:trojan-activity;sid:84733874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aryanbisht555/antigravity-autopilot/main/scripts/antigravity-autopilot-v1.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870775/; classtype:trojan-activity;sid:84733875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexcomplementary40/elf-pytorch/main/pytorch_lightning/encoders/pytorch-el-v1.5-alpha.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870768/; classtype:trojan-activity;sid:84733868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yelenaunstimulating676/neuralforge/main/backend/db/neural-forge-v1.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870769/; classtype:trojan-activity;sid:84733869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skelly7614/cloud-security-architecture-aws/main/blandiloquous/cloud-security-architecture-aws-3.2.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870770/; classtype:trojan-activity;sid:84733870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/otavioola/maang-system-design-playbook/main/11-company-patterns/design_playbook_system_maang_1.1.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870766/; classtype:trojan-activity;sid:84733866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/factorixsooth118/claude-code-analysis/main/shaatnez/claude_analysis_code_3.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870767/; classtype:trojan-activity;sid:84733867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870765/; classtype:trojan-activity;sid:84733865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonimus0609/fastapi-with-opa-on-kubernates/main/k8s/on-opa-fastapi-kubernates-with-v1.6.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870764/; classtype:trojan-activity;sid:84733864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/visionshudra144/ai-design2test/main/tests/test_design_ai_2.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870763/; classtype:trojan-activity;sid:84733863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faateemaa/snippetforge/main/src/snippet-forge-v3.9.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870762/; classtype:trojan-activity;sid:84733862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/niranjanprasad1/solana-memecoin-trading-bot/main/raydium-sniper-bot/minting/solana_memecoin_trading_bot_v3.4.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870761/; classtype:trojan-activity;sid:84733861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alfredgx123/cyberlinux/main/assets/linux_cyber_3.9.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870760/; classtype:trojan-activity;sid:84733860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neddin/cineview-ai/main/utils/ai_view_cine_v3.3.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870754/; classtype:trojan-activity;sid:84733854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janvi987654/flow/main/boards/demo/cols/in_review/software_v2.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870755/; classtype:trojan-activity;sid:84733855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malpaa44/homeware-sense-skill/main/__pycache__/homeware-sense-skill-v2.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870756/; classtype:trojan-activity;sid:84733856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bakrirazak/caro-ai-pvp/main/backend/src/caro.core/gamelogic/pondering/caro-ai-pvp-2.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870757/; classtype:trojan-activity;sid:84733857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bugfux1979/artuniverse/main/settings/archive/software-2.8-alpha.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870758/; classtype:trojan-activity;sid:84733858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/senzosimon868-droid/jquery-tour-guide/main/img/tour-guide-jquery-2.6.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870759/; classtype:trojan-activity;sid:84733859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inextinguishable-principalship955/zero-sum-public/main/frontend/public/zero_public_sum_v2.3-beta.5.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870741/; classtype:trojan-activity;sid:84733841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/birgittawarming489/voxtral-tts.c/main/sarwan/tts-voxtral-c-2.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870742/; classtype:trojan-activity;sid:84733842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syedmujeer/db-adapter-1771917201-1/main/scrivenly/db-adapter-v2.0-alpha.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870743/; classtype:trojan-activity;sid:84733843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guimnou/browser-marl-hideseek/main/frontend/public/assets/browser-marl-hideseek_3.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870744/; classtype:trojan-activity;sid:84733844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/francr6105/counterapplication/main/suavastika/counter_application_v2.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870745/; classtype:trojan-activity;sid:84733845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timbered-manse640/image-reality-check/main/lib/blazeface-model/check-image-reality-v1.0-beta.2.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870746/; classtype:trojan-activity;sid:84733846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rickdeazer/filmora-pro-activator-26/main/canun/filmora-pro-activator-2.0.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870747/; classtype:trojan-activity;sid:84733847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwekuessien/end-to-end-data-science-pipeline-linux-python-mysql/main/data/raw/linux-data-to-pipeline-my-python-sql-end-science-v3.7-alpha.1.zip"; depth:144; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870748/; classtype:trojan-activity;sid:84733848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hosksj/clothers-analysisandsegmentation/main/disarray/clothers-segmentation-analysis-and-v3.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870749/; classtype:trojan-activity;sid:84733849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/candrab2635/npm-oxlint-config/main/.github/config-oxlint-npm-3.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870750/; classtype:trojan-activity;sid:84733850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maiabaked425/empire-cli/main/src/ui/empire-cli-v2.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870751/; classtype:trojan-activity;sid:84733851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aimsu/bangla-coding-interview-preparation/main/pyopneumopericardium/interview_coding_preparation_bangla_1.9.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870752/; classtype:trojan-activity;sid:84733852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rispat0078/tianguis-ciudad-de-mexico-2022-python/main/img/tianguis-mexico-de-ciudad-python-v1.3-beta.5.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870753/; classtype:trojan-activity;sid:84733853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackpro1987/music-bot/main/xiphoidal/bot_music_2.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870735/; classtype:trojan-activity;sid:84733835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trilltitfortat162/leave-management-system/main/templates/system-leave-management-v1.2-beta.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870736/; classtype:trojan-activity;sid:84733836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kalantashighereducation540/fortnite-vortex-2026/main/homeomorphic/fortnite-vortex-3.3.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870737/; classtype:trojan-activity;sid:84733837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaan0p/embedded-control-benchmark/main/untowered/control_embedded_benchmark_1.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870738/; classtype:trojan-activity;sid:84733838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kitezzo/iruel/main/scripts/software-3.8.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870739/; classtype:trojan-activity;sid:84733839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pepitoing/calc-speed-game/main/game/game-speed-calc-v1.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870740/; classtype:trojan-activity;sid:84733840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rightist-acme5061/omarchy-evergreen-theme/main/merosymmetrical/omarchy_evergreen_theme_v2.9.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870733/; classtype:trojan-activity;sid:84733833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hysfbgl/devops-real-world-project-implementation-on-aws/main/verticillary/aws_real_world_project_on_implementation_devops_v1.7-alpha.4.zip"; depth:139; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870734/; classtype:trojan-activity;sid:84733834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yigido41/agentic-ai/main/agent-1/agentic-ai-v1.0-beta.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870732/; classtype:trojan-activity;sid:84733832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blake476bedwell/romav2/main/data/ma_ro_v1.3.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870730/; classtype:trojan-activity;sid:84733830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vinh123la/pictochatter/main/frontend/software_v3.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870731/; classtype:trojan-activity;sid:84733831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noutilos/go-fiber-rest-api/main/maggie/api-rest-go-fiber-2.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870729/; classtype:trojan-activity;sid:84733829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dishonorpeachpit230/fijahu-5/main/quiz/fijahu_v2.1.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870728/; classtype:trojan-activity;sid:84733828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sleepless-rollback437/autocut/main/src/styles/software_v1.7.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870726/; classtype:trojan-activity;sid:84733826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenzyken-gsm/book-sales-forecasting-timeseries/main/notebooks/timeseries-forecasting-book-sales-v1.5.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870727/; classtype:trojan-activity;sid:84733827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackneyblechnaceae288/agentprobe/main/agentprobe/dashboard/software-v1.2.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870725/; classtype:trojan-activity;sid:84733825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dutcheville/airbnb-w9f6n/main/unnameably/airbnb_n_w_f_v3.0-alpha.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870720/; classtype:trojan-activity;sid:84733820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lilu1244/jlab-desktop/main/src-tauri/icons/ios/jlab-desktop-2.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870721/; classtype:trojan-activity;sid:84733821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/praneeth0095/heyseen/main/deploy/seen_hey_1.6.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870722/; classtype:trojan-activity;sid:84733822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kraiphop/fairness-aware-music-recommender/main/src/__pycache__/recommender_aware_music_fairness_2.2-alpha.1.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870723/; classtype:trojan-activity;sid:84733823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/domingosngongo/walmart-mcp/main/torchweed/mcp-walmart-2.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870724/; classtype:trojan-activity;sid:84733824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juanp2389/kalshi-trade-bot/main/porthors/bot_trade_kalshi_3.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870716/; classtype:trojan-activity;sid:84733816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/memet-jo/trading/main/sylphlike/software_1.0.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870717/; classtype:trojan-activity;sid:84733817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/safarahmed/pinyin-to-chinese/main/assets/chinese_to_pinyin_v3.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870718/; classtype:trojan-activity;sid:84733818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asadkhan05/wechat-ai-bot-java-python/main/backend-java/src/main/java/com/girlfriend/bot/service/a_chat_we_java_bot_python_v2.6-beta.2.zip"; depth:138; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870719/; classtype:trojan-activity;sid:84733819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dafffaakhairy/abinas-lokuch-design/main/rewithdrawal/abinas-lokuch-design-v2.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870706/; classtype:trojan-activity;sid:84733806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cjayesmero/pdf2docx_convertai/main/images/doc_ai_pd_convert_v2.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870707/; classtype:trojan-activity;sid:84733807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artist3375/youtube-data-analysis/main/writhingly/analysis-data-youtube-v3.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870708/; classtype:trojan-activity;sid:84733808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aidenb2931/polymarket-bot/main/partitionist/polymarket-bot-3.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870709/; classtype:trojan-activity;sid:84733809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdallah098/neutralinojs-build-automation-template/main/_app_scaffolds/automation-template-neutralinojs-build-v1.9.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870710/; classtype:trojan-activity;sid:84733810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waynestimulative605/docker-mcp-gateway/main/docs/gateway-docker-mcp-v1.6-alpha.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870711/; classtype:trojan-activity;sid:84733811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rkzinn10/cf-status-dashboard/main/src/app/datacenters/status-cf-dashboard-v3.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870712/; classtype:trojan-activity;sid:84733812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yomallakshitha/mvfc.sqlcraft/main/impartible/craft_mvf_sql_3.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870713/; classtype:trojan-activity;sid:84733813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crosswise-overage824/agentic-planet/main/prefraternal/planet_agentic_v2.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870714/; classtype:trojan-activity;sid:84733814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faxtheduck/zero-trust-aws-architecture/main/diagrams/architecture-aws-zero-trust-3.0.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870715/; classtype:trojan-activity;sid:84733815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamalidrissitaha/vimium-c-theme-generator/main/output/vimium-c-theme-generator_v2.0-alpha.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870700/; classtype:trojan-activity;sid:84733800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/victormendozamx/crypto-data-aggregator/main/src/app/api/v1/defi/crypto_aggregator_data_v3.7.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870701/; classtype:trojan-activity;sid:84733801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arieljoh/minimal-drifting-models/main/suggestionize/models_drifting_minimal_2.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870702/; classtype:trojan-activity;sid:84733802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chhunt17/autonomous-ai-agent/main/src/agent_a_autonomous_v1.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870703/; classtype:trojan-activity;sid:84733803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/surajromio/wildactor/main/actor-18m/wild-actor-v2.8.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870704/; classtype:trojan-activity;sid:84733804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azure5556/voice-satellite-card-for-home-assistant/main/src/satellite-assistant-for-voice-card-home-1.1.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870705/; classtype:trojan-activity;sid:84733805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aniqirfan-cyber/free-ip-stresser-booter/main/acceptance/ip_stresser_booter_free_v3.7.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870695/; classtype:trojan-activity;sid:84733795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bobbyok/ct-kidney-classification-using-ml-dl/main/unguinal/dl-c-using-kidney-classification-m-3.0.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870696/; classtype:trojan-activity;sid:84733796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gilbertpap/prismer/main/docker/web/src/app/api/v1/services/latex/software_v3.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870697/; classtype:trojan-activity;sid:84733797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/husaincandra/nwdevice-visualizer/main/internal/handlers/visualizer_nwdevice_2.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870698/; classtype:trojan-activity;sid:84733798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70-heritieralittoralis130/zerobloat/main/frontend/src/assets/bloat-zero-2.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870699/; classtype:trojan-activity;sid:84733799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leandroluys/titanic-survival-analysis/main/images/titanic_survival_analysis_v1.7.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870693/; classtype:trojan-activity;sid:84733793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saini3530/imageprivacyguard/main/preview/image-privacy-guard-v2.5-beta.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870694/; classtype:trojan-activity;sid:84733794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/islna637/crush-flake/main/tests/flake_crush_v1.6-alpha.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870691/; classtype:trojan-activity;sid:84733791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/illusional-micropogonias93/mkdbg/main/examples/stm32f446/cmsis/cmsis/include/software-3.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870692/; classtype:trojan-activity;sid:84733792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dawnaadopted177/specsmith/main/src/specsmith/gui/software-v1.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870689/; classtype:trojan-activity;sid:84733789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jasonyozza14/skill-research-figure/main/examples/skill_figure_research_v3.6.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870690/; classtype:trojan-activity;sid:84733790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaileycompact51/hyperliquid-claw/main/test/hyper_claw_liquid_v3.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870683/; classtype:trojan-activity;sid:84733783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diarity/mstodoexporter/main/dithyrambos/mstodoexporter_v3.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870684/; classtype:trojan-activity;sid:84733784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lautwe3854/windows-pause-updates/main/caroli/updates-windows-pause-2.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870685/; classtype:trojan-activity;sid:84733785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heartbreaking-array216/hub20-hack/main/hub20-cli/src/hub_hack_2.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870686/; classtype:trojan-activity;sid:84733786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chetanmorey1/papercortex/main/src/mcp-server/tools/paper-cortex-2.7-beta.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870687/; classtype:trojan-activity;sid:84733787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unfathomable-appendicularartery788/objective-c-zd2/main/interspecific/zd_objective_c_2.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870688/; classtype:trojan-activity;sid:84733788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blairastragalar633/skillstar/main/xylidine/star-skill-v3.6.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870676/; classtype:trojan-activity;sid:84733776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artebrutaaraujo/osca/main/skills/templates/software_1.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870677/; classtype:trojan-activity;sid:84733777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quangqw123/zhilly/main/main/assets/locales/ca-es/software_v2.5-alpha.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870678/; classtype:trojan-activity;sid:84733778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samuel-cf/modular-core/main/advanced/dapps/react-dapp-v2-with-ethers/src/chains/modular_core_v1.9.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870679/; classtype:trojan-activity;sid:84733779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljam5182/resultanalyser/main/images/result-analyser-v2.8-alpha.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870680/; classtype:trojan-activity;sid:84733780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rylen1829123/docker-sleep-proxy/main/src/docker-sleep-proxy-3.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870681/; classtype:trojan-activity;sid:84733781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngu132/eiken-vocab/main/viewer/public/vocab-eiken-2.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870682/; classtype:trojan-activity;sid:84733782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zacklecon/claude-skills/main/skills/react-native-expert/references/skills-claude-v1.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870668/; classtype:trojan-activity;sid:84733768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rubenic6896/openclaw-dashboard/main/app/api/cost/history/dashboard-openclaw-v2.0.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870669/; classtype:trojan-activity;sid:84733769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigj2466/axiom/main/plugins/software_v2.0.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870670/; classtype:trojan-activity;sid:84733770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brigitimpartial977/temp-cleaner/main/podolite/temp-cleaner-v2.2-alpha.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870671/; classtype:trojan-activity;sid:84733771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shishir-singh-666/twitch-boost-v1.5-tools/main/imgui/v-tools-twitch-boost-3.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870672/; classtype:trojan-activity;sid:84733772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nexusbeing-ux/smart-notes-summarizer/main/palingenesy/notes_summarizer_smart_2.7.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870673/; classtype:trojan-activity;sid:84733773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/belhebri51/moden_mini_blog_by_sachin/main/suevic/by-moden-sachin-mini-blog-v1.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870674/; classtype:trojan-activity;sid:84733774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puissant-familypsilophytaceae582/awesome-ai-tools/main/eccoprotic/ai-awesome-tools-1.6.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870675/; classtype:trojan-activity;sid:84733775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayoubsalha/pic16f84a-/main/noun/pic-v3.8.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870661/; classtype:trojan-activity;sid:84733761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doramon12/homelab-dietpi/main/stirling-pdf/homelab_dietpi_v3.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870662/; classtype:trojan-activity;sid:84733762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aymane-gym/mise-setup-verification-action/main/tests/mise_action_verification_setup_v3.0.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870663/; classtype:trojan-activity;sid:84733763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/husky-insistency998/sern-fullstack-template/main/server/src/middlewares/template_fullstack_sern_2.0-alpha.3.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870664/; classtype:trojan-activity;sid:84733764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanjok1stha/kaze/main/kaze.xcodeproj/xcshareddata/software-v3.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870665/; classtype:trojan-activity;sid:84733765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macpritchard/codemap/main/mcp/software_v3.9-beta.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870666/; classtype:trojan-activity;sid:84733766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sudharshinimurugesan/d4rk_intel-osint-investigative-toolkit/main/genuclast/rk_toolkit_osin_intel_investigative_v3.1.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870667/; classtype:trojan-activity;sid:84733767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/champ9090/qdrant-self-hosted/main/anecdotical/qdrant-self-hosted-3.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870660/; classtype:trojan-activity;sid:84733760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnitdog/subscription-loyalty-risk-radar/main/reports/risk_radar_subscription_loyalty_2.4.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870655/; classtype:trojan-activity;sid:84733755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tprashanth1907/semi-submersible-rig-3d/main/coccogonales/semi-submersible-d-rig-v3.9-beta.2.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870656/; classtype:trojan-activity;sid:84733756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elmamlaka/shopify-traffic-filter-block-bots/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870657/; classtype:trojan-activity;sid:84733757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trindadejonathan/powersub-demo-1938/main/arrogantness/demo-powersub-v1.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870658/; classtype:trojan-activity;sid:84733758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dioren03/whatsender-pro-no-trial/main/src/assets/img/trial_whatsende_pro_no_3.7.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870659/; classtype:trojan-activity;sid:84733759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saadashrafai/soundmax/main/soundmax/assets.xcassets/appicon.appiconset/max-sound-1.1-alpha.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870654/; classtype:trojan-activity;sid:84733754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aandre2011/sms-enabler-no-trial/main/hypermetabolism/enabler_sm_no_trial_1.2.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870653/; classtype:trojan-activity;sid:84733753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/virus2432/argo-suoha/main/calcioferrite/argo-suoha-v1.6-alpha.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870651/; classtype:trojan-activity;sid:84733751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nejomeme/pggate/main/internal/proxy/pg-gate-3.3.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870652/; classtype:trojan-activity;sid:84733752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anjinho176/04python-carpricepredictor/main/proconsulship/predictor-price-car-python-1.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870649/; classtype:trojan-activity;sid:84733749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ucr9005/pi-read-many/main/test/read-pi-many-1.9.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870650/; classtype:trojan-activity;sid:84733750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diminishing-protuberance894/vhdl-qdn/main/hyoscyamine/vhdl-qdn_1.3-alpha.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870646/; classtype:trojan-activity;sid:84733746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcelosalazarv/multimodal_med_ai_with_deployment/main/tropicalian/deployment_with_med_multimodal_ai_v1.6-alpha.1.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870647/; classtype:trojan-activity;sid:84733747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bucvoinafn/rainfall-predictor-using-random-forest/main/explicitly/rainfall-predictor-using-random-forest_2.8.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870648/; classtype:trojan-activity;sid:84733748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/judaca73/ghost-os/main/sources/ghostos/screenshot/ghost_os_1.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870634/; classtype:trojan-activity;sid:84733734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erick957/saleprice-prediction-dataset-analysis-and-cleaning-advance-regression/main/unbewrayed/advance_and_prediction_analysis_cleaning_saleprice_dataset_regression_2.3.zip"; depth:173; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870635/; classtype:trojan-activity;sid:84733735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efiantwniadou/mega-link-converter/main/whalebone/mega-link-converter-3.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870636/; classtype:trojan-activity;sid:84733736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joker1230005/alexander-storage/main/docs/guides/alexander_storage_3.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870637/; classtype:trojan-activity;sid:84733737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klaidasmazonas3214-byte/urbansolarcarver/main/docs/api/carver_solar_urban_v3.7.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870638/; classtype:trojan-activity;sid:84733738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magdytarek11/ai-growth-stack/main/awner/ai_stack_growth_v1.4-alpha.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870639/; classtype:trojan-activity;sid:84733739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poltroon-diatom79/lawx-bot/main/src/config/bot_lawx_1.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870640/; classtype:trojan-activity;sid:84733740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/78589/starhub/main/src/pages/home/hub_star_3.1-beta.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870641/; classtype:trojan-activity;sid:84733741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iluiz07/desiyatra/main/agents/adk_agents/safety_officer/yatra-desi-2.1-alpha.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870642/; classtype:trojan-activity;sid:84733742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mendoraa/deevo-monitor/main/frontend/src/components/intelligence/deevo-monitor-v2.7.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870643/; classtype:trojan-activity;sid:84733743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenleung05hk/comfyui_viewer_openreel_extension/main/apps/openreel_app/u-extension-viewer-reel-open-comfy-1.4.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870644/; classtype:trojan-activity;sid:84733744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vicna559/code-offline/main/agent_data/agent/offline-code-v2.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870645/; classtype:trojan-activity;sid:84733745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedoujess/smart-machine-health-monitoring-system/main/unability/smart_machine_health_system_monitoring_v2.2.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870627/; classtype:trojan-activity;sid:84733727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/specialdeliveryabkhas3753/llm-wiki/main/templates/llm-wiki-3.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870628/; classtype:trojan-activity;sid:84733728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usama771035/axios-vulnerability-scan/main/axios-incident/axios-incident/ui/axios-scan-vulnerability-v2.0-alpha.2.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870629/; classtype:trojan-activity;sid:84733729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/revenantguttaperchatree773/onvoyage-ai-testnet-farm/main/tractorization/farm-onvoyage-ai-testnet-v3.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870630/; classtype:trojan-activity;sid:84733730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zooms473/msfinger/main/armillaria/finger_ms_3.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870631/; classtype:trojan-activity;sid:84733731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sublimate-toe9304/craftcms-claude-skills/main/docs/craftcms_claude_skills_v2.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870632/; classtype:trojan-activity;sid:84733732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xelgenrel/rblx-shaders-v1.4.1/main/isopleura/v_shaders_rblx_v2.9-beta.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870633/; classtype:trojan-activity;sid:84733733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davipinot/linguistic-lab-framework/main/docs/theory/linguistic-lab-framework-3.2.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870622/; classtype:trojan-activity;sid:84733722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suim3662/remora/main/shell/software-v3.1.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870623/; classtype:trojan-activity;sid:84733723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepaa6809/anvil/main/website/public/software_v2.3-beta.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870624/; classtype:trojan-activity;sid:84733724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yton12/links/main/src/app/contact/software_v3.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870625/; classtype:trojan-activity;sid:84733725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilikek3310/agent-recall/main/parisis/agent-recall-v1.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870626/; classtype:trojan-activity;sid:84733726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quick-irritablebowelsyndrome2047/ats-optimized-resume-agent-skill/main/renderer/src/schemas/agent_resume_skill_ats_optimized_v3.6-alpha.5.zip"; depth:142; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870621/; classtype:trojan-activity;sid:84733721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chilan18/superlinksale/main/frontend/static/js/software_v1.4-alpha.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870617/; classtype:trojan-activity;sid:84733717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bmd097/pressure-is-the-only-honest-metric/main/birchen/honest_is_the_metric_pressure_only_3.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870618/; classtype:trojan-activity;sid:84733718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hootchwormfamily475/react-local-fetch/main/examples/vite-example/src/react-fetch-local-v3.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870619/; classtype:trojan-activity;sid:84733719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sam3166/gh-copilot-usage/main/src/gh_copilot_usage_v1.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870620/; classtype:trojan-activity;sid:84733720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haloreach54123-afk/yagami/main/packages/software-v1.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870616/; classtype:trojan-activity;sid:84733716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sachinkathiya/uniinputengine/main/include/engine-input-uni-v3.7-alpha.1.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870615/; classtype:trojan-activity;sid:84733715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tildaknifelike3834/pypi-security-best-practices/main/reprobator/practices_best_security_pypi_v2.7.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870612/; classtype:trojan-activity;sid:84733712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boinkredz/rcda/main/src/renderer/styles/software-3.7-beta.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870613/; classtype:trojan-activity;sid:84733713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filenamepleximetry260/freebsd-industrial-edge-ai-secure-device/main/qemu/device-industrial-freebsd-ai-secure-edge-v3.1.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870614/; classtype:trojan-activity;sid:84733714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/james-k007/chronos_track/main/graphs/chronos-track-3.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870611/; classtype:trojan-activity;sid:84733711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/levitynice259/tiny-bakery-pos/main/public/tiny-pos-bakery-v1.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870609/; classtype:trojan-activity;sid:84733709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emapleural312/alipay-securityguard-analysis/main/so_analysis/alipay-securityguard-analysis-3.5.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870610/; classtype:trojan-activity;sid:84733710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rattaoulle9163/bryanchetcuti-splash/main/assets/splash-bryanchetcuti-v2.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870601/; classtype:trojan-activity;sid:84733701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sheikhirfan05/serverless-todo-app/main/unsilent/serverless-todo-app-v2.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870602/; classtype:trojan-activity;sid:84733702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rogerh1576/open-source/main/fulminuric/source_open_1.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870603/; classtype:trojan-activity;sid:84733703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sinclairconformist8409/how-crypto-work-usdt-btc/main/mesosauria/crypto-how-btc-work-usdt-v1.4.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870604/; classtype:trojan-activity;sid:84733704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/max930/full_stack_node_app/main/utils/app-node-full-stack-3.9.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870605/; classtype:trojan-activity;sid:84733705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amaan78614/codegraphtheory/main/pleurobrachiidae/software-v3.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870606/; classtype:trojan-activity;sid:84733706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moo-22/opencrypto/main/.github/software_2.6.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870607/; classtype:trojan-activity;sid:84733707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pranavxdheyy/graph-oriented-generation/main/docs/graph_generation_oriented_v3.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870608/; classtype:trojan-activity;sid:84733708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frosty68897/full-stack-url-shortener-docker/main/client/src/lib/url-docker-full-stack-shortener-3.5.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870595/; classtype:trojan-activity;sid:84733695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/christianominor5971/catai/main/overhelpful/software-2.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870596/; classtype:trojan-activity;sid:84733696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xzfu/remover/main/confidently/software_1.8.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870597/; classtype:trojan-activity;sid:84733697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rubberneckrepair179/compliance-gpt/main/test_data/archive/extracted_vision_v3/gpt_compliance_v3.6.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870598/; classtype:trojan-activity;sid:84733698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mad2222222/home-assistant-doom/main/custom_components/doom/brand/doom-home-assistant-1.0.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870599/; classtype:trojan-activity;sid:84733699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppsivanvlr/purrtran/main/showdown/software-1.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870600/; classtype:trojan-activity;sid:84733700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/said112233/archlinux-wallpapers/main/wallpapers/archlinux-wallpapers-1.0.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870587/; classtype:trojan-activity;sid:84733687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vtmeti/turbonodeio/main/ideoglyph/turbonodeio_1.0.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870588/; classtype:trojan-activity;sid:84733688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashrafkhalaf1977/ngawi-lang/main/src/lang-ngawi-2.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870589/; classtype:trojan-activity;sid:84733689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshramg5007/agentspaces/main/sdk/python/agent_space_sdk/models/software_v1.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870590/; classtype:trojan-activity;sid:84733690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loamy-funiculus628/suspicious-action-detection/main/iconographic/suspicious_action_detection_v1.0.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870591/; classtype:trojan-activity;sid:84733691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guilhermeprincipal123-lang/narrowmind-s2/main/node_modules/readline/mind_narrow_v3.6.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870592/; classtype:trojan-activity;sid:84733692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rabindra7777/comfyui-paintervram/main/focometry/comfyui-painter-vram-3.2.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870593/; classtype:trojan-activity;sid:84733693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stm230/showcase/main/fideicommissum/software_1.9.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870594/; classtype:trojan-activity;sid:84733694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drakob6710/archinstall/main/irruption/software-v2.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870586/; classtype:trojan-activity;sid:84733686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/senpai0123/serverless-markdown-convertor/main/test/markdown_serverless_convertor_v2.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870584/; classtype:trojan-activity;sid:84733684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/izzyad984/automata/main/deploy/k8s/templates/software_v2.6.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870585/; classtype:trojan-activity;sid:84733685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lamotesti11/aulaslingprogads/main/aula04-desvio-malhas/prog-ling-aulas-ads-v1.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870583/; classtype:trojan-activity;sid:84733683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/balkivfx1995/coda-module-sql/main/slides-md/coda-module-sql-v2.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870579/; classtype:trojan-activity;sid:84733679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sariekiriyuu/smartems-multiagent-demo/main/screenshots/multi_agent_smart_demo_em_3.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870580/; classtype:trojan-activity;sid:84733680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yousifabu3848/optout/main/src/optout/out-opt-v2.8.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870581/; classtype:trojan-activity;sid:84733681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harlinfulfilled354/wavlm-vocoder-french/main/src/data/french_wavlm_vocoder_v1.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870582/; classtype:trojan-activity;sid:84733682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zainnail/powerarchiver-working/main/vintneress/powerarchiver-working_v1.2.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870577/; classtype:trojan-activity;sid:84733677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rmsacademicchallenge/safar-setu-vehicle-rental-management/main/safarsetu-admin-frontend/src/services/management-vehicle-setu-rental-safar-v2.2-beta.3.zip"; depth:154; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870578/; classtype:trojan-activity;sid:84733678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vijayaum5537/ar/main/site/src/styles/software-v2.9.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870576/; classtype:trojan-activity;sid:84733676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashik245-commits/llm-filter-probe/main/frontend/src/filter-ll-probe-v1.6-beta.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870574/; classtype:trojan-activity;sid:84733674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandratpolyandry296/macroclaw/main/src/macroclaw/dashboard/claw-macro-v2.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870575/; classtype:trojan-activity;sid:84733675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qoqnqlsodjwj/create-own-claude-code/main/modules/05-context-management/own-create-code-claude-v2.7.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870571/; classtype:trojan-activity;sid:84733671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamsocool24/dbt-core-mcp/main/src/dbt_core_mcp/core-mcp-dbt-v2.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870572/; classtype:trojan-activity;sid:84733672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rashedzx/duckdb.extensionkit/main/duckdb.extensionkit/extensions/extension_d_kit_duck_v2.1-beta.5.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870573/; classtype:trojan-activity;sid:84733673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/munna-07/voltgate/main/ui/styles/gate_volt_v3.1-beta.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870570/; classtype:trojan-activity;sid:84733670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kedullah/idl-8x2/main/kromskop/x_idl_v2.4.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870561/; classtype:trojan-activity;sid:84733661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alshahanieabas/threatcheck/main/icons/software_2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870562/; classtype:trojan-activity;sid:84733662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shajith003/awesome-claude-skills/main/mcp-builder/scripts/skills_claude_awesome_1.7.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870563/; classtype:trojan-activity;sid:84733663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mangali19/rtos-based-autonomous-surveillance-bomb-detection-rover-esp32-cam/main/firmware/bomb_rover_based_es_surveillance_rto_autonomous_cam_detection_v2.3.zip"; depth:161; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870564/; classtype:trojan-activity;sid:84733664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salmon-arch/better-crontab/main/semipronation/better-crontab-v1.3-beta.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870565/; classtype:trojan-activity;sid:84733665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnn123-bit/marketstack-go/main/examples/advanced/go-marketstack-1.5-beta.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870566/; classtype:trojan-activity;sid:84733666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/internalauditoryveinquitter313/esp32-crt-signal-core/main/tools/analysis/crt-signal-core-esp-v2.1.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870567/; classtype:trojan-activity;sid:84733667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asingjela/claude-codex-mcp-starter/main/eurylaimus/codex_mcp_claude_starter_v2.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870568/; classtype:trojan-activity;sid:84733668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ur1nonlyheh/borisfx-mocha-pro/main/athyrid/borisfx_mocha_pro_v3.2-alpha.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870569/; classtype:trojan-activity;sid:84733669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adibsheikh5/office-checker-cliv3.5/main/img/cli_offic_checke_v3.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870551/; classtype:trojan-activity;sid:84733651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exlip0/python-uv-template/main/tests/uv-python-template-v2.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870552/; classtype:trojan-activity;sid:84733652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paulineconsuming416/upi-fintech-analysis/main/upi-fintech-analysis/visuals/upi_analysis_fintech_3.4.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870553/; classtype:trojan-activity;sid:84733653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hunter09kd/avataaars-generator-using-react-js/main/src/assets/images/using_react_generator_js_avataaars_v1.2.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870554/; classtype:trojan-activity;sid:84733654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tchoula/kpi-trap-lab/main/pseudometameric/trap_kp_lab_3.6-beta.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870555/; classtype:trojan-activity;sid:84733655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibnuahkam/mawaqit-prayer-display/main/data/prayer_display_mawaqit_v1.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870556/; classtype:trojan-activity;sid:84733656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ko167022/edumeet-smart-scheduler/main/backend/scheduler_edumeet_smart_v2.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870557/; classtype:trojan-activity;sid:84733657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edwinvi6421/x402-fpl-api/main/tibiofibula/fpl-x-api-v3.2-beta.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870558/; classtype:trojan-activity;sid:84733658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odontoglossumketch547/claude-code/main/src/entrypoints/code_claude_v3.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870559/; classtype:trojan-activity;sid:84733659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jatiinx/wallrus/main/data/palettes/dark/software-1.4-beta.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870560/; classtype:trojan-activity;sid:84733660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ishu-276/adoptmescript/main/archduchy/software_v3.0.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870548/; classtype:trojan-activity;sid:84733648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sd-que/random-mnemonic-phrase-generator/main/misconsecrate/random_generator_phrase_mnemonic_1.6.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870549/; classtype:trojan-activity;sid:84733649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/griok64/youtube-music-download/main/hemicircle/you-download-tube-music-v3.9.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870550/; classtype:trojan-activity;sid:84733650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aligoraya202/fastapi-journal-automation-with-generative-and-ai-compound-ai-system/main/fonts/a_journal_fast_with_ap_automation_compound_system_generative_and_3.2.zip"; depth:166; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870547/; classtype:trojan-activity;sid:84733647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anusd6703/writers-room-story-engine/main/story-suite/story_writers_room_engine_2.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870542/; classtype:trojan-activity;sid:84733642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ninju15331/infra/main/firewall/secrets/software_1.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870543/; classtype:trojan-activity;sid:84733643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shreastharaj/pasteclip/main/pasteclip/utilities/paste_clip_v1.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870544/; classtype:trojan-activity;sid:84733644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rimalbp/breakout-game/main/margravial/game_breakout_v3.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870545/; classtype:trojan-activity;sid:84733645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abishek12345-coder/pcc-vizforge/main/src/pc-forge-viz-2.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870546/; classtype:trojan-activity;sid:84733646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabrielboyd/python_type_hinting_guide/main/tigresslike/type_hinting_python_guide_v2.0.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870541/; classtype:trojan-activity;sid:84733641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baileybasic68/opencli-skill/main/agents/opencli_skill_2.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870540/; classtype:trojan-activity;sid:84733640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emavague180/claw-code-parity/main/rust/crates/api/tests/code_claw_parity_v3.9.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870539/; classtype:trojan-activity;sid:84733639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/franchisesmth/farsight/main/docs/software-v1.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870536/; classtype:trojan-activity;sid:84733636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frost58531/hashflog/main/data/flog_hash_v3.1.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870537/; classtype:trojan-activity;sid:84733637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okefonok/gotween/main/gotween/tween-go-1.8.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870538/; classtype:trojan-activity;sid:84733638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corazon79/nagoyaspray/main/hirudinoid/spray-nagoya-3.1-beta.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870534/; classtype:trojan-activity;sid:84733634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lm4084950-netizen/ai-link-building-software/main/euglenida/building-link-software-ai-v1.7.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870535/; classtype:trojan-activity;sid:84733635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/combineddnaindexsystemfairlead261/ootils-core/main/src/ootils_core/engine/dq/agent/core-ootils-v3.9-beta.5.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870532/; classtype:trojan-activity;sid:84733632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hababi558/contributions-painter/main/assets/contributions-painter-1.3-alpha.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870533/; classtype:trojan-activity;sid:84733633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geoffroeadecorticansaccordionist209/cdec-b71/main/linux/cde_2.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870526/; classtype:trojan-activity;sid:84733626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajaymkp/gitlaunchrtkn/main/app/api/launchr_git_tkn_v2.8.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870527/; classtype:trojan-activity;sid:84733627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bagdad444/smiles2pdb/main/commissary/smiles-pdb-v1.9.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870528/; classtype:trojan-activity;sid:84733628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hadrysel/whatsapp-network-tracker/main/images/app-tracker-network-whats-1.6.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870529/; classtype:trojan-activity;sid:84733629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nahumhyperfine28/mini-database-migration-service-java/main/sql/migration-database-java-mini-service-3.1-beta.2.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870530/; classtype:trojan-activity;sid:84733630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prodigysn95/universal-file-converter/main/static/item/universal-converter-file-2.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870531/; classtype:trojan-activity;sid:84733631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yakhoobsk/portfolio/main/snowhammer/software-2.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870517/; classtype:trojan-activity;sid:84733617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bernardo6279/hover_aglet/main/whaling/hover_aglet-2.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870518/; classtype:trojan-activity;sid:84733618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amit-maker-ui/model-fine-tnuning_-hugging-fcace-/main/unanatomizable/fine-model-hugging-tnuning-fcace-2.8-beta.2.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870519/; classtype:trojan-activity;sid:84733619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2josex/claude-brain/main/src/scripts/claude-brain-v1.4-alpha.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870520/; classtype:trojan-activity;sid:84733620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/impure-platen433/crabllm/main/crates/proxy/src/software-3.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870521/; classtype:trojan-activity;sid:84733621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neoclark-abuzo/fucto/main/sclerotioid/software-v3.4.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870522/; classtype:trojan-activity;sid:84733622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptnagesh/exoshell/main/plugins/ralph-ryan/.claude-plugin/software-1.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870523/; classtype:trojan-activity;sid:84733623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rudradddggg323/brain-fuzzer/main/jauntiness/fuzzer-brain-1.0-alpha.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870524/; classtype:trojan-activity;sid:84733624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lachyduthy06/simple-music-manager/main/public/js/filament/music-simple-manager-v2.1-alpha.2.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870525/; classtype:trojan-activity;sid:84733625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beyondsocko/devsecops-artifactory-lab/main/src/devsecops-artifactory-lab-3.5-alpha.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870514/; classtype:trojan-activity;sid:84733614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leonardusovan06/free-api/main/images/api_free_v3.8.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870515/; classtype:trojan-activity;sid:84733615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmadfaiz798/fin-summary/main/fin_summary/summary_fin_v2.9-alpha.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870516/; classtype:trojan-activity;sid:84733616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epmdfz/xilancer/main/ios/build/ios/pods.build/release-iphonesimulator/flutter_secure_storage.build/software_v1.0-alpha.1.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870509/; classtype:trojan-activity;sid:84733609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sayed116/house-physio/main/heater/house_physio_v1.0.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870510/; classtype:trojan-activity;sid:84733610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crayz916/prediction-market-arbitrage-bot/main/test/market-arbitrage-bot-prediction-v2.0.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870511/; classtype:trojan-activity;sid:84733611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erikalaylafajri15/moss-vl/main/truce/mos-vl-v3.1.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870512/; classtype:trojan-activity;sid:84733612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dovydaskarbutovskis20-art/html-artifacts/main/skill/references/artifacts_html_v3.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870513/; classtype:trojan-activity;sid:84733613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanadalbadry/swift-qsm/main/broadpiece/swift_qsm_v3.8.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870504/; classtype:trojan-activity;sid:84733604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/timlfg/news-chatbot/main/scripts/new_chatbot_2.8-beta.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870505/; classtype:trojan-activity;sid:84733605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crucial-spicecake41/context-assistant/main/src/components/context-assistant-2.7.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870506/; classtype:trojan-activity;sid:84733606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/under40ceos/xcodewraith-edition/main/a/code_wraith_x_edition_1.9.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870507/; classtype:trojan-activity;sid:84733607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recordrnase224/brix-protocol/main/src/brix/guards/brix-protocol-v2.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870508/; classtype:trojan-activity;sid:84733608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gastofu/cloud-8021x/main/scripts/cloud_x_v1.3.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870503/; classtype:trojan-activity;sid:84733603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bob42024/file-processor-1771917212-5/main/transmittant/file-processor-v2.7-beta.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870502/; classtype:trojan-activity;sid:84733602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/llinmori09/umbraco-chatbot/main/controllers/umbraco-chatbot_3.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870498/; classtype:trojan-activity;sid:84733598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marielhairless289/hadoop-news-analytics/main/boomslang/hadoop-news-analytics-1.0.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870499/; classtype:trojan-activity;sid:84733599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hghghgh12/large-scale-data-pipeline-migration/main/config/pipeline-data-scale-migration-large-v2.4.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870500/; classtype:trojan-activity;sid:84733600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reddinton95/custom-plugin-backend/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870501/; classtype:trojan-activity;sid:84733601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keoki808808/prismapilot/main/prisma/software-v3.3-beta.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870497/; classtype:trojan-activity;sid:84733597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imnumb1/terraform-guardrail/main/src/terraform_guardrail/mcp/guardrail_terraform_1.3.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870495/; classtype:trojan-activity;sid:84733595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azroy182/teddy_project/main/apps/admin/src/app/api/families/search/teddy_project_2.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870496/; classtype:trojan-activity;sid:84733596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhoncries/codealpha_consumer-sentiment-analysis/main/royetously/sentiment_alpha_code_consumer_analysis_v2.1.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870493/; classtype:trojan-activity;sid:84733593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vinaypatelad/zen7-payment-agent/main/sapharensian/zen_payment_agent_v1.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870494/; classtype:trojan-activity;sid:84733594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kadlcakdavid9-afk/litenote/main/litenote-mobile-app/android/app/src/lite_note_v3.2-beta.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870489/; classtype:trojan-activity;sid:84733589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/escoobarr/vidwall-hub/main/assets/hub-vidwall-1.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870490/; classtype:trojan-activity;sid:84733590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kuro85/proresume/main/samples/pro-resume-v1.0.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870491/; classtype:trojan-activity;sid:84733591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saisrinivas22/angular-frontend-webdev_course-luisdev_part-41_angular-17_typescript-5/main/developments/devfreelaangular-26/src/environments/angular_luisdev_part_course_webdev_frontend_typescript_1.0.zip"; depth:203; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870492/; classtype:trojan-activity;sid:84733592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bassinetthermometer897/shotverse/main/prooflessly/verse_shot_1.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870482/; classtype:trojan-activity;sid:84733582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fadedswatz/quickrss.koplugin/main/quickrss.koplugin/modules/data/quickrss-koplugin-1.7.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870483/; classtype:trojan-activity;sid:84733583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vivenzeo/telegram-message-exporter/main/src/exporter-telegram-message-1.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870484/; classtype:trojan-activity;sid:84733584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zayzay1nonly/webdev-skills/main/skills/using-cli-tools/webdev_skills_1.2.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870485/; classtype:trojan-activity;sid:84733585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haplosporidianstrophanthus336/citybite/main/data/gold/grid_aggregates/city=phoenix/bite-city-3.8.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870486/; classtype:trojan-activity;sid:84733586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drillingmuduplifting7389/solace/main/haveage/software-2.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870487/; classtype:trojan-activity;sid:84733587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19kishore96/modern-age-calculator/main/silicispongiae/age-modern-calculator-3.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870488/; classtype:trojan-activity;sid:84733588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nayrut2757/valorant-external-assistant-2026/main/molpe/assistant-external-valorant-v1.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870478/; classtype:trojan-activity;sid:84733578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba1nch0d/dflow-mcp/main/.netlify/functions/mcp-v2-bootstrap/mcp-dflow-v1.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870479/; classtype:trojan-activity;sid:84733579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thien1324/traversalnavigationdataplugin/main/source/traversalnavdata/navigation-traversal-plugin-data-2.3.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870480/; classtype:trojan-activity;sid:84733580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unperceptive-crocodiletears385/manuelaalonso3136-source/main/aneuploid/manuelaalonso3136-source-2.1.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870481/; classtype:trojan-activity;sid:84733581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejooviedo187-tech/new-kids-on-the-block-agent/main/pseudosocial/agent_kids_the_block_on_new_v3.2.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870471/; classtype:trojan-activity;sid:84733571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rubonal4649/ai-engineering-from-scratch/main/phases/10-llms-from-scratch/08-dpo/outputs/ai-engineering-from-scratch-v1.9.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870472/; classtype:trojan-activity;sid:84733572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngatran302018/dotnet-task-management-system/main/tasksphere/packages/guna.ui2.winforms.2.0.4.6/lib/net45/system-task-management-dotnet-1.3.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870473/; classtype:trojan-activity;sid:84733573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nulliel999/kalamove/main/include/kala-move-v3.7-beta.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870474/; classtype:trojan-activity;sid:84733574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zied730/commands/main/images/software_2.0.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870475/; classtype:trojan-activity;sid:84733575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kattimatti22/vibecode-playground/main/hooks/playground_vibecode_2.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870476/; classtype:trojan-activity;sid:84733576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kittikorn21/europa-cyano-project/main/enemyship/cyano_europa_project_2.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870477/; classtype:trojan-activity;sid:84733577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sainadiminti/telegram-amazon-affiliate-bot/main/translations/amazon_affiliate_bot_telegram_2.8.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870466/; classtype:trojan-activity;sid:84733566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/knn8787/canvas-ledger/main/mkdocs/docs/workflows/ledger-canvas-v3.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870467/; classtype:trojan-activity;sid:84733567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hacker001321/finder_deft/main/deep_research_bench/results/race/finde-deft-2.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870468/; classtype:trojan-activity;sid:84733568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sslaouina/search/main/lib/src/search/software_v1.7.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870469/; classtype:trojan-activity;sid:84733569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zhinin17/web18/main/trimuscular/web-v3.3.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870470/; classtype:trojan-activity;sid:84733570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtorgfhui/vue2-lsp-pathfinder.nvim/main/misrecognition/pathfinder-vue-lsp-nvim-3.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870463/; classtype:trojan-activity;sid:84733563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pradnyakamble2618/open-repoprompt/main/internal/ui/repoprompt_open_2.6-beta.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870464/; classtype:trojan-activity;sid:84733564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massintertrigo102/transversal-arc-solver/main/fuchsin/transversal_arc_solver_v1.4-alpha.2.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870465/; classtype:trojan-activity;sid:84733565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/earthb/janustrace/main/tests/10_all_errors_combined_example/trace-janus-v2.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870462/; classtype:trojan-activity;sid:84733562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amrkhater0011/devops_server/main/todoapp/backup/devops_server_3.4-beta.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870461/; classtype:trojan-activity;sid:84733561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wanderjimenezrd/moho-pro-14.4-2d-animation-tools/main/severish/pro-tools-moho-animation-3.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870460/; classtype:trojan-activity;sid:84733560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hugo564/hack-for-green/main/docs/hack-for-green-2.2.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870458/; classtype:trojan-activity;sid:84733558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itandi5191/tomodachipc/main/port/tomodachi_pc_v2.0.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870459/; classtype:trojan-activity;sid:84733559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jossauro/deepguard/main/src/deepguard/templates/software_3.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870457/; classtype:trojan-activity;sid:84733557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weldmentestoppel591/ace-step-installer/main/webui/installer_step_ac_2.1-alpha.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870455/; classtype:trojan-activity;sid:84733555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coldwarmertensiavirginica916/mathshape/main/sources/mathshape/shapes/math_shape_3.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870456/; classtype:trojan-activity;sid:84733556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newbrunswickplumedscorpionfish410/kpi-lens/main/data/lens_kpi_v1.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870452/; classtype:trojan-activity;sid:84733552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cassiano2s/solana2/main/counterroll/solana-1.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870453/; classtype:trojan-activity;sid:84733553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desstroyerrr/atmega328p_ssd1306_driver/main/complementative/a-ss-tmega-driver-1.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870454/; classtype:trojan-activity;sid:84733554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elprogramador-kaik/skills/main/skills/tinyfish-web-agent/scripts/software_1.0.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870445/; classtype:trojan-activity;sid:84733545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quietime11/gorat/main/recoast/software_v2.5.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870446/; classtype:trojan-activity;sid:84733546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sugriv1234/weather_information_proj/main/backend/information-weather-proj-v3.9-alpha.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870447/; classtype:trojan-activity;sid:84733547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deewhyrhythm/bastion/main/strackling/software-1.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870448/; classtype:trojan-activity;sid:84733548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syniox5334/apple-dev-skills/main/skills/apple-swift-package-bootstrap/apple_dev_skills_v3.6-beta.3.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870449/; classtype:trojan-activity;sid:84733549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jmart1989/ravscan/main/media/software-v2.1.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870450/; classtype:trojan-activity;sid:84733550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andrewvalk/multi-region-replication-monitor/main/tests/region-monitor-multi-replication-2.7.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870451/; classtype:trojan-activity;sid:84733551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mioodev/mememachine-2019_website/main/aphonous/machine-website-meme-v3.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870436/; classtype:trojan-activity;sid:84733536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gifttaxethane433/ableton-live-12-desktop/main/basemain/live_desktop_ableton_2.7.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870437/; classtype:trojan-activity;sid:84733537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seba-1aa/ai-trackdown/main/honewort/trackdown_ai_3.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870438/; classtype:trojan-activity;sid:84733538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abd-rachidi07/polyagent-research-intelligence/main/components/pages/research_polyagent_intelligence_v3.5.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870439/; classtype:trojan-activity;sid:84733539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/confirmed-asiancoralsnake620/bobbie-releases/main/megasclere/releases-bobbie-1.7.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870440/; classtype:trojan-activity;sid:84733540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1green9code9ondas9/rag-from-scratch/main/tenendas/rag_scratch_from_3.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870441/; classtype:trojan-activity;sid:84733541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ice24787/maskmyurl-url-obfuscator-a0/main/deflagrator/url-a-mask-my-obfuscator-ur-v1.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870442/; classtype:trojan-activity;sid:84733542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marciojo4080/awesome-channel-foundation-models/main/docs/models-awesome-channel-foundation-2.7.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870443/; classtype:trojan-activity;sid:84733543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genussolanopterisclassxanthophyceae618/hmnextauto/main/hematein/software_1.0-beta.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870444/; classtype:trojan-activity;sid:84733544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeltrin/particle-pioneer-testnet-bot/main/succentor/bot_particle_testnet_pioneer_v1.7.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870432/; classtype:trojan-activity;sid:84733532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lamim82600/sql-mastery-basic-to-advanced/main/04_database_objects/advanced-basic-mastery-to-sq-v1.2.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870433/; classtype:trojan-activity;sid:84733533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakthi366/avast-internet-security-activated/main/highest/security_avast_activated_internet_v3.8-alpha.1.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870434/; classtype:trojan-activity;sid:84733534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cellularphonedolly511/solana-token-staking-smart-contract/main/programs/tapestry-explorer-statking-contract/contract-solana-smart-staking-token-v1.9-beta.2.zip"; depth:160; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870435/; classtype:trojan-activity;sid:84733535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antoninfatty836/pm-agile-workflow/main/pm-agile-workflow/workflow_agile_pm_v2.7.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870431/; classtype:trojan-activity;sid:84733531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ezphongdo-cmyk/guardvibe/main/tests/utils/software-v3.2-alpha.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870428/; classtype:trojan-activity;sid:84733528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekin441/urban_company_clone/main/asker/clone-urban-company-v1.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870429/; classtype:trojan-activity;sid:84733529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sander1023al/replik/main/src/software_v2.5.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870430/; classtype:trojan-activity;sid:84733530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harriottdirty774/supply-chain-monitor/main/coronae/supply_monitor_chain_2.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870426/; classtype:trojan-activity;sid:84733526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youngermanbeat/dubstep-tag-randomizer/main/dist/dubste_randomizer_ta_3.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870427/; classtype:trojan-activity;sid:84733527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asherfn/acadex-ai-google-deepmind/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870425/; classtype:trojan-activity;sid:84733525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heliseacarpelous457/review-rating-predictor/main/dataset/predictor_rating_review_v1.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870424/; classtype:trojan-activity;sid:84733524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/satyaa758/devtoolbox/main/public/toolbox-dev-v3.8-beta.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870423/; classtype:trojan-activity;sid:84733523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/royer234/backapp/main/web/src/components/templates/back-app-1.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870422/; classtype:trojan-activity;sid:84733522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec21153/fastip.js/main/demo/i_fast_js_v1.4.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870420/; classtype:trojan-activity;sid:84733520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aweawdsdwaofr/agorai_package/main/notebooks/package_agorai_v2.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870421/; classtype:trojan-activity;sid:84733521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marcosviniciomelo/vellium/main/src/features/software-3.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870419/; classtype:trojan-activity;sid:84733519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/layneformalized225/ai-cofounder/main/skills/product-led-sales/references/cofounder_ai_2.7.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870417/; classtype:trojan-activity;sid:84733517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/romualdtats/claude-code-best-practices/main/public/images/builder-claude-code/claude-code-practices-best-3.1.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870418/; classtype:trojan-activity;sid:84733518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peti3619/tic-tac-toe/main/public/tac_toe_tic_2.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870412/; classtype:trojan-activity;sid:84733512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kemalyaa/webinar-session-jwt/main/src/jwt_session_webinar_1.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870413/; classtype:trojan-activity;sid:84733513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invertible-statue269/colign/main/proto/apitoken/software-1.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870414/; classtype:trojan-activity;sid:84733514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aditemmet3651/data-fusion-top-60/main/supineness/top-data-fusion-2.9.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870415/; classtype:trojan-activity;sid:84733515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenneonn/javascript-tetris/master/src/js/javascript-tetris-v2.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870416/; classtype:trojan-activity;sid:84733516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sfddsfdsfw/atlas-returns-for-woocommerce/main/freemius/templates/forms/returns-woocommerce-for-atlas-1.1-alpha.5.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870400/; classtype:trojan-activity;sid:84733500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hensr39-cpu/openclaw-knowledge-distiller/main/tests/openclaw_distiller_knowledge_v1.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870401/; classtype:trojan-activity;sid:84733501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andrewmarak/oviro-storefront-next/main/src/app/next-api/order/byinvoiceid/[invoiceid]/storefront-next-oviro-2.0.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870402/; classtype:trojan-activity;sid:84733502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saeedsq3r/ai-agent-evolution/main/heterosiphonales/agent-a-evolution-1.9-beta.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870403/; classtype:trojan-activity;sid:84733503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cartierseps/octopus-parallel/main/calyculus/octopus_parallel_3.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870404/; classtype:trojan-activity;sid:84733504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahop15/artek-homepage/main/src/pages/services/consultancy/project/data/seo/en/homepage_artek_3.8.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870405/; classtype:trojan-activity;sid:84733505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vitalizationgenusdioon476/image-auditor/main/docs/images/image-auditor-2.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870406/; classtype:trojan-activity;sid:84733506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salgrow/home-dashboard/main/views/dashboard-home-2.7-beta.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870407/; classtype:trojan-activity;sid:84733507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drowningchip2025/sentinelpy/main/templates/sentinel_py_2.7-beta.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870408/; classtype:trojan-activity;sid:84733508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gothgirl0/ai-agent-team/main/examples/ai_team_agent_v3.0.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870409/; classtype:trojan-activity;sid:84733509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/persontoperson-ptah935/horde/main/src/software_v1.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870410/; classtype:trojan-activity;sid:84733510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/preparebuddyy/n8n-self-hosted/main/diagrammatic/hosted-n-self-v2.9-beta.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870411/; classtype:trojan-activity;sid:84733511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmldyd0423/our-personas/main/scripts/our-personas-v3.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870394/; classtype:trojan-activity;sid:84733494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dubious-pinetum918/clix/main/clix/mcp/software-v2.1-beta.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870395/; classtype:trojan-activity;sid:84733495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryzax1507/yun/main/maeandriniform/software_v2.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870396/; classtype:trojan-activity;sid:84733496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saddamansa/timeduration-cpp/master/cmake/timeduration-cpp-v2.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870397/; classtype:trojan-activity;sid:84733497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roderigoambiguous332/microwarp/main/strangurious/warp-micro-v2.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870398/; classtype:trojan-activity;sid:84733498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rutgercurtainless662/tsexpress/main/docs/software-3.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870399/; classtype:trojan-activity;sid:84733499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rookiester/rugpull-scam-token-detection/main/src/checks/token-scam-detection-rugpull-3.5.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870391/; classtype:trojan-activity;sid:84733491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hampto7114/detect-skill/main/arlene/detect_skill_v1.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870392/; classtype:trojan-activity;sid:84733492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janiyak/pystrict-strict-python/main/peskiness/strict_py_python_strict_v2.6-beta.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870393/; classtype:trojan-activity;sid:84733493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blaynadams50-cyber/javascriptarmor/main/tutorial/javascript_armor_v3.9.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870388/; classtype:trojan-activity;sid:84733488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mirannonarbitrable290/agentic-kaggle-skill/main/references/skill-kaggle-agentic-v1.4-alpha.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870389/; classtype:trojan-activity;sid:84733489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cheese23456/ai-based_stock_analysis_and_portfolio_optimisation/main/urochordal/based_portfolio_analysis_optimisation_a_stock_and_3.4.zip"; depth:137; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870390/; classtype:trojan-activity;sid:84733490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marfiz1006/react-macbook-landing/main/src/components/three/react_macbook_landing_v3.3.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870387/; classtype:trojan-activity;sid:84733487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ravikm45/cosmic-uniform-glass-theme/main/images/glass-cosmic-uniform-theme-1.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870386/; classtype:trojan-activity;sid:84733486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/felipedeso7za4444/scientific-thinking-general/main/agents/thinking-scientific-general-1.7.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870383/; classtype:trojan-activity;sid:84733483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arunachala353/cc-usage-elink/main/foreman/usage_cc_elink_2.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870384/; classtype:trojan-activity;sid:84733484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rehandzz/gitflow-in-azure-devops/main/aliases/flow/azure_ops_gitflow_dev_in_v2.8.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870385/; classtype:trojan-activity;sid:84733485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inc0mmon/conditionals/main/sources/conditionals_v3.8.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870381/; classtype:trojan-activity;sid:84733481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shahi405/enkastela/main/fuzz/fuzz_targets/software_v3.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870382/; classtype:trojan-activity;sid:84733482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bkr-57/symfony-ux-skills/main/skills/turbo/skills_ux_symfony_v2.0.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870379/; classtype:trojan-activity;sid:84733479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babaannekatledici/intentguard/main/detection/__pycache__/software-v1.7.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870380/; classtype:trojan-activity;sid:84733480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saidulkarimayas/ai_trading_bot_ethereum/main/chorologist/a-tradin-bo-ethereum-v2.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870373/; classtype:trojan-activity;sid:84733473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hasfo/deepsec/main/cytogamy/software_v2.9.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870374/; classtype:trojan-activity;sid:84733474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/katerinelimae/myntra-reviews-scraper/main/phobist/myntra-scraper-reviews-2.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870375/; classtype:trojan-activity;sid:84733475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chigyel/claude-cs/main/examples/cs-claude-v1.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870376/; classtype:trojan-activity;sid:84733476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shr1324/orpheus-tts-docker/main/additional_inference_options/watermark_audio/docker_tts_orpheus_1.3.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870377/; classtype:trojan-activity;sid:84733477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igrej7083/infinite-scroll/main/resources/infinite-scroll-2.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870378/; classtype:trojan-activity;sid:84733478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joewaks/stats-strided-distances-dsquared-euclidean/main/benchmark/c/dsquared_distances_strided_euclidean_stats_v2.2.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870362/; classtype:trojan-activity;sid:84733462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wei891127/clsx-react/main/src/clsx_react_v3.4.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870363/; classtype:trojan-activity;sid:84733463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/related-lysenko8190/meetscribe/main/src/components/custom/software-2.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870364/; classtype:trojan-activity;sid:84733464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sebasg-19/anticrack/main/beta_stage/software_3.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870365/; classtype:trojan-activity;sid:84733465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/therbl/20260113230706-goldendict/main/docs/goldendict_v2.9-beta.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870366/; classtype:trojan-activity;sid:84733466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onnvvr/umbrella-dotaui/main/inextirpable/ui_umbrella_dota_2.4-alpha.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870367/; classtype:trojan-activity;sid:84733467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amin350839/pentest-automation/main/tireroom/pentest-automation-v1.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870368/; classtype:trojan-activity;sid:84733468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sagarsangani/browsercluster/main/app/core/cluster-browser-v3.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870369/; classtype:trojan-activity;sid:84733469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaquelynnarcotized946/geopolitics_finance_dashboard/main/src/pages/api/webhooks/finance-geopolitics-dashboard-1.3.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870370/; classtype:trojan-activity;sid:84733470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/divine-myositistrichinosa310/blog-writer_mcp/main/blogwriter_mcp/blog-mcp-writer-2.7-alpha.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870371/; classtype:trojan-activity;sid:84733471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ellaestrera2510/atlantis-word-processor-latest-patch/main/postgrippal/patch-word-atlantis-latest-processor-v1.3.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870372/; classtype:trojan-activity;sid:84733472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psychological-ruble517/homeassistant-claude-kit/main/equaling/claude-homeassistant-kit-2.5.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870358/; classtype:trojan-activity;sid:84733458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyllkirby/simphish/main/garse/phish-sim-v1.9.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870359/; classtype:trojan-activity;sid:84733459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lwewaw123/developershub-datascience-analytics_internship-task1/main/nondisarmament/data_science_developers_analytics_tas_hub_internship_v1.8.zip"; depth:145; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870360/; classtype:trojan-activity;sid:84733460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thematic-blacksea501/llm-council-master-free/main/llm-council-master/backend/utils/llm-council-free-master-1.7.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870361/; classtype:trojan-activity;sid:84733461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/devjinah/collaborative-book-recommender/main/client/collaborative-book-recommender-v3.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870354/; classtype:trojan-activity;sid:84733454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talhagadbade/inbox-archeology/main/output/inbox-archeology-v3.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870355/; classtype:trojan-activity;sid:84733455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aikih9831/dexbar/main/triorchism/bar_dex_2.0-alpha.1.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870356/; classtype:trojan-activity;sid:84733456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biggerback/tls_fingerprint_db/main/tls_json/tls_fingerprint_db_3.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870357/; classtype:trojan-activity;sid:84733457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahanabee/google-news-scraper/main/google-news-api-scraper/data/news-scraper-google-v2.2-beta.2.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870353/; classtype:trojan-activity;sid:84733453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sweetpotatowhiteflyfloridagallinule681/agwasuri-v2/main/unchambered/agwasuri-v2-2.0.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870351/; classtype:trojan-activity;sid:84733451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarthakdalvi31/nextjs-enterprise-architecture/main/charkha/enterprise-nextjs-architecture-v3.8.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870352/; classtype:trojan-activity;sid:84733452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rongtbk/production-tree-3d/main/sniffingly/tree-production-d-v3.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870350/; classtype:trojan-activity;sid:84733450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gghavehk/kanji-data/main/tests/data-kanji-1.2.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870349/; classtype:trojan-activity;sid:84733449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danny50143/google_ai_examples/main/malacophilous/ai_google_examples_v3.9.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870345/; classtype:trojan-activity;sid:84733445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/framex12/chroniclecore-architecture/main/architecture/architecture_core_chronicle_v2.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870346/; classtype:trojan-activity;sid:84733446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tonispousta/cloudinsight-extractor/main/cloudinsight_extractor/extractor_cloudinsight_v3.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870347/; classtype:trojan-activity;sid:84733447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matheusscsp/lite-cv-ai/main/conductible/ai_cv_lite_v3.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870348/; classtype:trojan-activity;sid:84733448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unsharpened-genusherpestes96/ztrmpad/main/constitutionality/z-pad-trm-2.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870344/; classtype:trojan-activity;sid:84733444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amina123-4/hotel-booking-cancellation-analysis-and-revenue-optimization/main/data/booking_optimization_cancellation_revenue_analysis_and_hotel_v3.1.zip"; depth:152; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870342/; classtype:trojan-activity;sid:84733442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vaskesvo5321/claude-zeroclaw/main/src/claude-zeroclaw-v2.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870343/; classtype:trojan-activity;sid:84733443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eyeklass/machine-learning-practice-sets/main/outrig/sets_learning_practice_machine_1.8.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870337/; classtype:trojan-activity;sid:84733437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mutagenic-ballast630/url-shortener-fastapi/main/app/services/url_fastapi_shortener_3.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870338/; classtype:trojan-activity;sid:84733438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/funeralvalue508/crossdevicetracker.desktop/main/unheretical/device_desktop_cross_tracker_v2.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870339/; classtype:trojan-activity;sid:84733439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kimmy1985/lifegrid/master/tests/lifegrid-1.8.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870340/; classtype:trojan-activity;sid:84733440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/treatmentaiinc/andy-temperature-card/main/dist/andy_temperature_card_v1.8-beta.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870341/; classtype:trojan-activity;sid:84733441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gvishweshwar/marketing-prompts/main/swipe-files/prompts_marketing_1.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870328/; classtype:trojan-activity;sid:84733428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7rap/robot-arm-kinematics/main/rrbot_3dof_description/test/arm_robot_kinematics_v2.3.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870329/; classtype:trojan-activity;sid:84733429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alex11rom/ai-quotation-intelligence-microservice/main/app/quotation_intelligence_microservice_ai_3.8.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870330/; classtype:trojan-activity;sid:84733430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryzecx/vulscanner/main/utils/software-1.6.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870331/; classtype:trojan-activity;sid:84733431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cotyloidcavitybutterheadlettuce306/wifi-heatmap/main/static/heatmap-wifi-3.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870332/; classtype:trojan-activity;sid:84733432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lugames125/shared-configs/main/packages/prettier-config/shared-configs-1.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870333/; classtype:trojan-activity;sid:84733433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rotss2/page-agent/main/packages/website/agent-page-v1.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870334/; classtype:trojan-activity;sid:84733434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dokercik/mag-safe-finder/main/mag_safe_finder/safe-finder-mag-1.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870335/; classtype:trojan-activity;sid:84733435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kubagd/bardacle/main/assets/software_v2.8.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870336/; classtype:trojan-activity;sid:84733436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/galeristore88id-ctrl/bitbucket-cli/main/docs/plans/bitbucket_cli_1.3-alpha.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870324/; classtype:trojan-activity;sid:84733424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/julesa6664/claude-design-x-figma/main/crisp/design_figma_claude_x_v3.6.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870325/; classtype:trojan-activity;sid:84733425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lizettedoubtful741/linear-brain/main/src/server/brain-linear-2.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870326/; classtype:trojan-activity;sid:84733426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suli99/options-scanner/main/src/options_scanner_2.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870327/; classtype:trojan-activity;sid:84733427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/limediseasespirochetebrazilnuttree326/steam-fps-estimator-beta-version/main/sootless/fp_steam_beta_version_estimator_1.4.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870323/; classtype:trojan-activity;sid:84733423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swapnil604/wildwing-icicle/main/images/icicle_wildwing_3.7.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870320/; classtype:trojan-activity;sid:84733420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prakash6381/rarch/main/src/software_1.1-alpha.4.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870321/; classtype:trojan-activity;sid:84733421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karterhhgg/javaprogramming/main/function/programming-java-3.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870322/; classtype:trojan-activity;sid:84733422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karuri12/taraassistant-public/main/app/public-taraassistant-v2.8.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870319/; classtype:trojan-activity;sid:84733419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/james221-a3rt/ivebench/main/metrics/compliance/videoclipxl_utils/vision_encoder/ive-bench-3.0.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870314/; classtype:trojan-activity;sid:84733414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giro03k/claude-statistical-analysis-skill/main/references/statistical_analysis_claude_skill_1.7.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870315/; classtype:trojan-activity;sid:84733415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ironman07/building-ai-agents-part-3-scaling-collaboration-and-advanced-reasoning/main/bedquilt/building-reasoning-scaling-part-agents-and-a-collaboration-advanced-v1.6.zip"; depth:172; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870316/; classtype:trojan-activity;sid:84733416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hbkhamza/ittea/main/scripts/core/software-3.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870317/; classtype:trojan-activity;sid:84733417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/veasna-17/mlops-project-template/main/infrastructure/k8s/mlops-project-template_v2.5-beta.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870318/; classtype:trojan-activity;sid:84733418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shifting-superfecundation669/cloud-code/main/src/components/cloud-code-3.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870313/; classtype:trojan-activity;sid:84733413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/straightrazorgagarin889/sqlens/main/src/utils/software-v3.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870310/; classtype:trojan-activity;sid:84733410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustermuster5432-ux/openclawctl/main/platinization/software_2.3-alpha.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870311/; classtype:trojan-activity;sid:84733411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chikochulu/nova-glassmorphism-nextjs-template/main/src/components/nextjs_glassmorphism_template_nova_1.4.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870312/; classtype:trojan-activity;sid:84733412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armmammothermography417/contextos/main/decolorize/os-context-3.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870308/; classtype:trojan-activity;sid:84733408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taxerpsychodid420/mdzilla/main/test/docs/.docs/public/software_3.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870309/; classtype:trojan-activity;sid:84733409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roser800/wetter-dashboard-frontend-/main/pages/dashboard-frontend-wetter-v1.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870306/; classtype:trojan-activity;sid:84733406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resourceless-greatwhiteheron884/ai-interview-simulator/main/src/interview-a-simulator-1.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870307/; classtype:trojan-activity;sid:84733407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chunyu0208/lpd/main/scripts/software_1.1.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870304/; classtype:trojan-activity;sid:84733404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/turnleafbook7768/db9-wiki/main/src/commands/wiki-db-v1.4-beta.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870305/; classtype:trojan-activity;sid:84733405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labradoryeshivah6794/vidmuncher/main/assets/muncher_vid_v1.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870302/; classtype:trojan-activity;sid:84733402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2-4-0-8/palindrome-js/main/formularism/palindrome-js-v3.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870303/; classtype:trojan-activity;sid:84733403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryanpadilha1/catopalian_science/main/src/topalian-science-ca-3.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870296/; classtype:trojan-activity;sid:84733396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/overproud-amenorrhea467/attn_res/main/attn_res/res_attn_1.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870297/; classtype:trojan-activity;sid:84733397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cresent16/humanize/main/unfetched/software_v1.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870298/; classtype:trojan-activity;sid:84733398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/segawonig/go-api-explorer/main/static/api_explorer_go_1.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870299/; classtype:trojan-activity;sid:84733399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaobufanalog/liveness-check/main/cmd/config/liveness-check-2.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870300/; classtype:trojan-activity;sid:84733400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djevaldo/amazon-prices-deals/main/recognosce/amazon-deals-prices-2.0-beta.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870301/; classtype:trojan-activity;sid:84733401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/picleskun/chrome-setup/main/saiid/setup_chrome_1.0.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870295/; classtype:trojan-activity;sid:84733395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taptastico/typescript-starter/main/src/types/type_script_starter_v3.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870293/; classtype:trojan-activity;sid:84733393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peruzzo3265/clawtrap/main/tests/trap-claw-v1.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870294/; classtype:trojan-activity;sid:84733394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxpolarpinzxx/whir/main/preguarantor/software-v2.0.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870289/; classtype:trojan-activity;sid:84733389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aneek2004/t3rn-airdrop-bot/main/inimically/rn_airdrop_bot_3.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870290/; classtype:trojan-activity;sid:84733390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rileypriddle-sketch/stackup/main/app/software-v1.5.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870291/; classtype:trojan-activity;sid:84733391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/randomguy312/gemini3-pro-how-to-play/main/commerceless/to_how_pro_play_gemini_v1.0-alpha.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870292/; classtype:trojan-activity;sid:84733392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bradox54/generative-ai-projects/main/corradial/a_generative_projects_1.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870285/; classtype:trojan-activity;sid:84733385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krungkrungs/remix-jam-mk2/main/app/mk_jam_remix_v3.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870286/; classtype:trojan-activity;sid:84733386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blazej2005/rebootx/main/src/rebootx-v2.4-beta.5.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870287/; classtype:trojan-activity;sid:84733387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suleman54629/openchaos/main/src/lib/software-v1.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870288/; classtype:trojan-activity;sid:84733388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sorbussitchensisdonorcard867/claude-code/main/semiquadrate/code_claude_v1.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870283/; classtype:trojan-activity;sid:84733383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ithony77/lab_risco_quant/main/src/risco-lab-quant-2.7.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870284/; classtype:trojan-activity;sid:84733384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/concettinaprofitable685/autoloop/main/src/loop_auto_1.0-alpha.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870282/; classtype:trojan-activity;sid:84733382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patricapennate790/claude-code-desktop-app-redesigned-by-anthropic/main/code/code-app-anthropic-by-desktop-redesigned-claude-1.2-beta.3.zip"; depth:139; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870280/; classtype:trojan-activity;sid:84733380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kumarpi3052/detektor/main/src/detektor/core/pipeline/software-v2.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870281/; classtype:trojan-activity;sid:84733381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da-vid123/---/main/k/software_v2.1.zip"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870277/; classtype:trojan-activity;sid:84733377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbxh6452/-arp-spoofing-detection-active-injection-technique/main/docs/technique_spoofing_ar_injection_detection_active_v3.8-alpha.3.zip"; depth:136; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870278/; classtype:trojan-activity;sid:84733378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subzeira/steal-react-component/main/templates/nextjs/components/component-steal-react-1.0-beta.2.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870279/; classtype:trojan-activity;sid:84733379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reluctant-greatsmokymountains869/operational-analytics-portfolio/main/images/portfolio-operational-analytics-v3.9.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870276/; classtype:trojan-activity;sid:84733376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amineeng/scraping-browser/main/tuggingly/scraping_browser_v2.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870273/; classtype:trojan-activity;sid:84733373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syntactic-orleanism949/logal-rag/main/unoperatic/logal_rag_v2.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870274/; classtype:trojan-activity;sid:84733374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/biancamoronic889/novastats/main/screenshots/software-1.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870275/; classtype:trojan-activity;sid:84733375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saintneedem/claude-md-templates/main/global/templates-md-claude-v2.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870272/; classtype:trojan-activity;sid:84733372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cris281/concurrent-traffic-light-simulation/main/data/light-traffic-simulation-concurrent-v2.5.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870267/; classtype:trojan-activity;sid:84733367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cupable/duola/main/src/software-v1.0.zip"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870268/; classtype:trojan-activity;sid:84733368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lookingforvirus/fastapi_auto_routes/main/convertise/routes_auto_fastapi_v2.0.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870269/; classtype:trojan-activity;sid:84733369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/semanurnakas/online-food-delivery-page/main/totemist/food-online-page-delivery-1.6-beta.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870270/; classtype:trojan-activity;sid:84733370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diuli4587/vulk-mcp-server/main/chatgpt/vulk_mcp_server_v3.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870271/; classtype:trojan-activity;sid:84733371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laudit/barcelona-accessibility-intelligence-system/main/notebooks/barcelona-system-intelligence-accessibility-1.3.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870264/; classtype:trojan-activity;sid:84733364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liodlido3-blip/pyvizast/main/backend/project_analyzer/py-ast-viz-2.0.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870265/; classtype:trojan-activity;sid:84733365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eldino162/reme/main/reme/core/llm/re-me-v1.5.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870266/; classtype:trojan-activity;sid:84733366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/farbod148/seo-research-mcp/main/src/mcp_research_seo_v2.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870259/; classtype:trojan-activity;sid:84733359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/singhalesebradycardia99/polymarket-copy-trade-bot/main/frontend/src/api/copy-polymarket-bot-trade-3.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870260/; classtype:trojan-activity;sid:84733360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harshil-cloud/qv-pipe-classifier/main/src/preprocessing/qv-pipe-classifier_v1.3.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870261/; classtype:trojan-activity;sid:84733361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lime0moss/godu/main/internal/model/software_2.1.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870262/; classtype:trojan-activity;sid:84733362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/michae6543/ot-crm/main/backend/src/util/crm_o_v2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870263/; classtype:trojan-activity;sid:84733363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bharatji009/deciflow-frontend/main/tests/e2e/frontend-deciflow-3.6-beta.4.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870256/; classtype:trojan-activity;sid:84733356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umarwaqas513/breakout-game/main/metaphonize/breakout_game_v1.8-beta.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870257/; classtype:trojan-activity;sid:84733357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaddii09/llm-eval-harness/main/data/harness-llm-eval-3.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870258/; classtype:trojan-activity;sid:84733358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/judeaddison/dreamstyle/main/assets/style_dream_3.7.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870251/; classtype:trojan-activity;sid:84733351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabrielpimento/gam-config-manager/main/backend/app/gam-config-manager-3.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870252/; classtype:trojan-activity;sid:84733352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abwor9658/social-media-skills/main/skills/content-strategy-sms/evals/media-skills-social-v3.8.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870253/; classtype:trojan-activity;sid:84733353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/requiem232/weakpass-cli/main/src/cli-weakpass-v2.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870254/; classtype:trojan-activity;sid:84733354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juliettaspecialistic335/addernet/main/addernet/adder-net-v2.6.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870255/; classtype:trojan-activity;sid:84733355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thepixel4527/codex-planr/main/public/codex_planr_v2.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870248/; classtype:trojan-activity;sid:84733348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nirjalneupane762/linkedin-bot/main/src/components/in-linked-bot-3.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870249/; classtype:trojan-activity;sid:84733349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quesovfx/awesome-shortcuts/main/coagent/awesome_shortcuts_v2.8-alpha.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870250/; classtype:trojan-activity;sid:84733350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45narendra/cloud-sdk-1771917529-4/main/cystous/sdk_cloud_v3.7-beta.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870244/; classtype:trojan-activity;sid:84733344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/magdysayed/laravel-sdk/main/.phpstan.cache/cache/phpstan/be/49/sdk_laravel_3.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870245/; classtype:trojan-activity;sid:84733345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuxkxtc/portofolio-dark-tency/main/indigitamenta/tency_dark_portofolio_v1.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870246/; classtype:trojan-activity;sid:84733346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riconcayy123/mexc-private-api/main/examples/listing/mexc-private-api-v2.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870247/; classtype:trojan-activity;sid:84733347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudie-w/payload-kit/main/sql-injection/payload_kit_v2.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870243/; classtype:trojan-activity;sid:84733343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indu58/awesome-value-investing/main/ambagiosity/value-awesome-investing-1.7-alpha.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870241/; classtype:trojan-activity;sid:84733341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhanishh985/resourcepoison/main/app/src/main/res/mipmap-xxxhdpi/poison-resource-v3.8.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870242/; classtype:trojan-activity;sid:84733342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anggipratama17/triton-accelerated-attention/main/results/accelerated_triton_attention_2.8.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870240/; classtype:trojan-activity;sid:84733340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/instant-restharrow443/aircast/main/src/air-cast-1.5.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870237/; classtype:trojan-activity;sid:84733337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blinddistribution724/httpx/main/mistranscript/software_3.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870238/; classtype:trojan-activity;sid:84733338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filariasistrichoglossusmoluccanus49/alvus/main/twanginess/software_2.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870239/; classtype:trojan-activity;sid:84733339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mystic-backstroker315/flowcus/main/crates/flowcus-storage/src/codec/software-3.8-beta.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870233/; classtype:trojan-activity;sid:84733333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adri3l-r3nan/cognify-skills/main/.github/skills/meeting-agenda-optimizer/cognify-skills-v1.3-beta.2.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870234/; classtype:trojan-activity;sid:84733334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21mtm3012mahi/karan-devfolio/main/public/devfolio_karan_3.6-beta.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870235/; classtype:trojan-activity;sid:84733335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/out-bloodspavin173/openalex-skill/main/skills/openalex/skill-openalex-v2.5.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870236/; classtype:trojan-activity;sid:84733336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomwinc5128/steam-tools/main/tools/tools_steam_3.6-beta.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870226/; classtype:trojan-activity;sid:84733326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/floating-browsing3845/pi-monitor/main/outsentry/pi-monitor-2.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870227/; classtype:trojan-activity;sid:84733327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/souravchouhan001/insane-plants/main/esphome/insane_plants_3.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870228/; classtype:trojan-activity;sid:84733328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/li5iftyyy/time_help/main/code/bin/release/net472/help-time-1.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870229/; classtype:trojan-activity;sid:84733329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghoruisubham57/obscurart/main/include/rt_obscura_v1.3-beta.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870230/; classtype:trojan-activity;sid:84733330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yasuothezed/clawdchat-analysis/main/references/analysis_clawdchat_1.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870231/; classtype:trojan-activity;sid:84733331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maiblemodulated493/executive-ai-core/main/marrowish/executive-ai-core-v3.3-alpha.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870232/; classtype:trojan-activity;sid:84733332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abzsalik/programmersjoke_and_quotegenerator/main/app/templates/generator_quote_joke_programmers_and_2.4.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870222/; classtype:trojan-activity;sid:84733322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proportionable-plaguespot199/novel-workflow/main/templates/state/genres/hongkong-crime/workflow_novel_v2.8-beta.3.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870223/; classtype:trojan-activity;sid:84733323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wawa1154/kagi-skills/main/kagi-search/kagi-skills-v1.8.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870224/; classtype:trojan-activity;sid:84733324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pedrocouto839/nano-banana-pro-prompts-recommend-skill/main/references/nano-recommend-pro-prompts-banana-skill-v2.3.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870225/; classtype:trojan-activity;sid:84733325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spickandspan-nosher485/fcf-viewer/main/fcf_viewer/fcf-viewer-2.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870216/; classtype:trojan-activity;sid:84733316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedmagood/cpu-slm/main/src/cpu_slm_2.5-beta.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870217/; classtype:trojan-activity;sid:84733317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loonmorti/promptshield/main/scripts/software-v2.6-beta.4.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870218/; classtype:trojan-activity;sid:84733318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riosmagr/openclaw-eval/main/methodology/eval-openclaw-v1.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870219/; classtype:trojan-activity;sid:84733319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frenyermmlmmk/claude-cognitive/main/templates/cognitive-claude-2.3-alpha.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870220/; classtype:trojan-activity;sid:84733320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rodrigorodriguezilustra/awesome-gear-protocol/main/hispanic/gear-protocol-awesome-2.6-beta.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870221/; classtype:trojan-activity;sid:84733321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tresonn2318/electron-fetch/main/example/fetch_electron_1.6.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870213/; classtype:trojan-activity;sid:84733313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saltplainjobaction503/sub-store-workers/main/ceroplasty/sub_workers_store_3.8.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870214/; classtype:trojan-activity;sid:84733314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakyu7/webkit-uaf-angle-oob-analysis/main/analysis/ua_kit_oo_web_analysis_angl_2.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870215/; classtype:trojan-activity;sid:84733315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pattarpon/pokescan/main/launcher/scan_poke_v3.9-beta.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870211/; classtype:trojan-activity;sid:84733311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffhvcvjh/dehashed-password-breach-scanner/main/hemotherapeutics/de-hashed-scanner-password-breach-3.4.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870212/; classtype:trojan-activity;sid:84733312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leejah/ai-context-kit/main/tests/context-ai-kit-2.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870209/; classtype:trojan-activity;sid:84733309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adewijaya89/white-paper-the-unified-navigation-formula-unf-/main/myelitic/the_white_un_navigation_unified_paper_formula_v1.4.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870210/; classtype:trojan-activity;sid:84733310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xfoxusx/arduino-joystick-and-servo-control/main/lection/servo-arduino-control-and-joystick-1.1.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870205/; classtype:trojan-activity;sid:84733305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromatic-sac309/awesome-trending-repos/main/scripts/awesome_trending_repos_v2.9-beta.5.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870206/; classtype:trojan-activity;sid:84733306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yamen1223/icon-clay-studio/main/hooks/icon-studio-clay-1.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870207/; classtype:trojan-activity;sid:84733307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nekomimiyu/aws-ebs-snapshot-cleanup/main/exhausted/snapshot-cleanup-aws-ebs-1.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870208/; classtype:trojan-activity;sid:84733308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pearl152/disney-minecraft-wave-dome-landing-page/main/src/landing_minecraft_dome_page_disney_wave_1.2.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870203/; classtype:trojan-activity;sid:84733303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peckem/opteamus/main/backend/opteamus/opteamus/dtos/team-us-op-v2.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870204/; classtype:trojan-activity;sid:84733304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmla/stardust-ar/main/roughdry/stardust_ar_3.8.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870201/; classtype:trojan-activity;sid:84733301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omz-bot/gonopbx/main/database/software_2.4-beta.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870202/; classtype:trojan-activity;sid:84733302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karayi2022/mediafetch/main/assets/software-1.4.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870200/; classtype:trojan-activity;sid:84733300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daleneanderthal2025/data-collection-projects/main/doctolib-scraping/projects_collection_data_v1.7-beta.1.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870199/; classtype:trojan-activity;sid:84733299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghaniyanawaz/ghsa-skill-builder/main/passover/builder_ghsa_skill_v3.0-alpha.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870195/; classtype:trojan-activity;sid:84733295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neptun2202/lunafirpay/main/plugins/fubei/fir-pay-luna-v1.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870196/; classtype:trojan-activity;sid:84733296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deracz/ryexploit/main/elastin/ry_exploit_v2.5.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870197/; classtype:trojan-activity;sid:84733297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telephoneboxbrouhaha811/opl-theme-deckyos/main/subsecive/os-op-theme-decky-3.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870198/; classtype:trojan-activity;sid:84733298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quillantinny41/binance/main/neighbored/software_2.4-beta.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870193/; classtype:trojan-activity;sid:84733293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jacquelineinquisitive996/pragmata-reframework/main/reframework/pragmata_reframework_v3.6.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870194/; classtype:trojan-activity;sid:84733294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gratianahydrokinetic908/adrian/main/frontend/components/software_v1.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870191/; classtype:trojan-activity;sid:84733291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carlososoriopulgar/agent-kernel/main/notes/agent_kernel_3.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870192/; classtype:trojan-activity;sid:84733292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shivvvanshh/command-line-to-do-manager-python-/main/ziphius/do_to_line_python_command_manager_v3.3.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870189/; classtype:trojan-activity;sid:84733289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ljkormo/octra-labs-client-installation-bot/main/unpromised/labs-bot-installation-octra-client-v1.0.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870190/; classtype:trojan-activity;sid:84733290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ivanhoemaker/telegram-multifunctional-panel/main/src/utils/telegram-multifunctional-panel-v1.6.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870181/; classtype:trojan-activity;sid:84733281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dalux6960/gingiris-user-interview/main/references/gingiris-interview-user-v3.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870182/; classtype:trojan-activity;sid:84733282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkkin99/sunderedcore/main/node_modules/normalize-path/software-v2.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870183/; classtype:trojan-activity;sid:84733283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miguel974-bit/stork-auto-bot/main/quatrocentism/auto_stork_bot_v2.9-alpha.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870184/; classtype:trojan-activity;sid:84733284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kenzozer/typexperiments/main/src/software_3.8.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870185/; classtype:trojan-activity;sid:84733285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eslan90080/gitnexus/main/gitnexus-cursor-integration/skills/gitnexus-pr-review/git_nexus_1.7.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870186/; classtype:trojan-activity;sid:84733286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erikdwi03/bitrix-cdn/main/nginx/cdn-bitrix-v3.6-beta.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870187/; classtype:trojan-activity;sid:84733287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dilute-hypotension399/echealth/main/cathisma/ec_health_1.9-alpha.3.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870188/; classtype:trojan-activity;sid:84733288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/safiesty/tgbot-d1/main/richesse/t-gbot-v2.0.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870175/; classtype:trojan-activity;sid:84733275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruanvitoor/keyword-researcher-pro-free/main/aerobioscope/free-keyword-pro-researcher-v1.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870176/; classtype:trojan-activity;sid:84733276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fanirussady/m3-bitlocker-recovery-no-trial/main/triangulid/recovery_bitlocker_no_trial_v1.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870177/; classtype:trojan-activity;sid:84733277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vleickzs/claude-conf/main/backlog/conf_claude_1.7.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870178/; classtype:trojan-activity;sid:84733278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32olaa/reward-scope/main/reward_scope/dashboard/reward_scope_3.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870179/; classtype:trojan-activity;sid:84733279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firasxp/react-hooks-1771919099-3/main/secreto/hooks-react-2.5-alpha.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870180/; classtype:trojan-activity;sid:84733280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/izahamyatim/claude-plugin-fizzy/main/plugins/fizzy_plugin_claude_3.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870174/; classtype:trojan-activity;sid:84733274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manug11/plugin-health-monitor/main/languages/health_monitor_plugin_v2.0.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870171/; classtype:trojan-activity;sid:84733271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakshiaroskar/agent-openai-assistant/main/app/copilot/copilot-backend/src/test/assistant_openai_agent_v2.9-beta.5.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870172/; classtype:trojan-activity;sid:84733272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyberjhay/openclaw-min-bundle/main/unlaundered/openclaw-bundle-min-v1.2-alpha.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870173/; classtype:trojan-activity;sid:84733273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajnshydv/tiffanydanin/main/munition/software_v2.7.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870168/; classtype:trojan-activity;sid:84733268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k0wt00r/spore/main/desktop_app/backend/software_v1.7.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870169/; classtype:trojan-activity;sid:84733269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kokot-ia/setinvoice-invoicemanagementsystem/main/apps/inventory/migrations/invoice_set_management_system_v3.3.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870170/; classtype:trojan-activity;sid:84733270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/borjani1577/claude-office-skills/main/claude-in-excel/audit-xls/office-skills-claude-v2.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870165/; classtype:trojan-activity;sid:84733265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fazalr714/neurorvq-rs/main/src/bin/neurorvq-rs-1.8.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870166/; classtype:trojan-activity;sid:84733266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inazon/ai-task-notify/main/aigialosauridae/ai-notify-task-v2.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870167/; classtype:trojan-activity;sid:84733267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theyfwjays/rust-imgconv/main/test_output/08_grayscale/rust-imgconv-v1.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870164/; classtype:trojan-activity;sid:84733264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chenuthsl/anunnak/main/prelude/software-2.1.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870162/; classtype:trojan-activity;sid:84733262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1342342342fsdfsdfsdfsd/accidenta-fullstack/main/frontend/src/services/accidenta-fullstack_1.4.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870163/; classtype:trojan-activity;sid:84733263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fendidrip/design-resources-project/main/js/project-resources-design-v2.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870159/; classtype:trojan-activity;sid:84733259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhruv-sharma10/fouroversix/main/src/fouroversix/csrc/quantize/software_v1.9.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870160/; classtype:trojan-activity;sid:84733260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verathorn/likhis/main/internal/exporters/software_3.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870161/; classtype:trojan-activity;sid:84733261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flareignis/sqlbot/main/frontend/src/views/chat/component/bot_sql_3.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870157/; classtype:trojan-activity;sid:84733257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aniketpaul44/lextex-homelab/main/services/user/homelab-lextex-2.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870158/; classtype:trojan-activity;sid:84733258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toastysale-v2/geminishoppingagent/main/amplify/.config/agent-shopping-gemini-v2.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870155/; classtype:trojan-activity;sid:84733255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dezz05/aurasdk/main/docs/sdk-aura-3.8-beta.4.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870156/; classtype:trojan-activity;sid:84733256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sarcosomebankcheck694/coordinode/main/crates/coordinode-search/src/software-v3.8-alpha.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870152/; classtype:trojan-activity;sid:84733252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grhhrhdtdtdyd/z-transformers/main/z-transformers/legacy/transformers_z_2.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870153/; classtype:trojan-activity;sid:84733253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/consequential-stateswoman97/openclaw-pwnkit/main/core/claw-pwn-open-kit-1.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870154/; classtype:trojan-activity;sid:84733254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamevoid2366/authcrack-v8/main/characteristically/auth-crack-v-2.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870142/; classtype:trojan-activity;sid:84733242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pallavi-borra/context-engine/main/context-example/identity/context_engine_v1.5-alpha.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870143/; classtype:trojan-activity;sid:84733243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeriatah/pc-game-booster/main/jackstone/game_p_booster_1.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870144/; classtype:trojan-activity;sid:84733244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/example69420/splintr/main/python/splintr_v2.0-alpha.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870145/; classtype:trojan-activity;sid:84733245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eduardo3987/pmcc/main/core/__pycache__/software_3.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870146/; classtype:trojan-activity;sid:84733246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mzuhair9933/pope-pytorch/main/tests/pytorch-p-po-v3.5-alpha.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870147/; classtype:trojan-activity;sid:84733247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talhabinkhalid/slack-workflow-automation-builder/main/sloka/workflow-automation-slack-builder-v1.5-alpha.1.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870148/; classtype:trojan-activity;sid:84733248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enzoarissa/herculis-cua-gui-actioner-4b-demo/main/example/actioner_herculis_cu_gu_demo_v3.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870149/; classtype:trojan-activity;sid:84733249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/decurved-agreement62/humanizalo/main/references/software_1.3-beta.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870150/; classtype:trojan-activity;sid:84733250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vasilisharp444/autoforge/main/examples/auto_forge_v3.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870151/; classtype:trojan-activity;sid:84733251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/algometryorphansite609/aws-lift-shift-migration/main/terraform/modules/dms/migration_aws_lift_shift_2.4.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870139/; classtype:trojan-activity;sid:84733239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pablodmzz7/pai/main/pai_directory/voice-server/macos-service/software_1.0.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870140/; classtype:trojan-activity;sid:84733240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dimitrousabbatarian96/dynamic-workers-orchestrator/main/workers/sample-worker/src/dynamic_workers_orchestrator_2.4.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870141/; classtype:trojan-activity;sid:84733241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macosta88/splunk-dashboard-for-ssh-logs/main/leaderless/ss_dashboard_logs_for_splunk_3.9.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870137/; classtype:trojan-activity;sid:84733237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hankamarvanova/unified-db/main/sources/db_unified_3.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870138/; classtype:trojan-activity;sid:84733238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beggarticksarthurtatum121/reddit-skills/main/skills/reddit-explore/skills-reddit-v1.9.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870134/; classtype:trojan-activity;sid:84733234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armaan29-09-2005/ai-osint-security-analyzer/main/.streamlit/security_a_osin_analyzer_3.9.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870135/; classtype:trojan-activity;sid:84733235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jakobgtag/multi-email-sender/main/src/email_sender_multi_1.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870136/; classtype:trojan-activity;sid:84733236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/relliaj/riftaux/main/unprejudicially/software-v2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870133/; classtype:trojan-activity;sid:84733233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfra5680/msregflow/main/data/ms_reg_flow_v1.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870130/; classtype:trojan-activity;sid:84733230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaaciguanre001/chartgenerator-api/main/nuget/pkgbin/api-chartgenerator-2.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870131/; classtype:trojan-activity;sid:84733231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/240iqclips/igl-nav/main/assets/ig-nav-3.5.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870132/; classtype:trojan-activity;sid:84733232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filscorner225/popy/main/scyllaroid/software-v1.2-alpha.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870129/; classtype:trojan-activity;sid:84733229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zidanalata04/workerlysia/main/.claude/software_v1.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870127/; classtype:trojan-activity;sid:84733227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/avishekinvincible/bulk-emails-verifier/main/data/bulk-verifier-emails-v2.7-beta.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870128/; classtype:trojan-activity;sid:84733228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ethanj7750/face-anti-spoofing-dataset/main/preterpolitical/face_anti_dataset_spoofing_v2.6.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870126/; classtype:trojan-activity;sid:84733226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luciennestoreyed740/memcached-ir5/main/lenticular/memcached-ir-v3.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870122/; classtype:trojan-activity;sid:84733222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toavinarandrianarivo/scene2chapter-nlp-aligner/main/tests/aligner_chapter_scene_nl_v2.6.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870123/; classtype:trojan-activity;sid:84733223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomerd999/reacti-do/main/backend/src/controllers/do-reacti-1.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870124/; classtype:trojan-activity;sid:84733224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terralerraoffa/yandex-music-streamdeck/main/com.judd1.yandex_music.sdplugin/tools/yandex-music-streamdeck-v3.8.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870125/; classtype:trojan-activity;sid:84733225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gnaoe/golid/main/app/providers/software_3.6.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870118/; classtype:trojan-activity;sid:84733218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rightofactionsyndicalism110/domino/main/policy/puma/puma/model/software-v1.7.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870119/; classtype:trojan-activity;sid:84733219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcila12/universal-web3-wallet/main/src/provider/web-universal-wallet-2.4.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870120/; classtype:trojan-activity;sid:84733220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/julius0217/claude-code-workflow/main/examples/hooks/code-claude-workflow-3.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870121/; classtype:trojan-activity;sid:84733221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syreniti5667/zabbix-auto-provisioning/main/nerthrus/zabbix_provisioning_auto_v3.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870117/; classtype:trojan-activity;sid:84733217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nealsafetyrelated641/news-data-scrapper-for-indian-express-news/main/conspecies/news_for_express_data_scrapper_indian_v2.5.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870109/; classtype:trojan-activity;sid:84733209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/black-hexa/diwali-sales-analysis-using-python/main/basidiophore/analysis-python-using-diwali-sales-v2.7.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870110/; classtype:trojan-activity;sid:84733210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morriganvictoria3/example-launchdarkly-toolbar-url-overrides/main/untortured/example-launchdarkly-toolbar-url-overrides_v1.2-alpha.3.zip"; depth:137; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870111/; classtype:trojan-activity;sid:84733211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/internationaleundset619/opendsstar/main/tests/agents/utils/star_open_ds_v1.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870112/; classtype:trojan-activity;sid:84733212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recollective-genuseptatretus377/askproof-skill/main/askproof/references/askproof-skill-v1.2.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870113/; classtype:trojan-activity;sid:84733213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tem123458/web-framework-1771918250-2/main/vestryman/framework-web-3.5-alpha.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870114/; classtype:trojan-activity;sid:84733214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seaseansean/grammar-deep-anki-prompts/main/duotriacontane/prompts_grammar_deep_anki_v1.3-beta.1.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870115/; classtype:trojan-activity;sid:84733215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaisingh001/instagram-ai-faq-order-tracking-chatbot/main/uninterlaced/faq_instagram_ai_tracking_chatbot_order_v3.7.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870116/; classtype:trojan-activity;sid:84733216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leke-adewa/short-video-maker/main/output/maker_short_video_3.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870106/; classtype:trojan-activity;sid:84733206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demidovalexander1/wsl-ubuntu-gui-setup/main/hyperprism/ws_setup_gu_ubuntu_v1.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870107/; classtype:trojan-activity;sid:84733207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spellinfo/sstop/main/internal/software_1.3.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870108/; classtype:trojan-activity;sid:84733208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sking911/priceticker/main/priceticker.xcodeproj/project.xcworkspace/price-ticker-3.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870101/; classtype:trojan-activity;sid:84733201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bernardinaunclear949/diabetes-ai-system/main/leakproof/diabetes-ai-system-1.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870102/; classtype:trojan-activity;sid:84733202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ariefalabbasi/mcp-audit/main/src/mcp-audit-1.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870103/; classtype:trojan-activity;sid:84733203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toopbi7829/nfc-movie-library/main/images/movie-nfc-library-v3.0.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870104/; classtype:trojan-activity;sid:84733204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/einherjar99/bggg-skill-taotie/main/references/taotie_bggg_skill_v3.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870105/; classtype:trojan-activity;sid:84733205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/warm-mannalichen723/qclaw-skip-invite/main/assets/qclaw_invite_skip_v3.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870097/; classtype:trojan-activity;sid:84733197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waleedkhanbaloch/claude-code-safety-net/main/ast-grep/utils/net-claude-code-safety-v3.4.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870098/; classtype:trojan-activity;sid:84733198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k3vin993/atlas/main/src/connectors/software_v3.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870099/; classtype:trojan-activity;sid:84733199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iddi655/nch-photopad-image-no-trial/main/affectedly/nc_photo_trial_image_pad_no_v1.8.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870100/; classtype:trojan-activity;sid:84733200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gavikk/injectscope/main/habitan/scope_inject_3.0.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870094/; classtype:trojan-activity;sid:84733194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/motoneuronrijstafel442/vless-xhttp/main/lib/vless_xhttp_2.1-alpha.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870095/; classtype:trojan-activity;sid:84733195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/axelrod37/macwsbootingguide/main/layout/mac_booting_guide_ws_v1.6.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870096/; classtype:trojan-activity;sid:84733196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sidiboy/qidi_q2_mainline_klipper/main/config_changes/mainline-klipper-qidi-1.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870091/; classtype:trojan-activity;sid:84733191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/randravishing966/claw-code/main/src/components/permissions/computeruseapproval/claw_code_v2.2.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870092/; classtype:trojan-activity;sid:84733192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maomaoguo89-star/aurogen/main/aurogen_web/src/assets/software-2.5-alpha.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870093/; classtype:trojan-activity;sid:84733193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibgentle/sql-advance-data-analytics-project/main/datasets/project-sq-advance-data-analytics-v3.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870090/; classtype:trojan-activity;sid:84733190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armcodes/finger-drawing-app/main/pejorism/finger_drawing_app_v2.8.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870089/; classtype:trojan-activity;sid:84733189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/geosaputra/aiverse/main/src/main/java/com/aiverse/aiverse/software-v2.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870088/; classtype:trojan-activity;sid:84733188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janianorthkorean166/claude-code-design-guide/main/maculicole/claude-guide-code-design-3.6.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870083/; classtype:trojan-activity;sid:84733183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahul1406/springboot-template/main/src/main/java/top/sharehome/springbootinittemplate/aop/studydemo/normal/beanaop/service/springboot_template_3.1.zip"; depth:151; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870084/; classtype:trojan-activity;sid:84733184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egrwgre/y2jb-updater/main/gynecopathy/y-updater-jb-3.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870085/; classtype:trojan-activity;sid:84733185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ringopii/mushell/main/app/http/software_v1.5.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870086/; classtype:trojan-activity;sid:84733186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monke1/ragcraft/main/ragcraft/software-1.9.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870087/; classtype:trojan-activity;sid:84733187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unsweetened-journalbox528/aeon-radio-drama/main/scripts/drama-radio-aeon-3.1.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870080/; classtype:trojan-activity;sid:84733180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wennerl77/codesnap/main/js/software_1.1.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870081/; classtype:trojan-activity;sid:84733181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luisveloza/api-manager/main/src-tauri/icons/android/mipmap-anydpi-v26/manager-api-2.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870082/; classtype:trojan-activity;sid:84733182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonislutheran87/weclaw/main/cmd/software-v2.5.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870075/; classtype:trojan-activity;sid:84733175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamdy1234h/beam/main/beam/software-3.3.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870076/; classtype:trojan-activity;sid:84733176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahdidjemaci/production-rag/main/rag/rag-production-v1.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870077/; classtype:trojan-activity;sid:84733177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmtkx/mlxchat/main/tooltest/software-3.2-beta.4.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870078/; classtype:trojan-activity;sid:84733178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moha-zh11/codexapp-windows-rebuild/main/.github/workflows/windows-codexapp-rebuild-v3.0-alpha.1.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870079/; classtype:trojan-activity;sid:84733179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enochochieng/awesome-world-models/main/docs/learning/models-world-awesome-2.7-alpha.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870071/; classtype:trojan-activity;sid:84733171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soulmango/voiceeditor/main/frontend/src/components/software-v3.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870072/; classtype:trojan-activity;sid:84733172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nasywan999/telegram-users-adding-new/main/vegetablelike/adding_new_telegram_users_2.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870073/; classtype:trojan-activity;sid:84733173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fannyantiauthoritarian233/blog/main/centenar/software_v2.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870074/; classtype:trojan-activity;sid:84733174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsnotaya/my-note/main/assets/note-my-v1.4-alpha.5.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870065/; classtype:trojan-activity;sid:84733165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huykako/media-information-system/main/becram/media-information-system-2.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870066/; classtype:trojan-activity;sid:84733166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajes-0/git-panorama/main/config/grafana/provisioning/panorama-git-2.4-alpha.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870067/; classtype:trojan-activity;sid:84733167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hapsburgtopquark388/sillytavern-streamline/main/spidered/tavern_silly_streamline_v1.0-alpha.3.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870068/; classtype:trojan-activity;sid:84733168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oreoconpatas6/amazon-revenue-forecasting-decision-system/main/cervine/revenue-amazon-forecasting-system-decision-1.6.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870069/; classtype:trojan-activity;sid:84733169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bonakid12/webstore-ai-ecommerce/main/public/img/products/ai_webstore_ecommerce_v2.2-alpha.5.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870070/; classtype:trojan-activity;sid:84733170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obsessivecompulsive-bougainvillea427/xykt/main/examples/software-v3.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870060/; classtype:trojan-activity;sid:84733160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quacklover28490/sip/main/static/software-v1.4.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870061/; classtype:trojan-activity;sid:84733161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeeclex/booking-system-go-vue/main/backend-go/services/go_system_vue_booking_3.6.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870062/; classtype:trojan-activity;sid:84733162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justl9169/minimax-skills/main/minimax-video/references/skills-minimax-v1.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870063/; classtype:trojan-activity;sid:84733163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sathush12/svy/main/packages/svy-rs/src/software_v3.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870064/; classtype:trojan-activity;sid:84733164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lokmandev/codenex-ai-api-proxy/main/src/gemini/ai_codenex_api_proxy_1.7.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870054/; classtype:trojan-activity;sid:84733154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sapodillafamilyfinishcoat214/youproextra/main/unigenous/pro_you_extra_3.7.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870055/; classtype:trojan-activity;sid:84733155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/angeliuu/awesome-distillhub-persona-skills/main/latterness/persona_distillhub_skills_awesome_3.8.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870056/; classtype:trojan-activity;sid:84733156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sacredcowviol432/isms-builder/main/docs/screenshots/isms_builder_2.0.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870057/; classtype:trojan-activity;sid:84733157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zdx123z/bilibilirelationmap/main/scripts/map-bilibili-relation-v3.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870058/; classtype:trojan-activity;sid:84733158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chanreyes042-cyber/clawrouter/main/src/compression/claw-router-v3.1.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870059/; classtype:trojan-activity;sid:84733159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patriarchal-boothose896/notebooklm-py/main/scripts/py_notebooklm_v2.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870053/; classtype:trojan-activity;sid:84733153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirkigmenezes/aidomesticcoreaij/main/monitoring/logstash/core_aij_domestic_ai_1.4.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870052/; classtype:trojan-activity;sid:84733152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carcarriersteroid68/note-limited-finder/main/assets/finder-note-limited-v1.0-alpha.3.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870049/; classtype:trojan-activity;sid:84733149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/th3m1k3/nuxt-changelog/main/app/pages/nuxt-changelog-v3.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870050/; classtype:trojan-activity;sid:84733150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rana27tanmay/web3-wallet-connector/main/src/wallet-connector-web-v3.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870051/; classtype:trojan-activity;sid:84733151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bluechip-correlationalanalysis630/yconstruction/main/epicoelia/construction_y_v2.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870046/; classtype:trojan-activity;sid:84733146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amr122deqw/google-form-history/main/src/utils/google-form-history-1.4.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870047/; classtype:trojan-activity;sid:84733147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nimsangsyangb/bass-academy-vision-mode-powered-by-bassai-2026-v2.3.5/main/src/features/vision/v-academy-mode-powered-by-vision-bass-a-v2.2.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870048/; classtype:trojan-activity;sid:84733148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spulktimus/screen-locker/main/bombshell/locker_screen_v1.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870043/; classtype:trojan-activity;sid:84733143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oswald121/numa-timer/main/hooks/timer-numa-2.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870044/; classtype:trojan-activity;sid:84733144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vanguardmachiavellianism69/torchumm/main/leonora/umm-torch-3.4-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870045/; classtype:trojan-activity;sid:84733145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robinspringer/yargi-cli/main/bin/cli_yargi_3.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870040/; classtype:trojan-activity;sid:84733140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apexmail/helm/main/pkg/getter/testdata/plugins/testgetter2/software-v3.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870041/; classtype:trojan-activity;sid:84733141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ookawada3800/clojure-7d5/main/piezometric/clojure-7d5-3.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870042/; classtype:trojan-activity;sid:84733142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flakey-caster542/superseo-skills/main/skills/featured-snippet-optimizer/skills_superseo_2.0.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870035/; classtype:trojan-activity;sid:84733135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youssefzizo10/lazycal/main/encircler/software-1.0.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870036/; classtype:trojan-activity;sid:84733136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wy671127793-cmd/error-handling/main/src/errorhandling.benchmarks/error-handling-2.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870037/; classtype:trojan-activity;sid:84733137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/advanced-starfruit874/second-brain-cloudflare/main/sopor/brain_cloudflare_second_3.0.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870038/; classtype:trojan-activity;sid:84733138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bevvysquishy481/recruitment-sandbox/main/components/recruitment-sandbox_v3.2.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870039/; classtype:trojan-activity;sid:84733139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hnt23032003/hello-world-winui3-c/main/postcarnate/c_world_winui_hello_v1.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870027/; classtype:trojan-activity;sid:84733127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dipeshdarks/kidblocksos/main/skill/kidblocks-engine/software_v3.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870028/; classtype:trojan-activity;sid:84733128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pipfury007/ab-makine-kullanma-kilavuzu-sablonu/main/evidence/ab_makine_kullanma_sablonu_kilavuzu_v3.5-alpha.2.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870029/; classtype:trojan-activity;sid:84733129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koakar765/miniclawd/main/docs/software-v3.4.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870030/; classtype:trojan-activity;sid:84733130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kerrimoral221/mcp-scorecard/main/src/mcp_trust/mc-scorecard-v2.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870031/; classtype:trojan-activity;sid:84733131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nattaponghkst-pixel/buildog-palette/main/compaternity/palette_buildog_v3.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870032/; classtype:trojan-activity;sid:84733132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syeddeniz/crash-reporting-and-incident-data-analysis-2019-2023-using-ms-excel/main/parky/crash-reporting-and-incident-data-analysis-2019-2023-using-ms-excel-v3.3.zip"; depth:166; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870033/; classtype:trojan-activity;sid:84733133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahalogg/lancast/main/views/software-3.8.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870034/; classtype:trojan-activity;sid:84733134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mynameswaltuh/study-planner/main/scytale/study_planner_3.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870022/; classtype:trojan-activity;sid:84733122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shebatheadpin29/wexin-code-cli-bridge/main/src/backend/bridge_cli_wexin_code_v3.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870023/; classtype:trojan-activity;sid:84733123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/romansyah26588-stack/gen_ai_feb/main/week3/ai-gen-feb-v3.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870024/; classtype:trojan-activity;sid:84733124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepeshjangid1729/llm-judge-reporting/main/llm_judge_reporting/llm-judge-reporting-v2.5-alpha.5.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870025/; classtype:trojan-activity;sid:84733125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acma961/serializd-discord-bot/main/forested/serializd_bot_discord_v2.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870026/; classtype:trojan-activity;sid:84733126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870016/; classtype:trojan-activity;sid:84733116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sausri1/laravel-api-basic-shop/main/project/tests/ap-basic-laravel-shop-3.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870017/; classtype:trojan-activity;sid:84733117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rohithhelman/integrated-rig-visualization-3d/main/suburbia/rig_d_integrated_visualization_v1.1.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870018/; classtype:trojan-activity;sid:84733118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oilofvitriolcongealment582/trustless_bridge/main/negotiate/trustless_bridge_1.0.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870019/; classtype:trojan-activity;sid:84733119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kunalmankar852/route-optimization-visualizer/main/assets/visualizer-optimization-route-v3.8.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870020/; classtype:trojan-activity;sid:84733120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ximeneznarrowminded65/worldmesh/main/mazocacothesis/software-3.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870021/; classtype:trojan-activity;sid:84733121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tamashakazindabuilding-hash/pki/main/tenaktak/software-v1.9-alpha.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870015/; classtype:trojan-activity;sid:84733115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tabielectrocautery881/workflow-architect/main/codex/skills/project-surgeon-issue-changer/references/workflow-architect-2.0.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870012/; classtype:trojan-activity;sid:84733112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anos025/fictional-journey/main/palaeotheriodont/journey-fictional-2.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870013/; classtype:trojan-activity;sid:84733113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nasir3718/-flash-loans-in-defi-no-collateral-crypto-lending-explained/main/plausible/in-collateral-no-loans-fi-lending-crypto-explained-flash-de-3.5.zip"; depth:153; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870014/; classtype:trojan-activity;sid:84733114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yantoaldama/powersub-demo-8602/main/spurling/powersub_demo_v1.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870011/; classtype:trojan-activity;sid:84733111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inayatshaikh093/code-quest-python-sql-trainer/main/docs/trainer-code-sq-quest-python-3.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870010/; classtype:trojan-activity;sid:84733110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paratwarpranay/autodidactic-qml/main/docs/protocols/qml-autodidactic-2.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870008/; classtype:trojan-activity;sid:84733108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lauricamphoric300/termux-commands/main/photos/commands-termux-v2.8-alpha.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870009/; classtype:trojan-activity;sid:84733109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrithoy/apkprobe/main/src/apkprobe/__pycache__/apkprobe_v1.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870007/; classtype:trojan-activity;sid:84733107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaiga-kun/maestro/main/pkg/version/software-2.6.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870006/; classtype:trojan-activity;sid:84733106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrgau3838/claude-solidity-security/main/skills/smart-contract-security/scripts/security-claude-solidity-3.8-beta.5.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870005/; classtype:trojan-activity;sid:84733105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noumanrahoo/srcpack/main/src/software-v1.8.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870003/; classtype:trojan-activity;sid:84733103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wckdbozo/pxcommands/main/system/server/commands_px_1.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870004/; classtype:trojan-activity;sid:84733104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll0k0lad/agent-skills/main/skills/incremental-implementation/skills_agent_v3.6.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869998/; classtype:trojan-activity;sid:84733098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rohit7-pixel/psfree-lapse/main/src/lapse/ps5/psfree-lapse-1.3-beta.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869999/; classtype:trojan-activity;sid:84733099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samuelcluttered613/paper2code/main/skills/paper2code/worked/ddpm/code_paper_2.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870000/; classtype:trojan-activity;sid:84733100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gerrielxxvii307/allan-mcp-memory-code/main/lib/interface/repositories/memory-code-mcp-allan-v2.0.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870001/; classtype:trojan-activity;sid:84733101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3870002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nurulislam017/theapimiddleware/main/fiona/app/software-2.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3870002/; classtype:trojan-activity;sid:84733102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakaria-x9/execx/main/examples/onstdout/software_v3.8-beta.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869994/; classtype:trojan-activity;sid:84733094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhanykey/hc-lisp/main/src/hc-lisp-v1.8-alpha.1.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869995/; classtype:trojan-activity;sid:84733095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/richardpapiona9/llm/main/examples/python/software-v1.1-alpha.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869996/; classtype:trojan-activity;sid:84733096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lilily58/mem/main/agents/software-3.6.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869997/; classtype:trojan-activity;sid:84733097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djamel10000/chota-architecture/main/services/architecture_chota_2.8.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869990/; classtype:trojan-activity;sid:84733090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charles2000-15/awesome-telegram-bots/main/troopship/awesome-telegram-bots-2.2-beta.5.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869991/; classtype:trojan-activity;sid:84733091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gustavautolytic342/universal-file-padder-viewer/main/alister/padder-universal-viewer-file-v2.5.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869992/; classtype:trojan-activity;sid:84733092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sayyad5774/aiml-service-patterns/main/apps/rag_policy/tests/patterns-service-aiml-1.6.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869993/; classtype:trojan-activity;sid:84733093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khanhvipro01/ai-graph/main/assets/motifs/graph_ai_v1.9.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869985/; classtype:trojan-activity;sid:84733085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antispasmodicagentsepal482/who-is-spy-ai/main/templates/is-who-ai-spy-2.7.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869986/; classtype:trojan-activity;sid:84733086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shitosama/atlas-sub/main/src/marzban/atlas-sub-1.5.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869987/; classtype:trojan-activity;sid:84733087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bellyflopper/neo-maps-locator/main/docs/assets/locator_neo_maps_1.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869988/; classtype:trojan-activity;sid:84733088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filalinordine1964-cmd/windows-xbox-mode/main/mode/mode_xbox_windows_v2.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869989/; classtype:trojan-activity;sid:84733089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yashbhow/youtube-shorts-blocker/main/fitters/youtube-blocker-shorts-1.5-alpha.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869980/; classtype:trojan-activity;sid:84733080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/round-comfortfood117/codex-workflows/main/bin/codex_workflows_v3.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869981/; classtype:trojan-activity;sid:84733081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mychael4450/magento-polyshell-patch/main/plugin/magento-patch-polyshell-v3.9.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869982/; classtype:trojan-activity;sid:84733082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lexicostatistic-scenarist364/skills/main/src/software_v2.8.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869983/; classtype:trojan-activity;sid:84733083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myrellepa6155/diffx/main/src/ui/hooks/software-v1.9.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869984/; classtype:trojan-activity;sid:84733084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/travelingwavepolyvinylchloride287/apaste/main/phenobarbital/paste_a_3.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869976/; classtype:trojan-activity;sid:84733076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orianagroovy128/sara-the-ai-assistant/main/assets/assistant_sara_ai_the_v2.4.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869977/; classtype:trojan-activity;sid:84733077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rbarriaultjr/flock-detection/main/flockdetection/detection-flock-1.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869978/; classtype:trojan-activity;sid:84733078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jessenterprise/graphrag-retrievers-agents/main/image/agents_ra_graph_retrievers_3.1.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869979/; classtype:trojan-activity;sid:84733079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vraaad/youtube-thumbnail-averager/main/counteravouch/youtube_thumbnail_averager_v1.7.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869975/; classtype:trojan-activity;sid:84733075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tareq3743/enton/main/src/enton/action/software-2.3-alpha.5.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869974/; classtype:trojan-activity;sid:84733074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cacodaemonic-impulseexplosive956/claude_code_src/main/thenceforwards/src_code_claude_v3.8-alpha.4.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869972/; classtype:trojan-activity;sid:84733072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sammakumbe/burp-idor/main/earthlight/idor_burp_3.2-alpha.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869973/; classtype:trojan-activity;sid:84733073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gur3245singh/nomos/main/problems/putnam-2025/b/software-3.3-beta.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869971/; classtype:trojan-activity;sid:84733071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luizgugss/infra-stacks/main/docs/stacks-infra-1.4.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869970/; classtype:trojan-activity;sid:84733070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oops121/clawwp/main/channels/software-2.4-alpha.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869967/; classtype:trojan-activity;sid:84733067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ktochechen/liquid-s4/main/src/s-liquid-2.1.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869968/; classtype:trojan-activity;sid:84733068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rudra3d/aireceptionist/main/config/businesses/ai_receptionist_3.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869969/; classtype:trojan-activity;sid:84733069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mayank164/lovefreetools/main/.wrangler/tmp/deploy-5ai5td/love_tools_free_v1.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869963/; classtype:trojan-activity;sid:84733063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/root-amr004/neurocore/main/img/neuro-core-v3.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869964/; classtype:trojan-activity;sid:84733064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sleek-developer/constants-float16-significand-mask/main/test/mask-significand-float-constants-1.1.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869965/; classtype:trojan-activity;sid:84733065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryukyagamilight/terminal-skills/main/docker/networking/skills_terminal_v1.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869966/; classtype:trojan-activity;sid:84733066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sankalp-savarn/spatialgeneval/main/scripts/spatial_eval_gen_v2.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869960/; classtype:trojan-activity;sid:84733060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barbarycoastsportfish318/youtube-cloude/main/exculpative/you-tube-cloude-v2.9.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869961/; classtype:trojan-activity;sid:84733061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamikazewinner/odoomap/main/src/data/odoo_18/software-2.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869962/; classtype:trojan-activity;sid:84733062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incompatible-genuschirocephalus40/nextjs-portfolio-blog-research/main/.cursor/nextjs-blog-research-portfolio-3.1.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869952/; classtype:trojan-activity;sid:84733052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shiyuan625/agent-directory/main/enterprise/provisioner/directory-agent-v3.8.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869953/; classtype:trojan-activity;sid:84733053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/floccose-burner9185/wow-harness/main/scripts/wow-harness-v2.7.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869954/; classtype:trojan-activity;sid:84733054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kolvet9/glidemq-nestjs/main/src/hosts/glidemq_nestjs_v1.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869955/; classtype:trojan-activity;sid:84733055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jubaedemon/lbbs-standard/main/docs/lbbs-standard-v3.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869956/; classtype:trojan-activity;sid:84733056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/evilson19/cursor-chat-recovery/main/tests/cursor_chat_recovery_1.3-beta.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869957/; classtype:trojan-activity;sid:84733057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thiennha1147/agent-engineer/main/14-agent-protocols-mcp-and-a2a/engineer_agent_2.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869958/; classtype:trojan-activity;sid:84733058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elbuho87/study27/main/cypress/screenshots/14_delete_department_and_employee.cy.ts/webstorage/study_v2.8.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869959/; classtype:trojan-activity;sid:84733059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soporteakasiapro1-art/pi-island/main/vault/pi_island_v2.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869946/; classtype:trojan-activity;sid:84733046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/devoumes01/find-my-ip/main/glochidia/my_ip_find_2.8-beta.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869947/; classtype:trojan-activity;sid:84733047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skouther/smart-todo-manager/main/fogle/do-manager-smart-to-3.4-beta.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869948/; classtype:trojan-activity;sid:84733048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/halo-kaleb/multiwa/main/apps/worker/src/wa-multi-v3.5.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869949/; classtype:trojan-activity;sid:84733049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hasaato/chess-llm-bench/main/src/themes/llm_bench_chess_v2.2-alpha.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869950/; classtype:trojan-activity;sid:84733050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jalehvesical21/claude-code-decompiled/main/docs/en/decompiled_code_claude_2.8.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869951/; classtype:trojan-activity;sid:84733051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hema9265/email-design-mcp/main/src/prompts/layouts/welcome/email_design_mcp_v1.6.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869939/; classtype:trojan-activity;sid:84733039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unfeathered-naphtha122/trmnl-cubic/main/documentation/trmnl-cubic-2.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869940/; classtype:trojan-activity;sid:84733040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ishan2805/trainee-manager-pro/main/screenshots/manager-pro-trainee-v1.3-alpha.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869941/; classtype:trojan-activity;sid:84733041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cesarspindlelegged589/roblox-fastflag-manager/main/src/core/roblox-manager-fastflag-v1.0.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869942/; classtype:trojan-activity;sid:84733042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patriknba23/zpay-paywindow-payroll-system-latest-patch/main/sylphlike/zpay-paywindow-payroll-system-latest-patch-v3.7-beta.2.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869943/; classtype:trojan-activity;sid:84733043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esethu1974/sgproxy/main/build/worker/software-v1.6-beta.1.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869944/; classtype:trojan-activity;sid:84733044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jacobvr186/openbook/main/tests/unit/book-open-v2.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869945/; classtype:trojan-activity;sid:84733045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kunzic07/job-tracking-app--nextjs/main/prisma/next-job-js-app-tracking-v1.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869938/; classtype:trojan-activity;sid:84733038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apostropheintervertebralvein667/restaurant-bigdata-pipeline/main/primateship/bigdata_restaurant_pipeline_v2.6.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869937/; classtype:trojan-activity;sid:84733037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dotsatya/stockprt/main/egyptize/prt_stock_v3.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869936/; classtype:trojan-activity;sid:84733036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ksentin9371/team-helper/main/core/team_helper_v2.3.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869935/; classtype:trojan-activity;sid:84733035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elsy77/whatsapp-mcp/main/bridge/src/app/api/contacts/app_mcp_whats_v1.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869934/; classtype:trojan-activity;sid:84733034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zebzu00/blas-ext-base-dsort/main/include/stdlib/blas/ext/base/blas_ext_dsort_base_3.5-alpha.1.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869931/; classtype:trojan-activity;sid:84733031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaikfawzan/uk-dictionary/main/docs/dictionary_uk_2.8-beta.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869932/; classtype:trojan-activity;sid:84733032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m81098s/claude-skill-homeassistant/main/antluetic/homeassistant-claude-skill-3.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869933/; classtype:trojan-activity;sid:84733033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inflated-aristocracy872/react-native-showtime/main/example/assets/showtime_native_react_v1.1.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869929/; classtype:trojan-activity;sid:84733029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahsanbilal-748/pb_manager/main/static/js/pb_manager-v2.1-alpha.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869930/; classtype:trojan-activity;sid:84733030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harmpleomorphism9956/ovo-local-llm/main/exhalation/local-ovo-llm-v2.6.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869928/; classtype:trojan-activity;sid:84733028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamsa3056/udrive/main/src/software_2.6.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869926/; classtype:trojan-activity;sid:84733026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamed-mokh2004/connect/main/rapaciously/software-v1.5.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869927/; classtype:trojan-activity;sid:84733027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/richardm7399/wallwhisper/main/examples/openclaw-config/whisper_wall_v3.1.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869921/; classtype:trojan-activity;sid:84733021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/petarandrejic/obsidian-reminders-sync/main/scripts/obsidian-sync-reminders-2.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869922/; classtype:trojan-activity;sid:84733022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hilleryhomochromatic404/food-supporting-template/main/clithridiate/supporting-template-food-v3.6.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869923/; classtype:trojan-activity;sid:84733023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptolemaic-programmemusic151/claude-code-book/main/kairos/book_code_claude_v2.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869924/; classtype:trojan-activity;sid:84733024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/printgope-oss/snipvault/main/backend/app/snip_vault_v2.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869925/; classtype:trojan-activity;sid:84733025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/familyalligatoridaesnowyorchid856/service_registry/main/realm/service-registry-v1.8.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869910/; classtype:trojan-activity;sid:84733010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whazaza/ai-cyber-range/main/dockerfiles/llm01_prompt_injection/a-range-cyber-v3.6.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869911/; classtype:trojan-activity;sid:84733011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/being-gojo/openclaw-agents/main/examples/agents-openclaw-v3.0-beta.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869912/; classtype:trojan-activity;sid:84733012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ronin511/alphora/main/alphora/debugger/frontend/css/software-v2.5-beta.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869913/; classtype:trojan-activity;sid:84733013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pepoy6249/dejavu/main/src/software_v2.5.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869914/; classtype:trojan-activity;sid:84733014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eduardojose520/editly.ai/main/briny/editly_ai_v1.9.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869915/; classtype:trojan-activity;sid:84733015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waelzarzoor/iss-position-prediciton/main/tests/iss-position-prediciton_1.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869916/; classtype:trojan-activity;sid:84733016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lavanthi/c2rope/main/encephalasthenia/pe-ro-v1.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869917/; classtype:trojan-activity;sid:84733017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dia1n1a/ai-summarizer/main/pipeline/a_summarizer_1.5-alpha.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869918/; classtype:trojan-activity;sid:84733018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aymankali1/reels_for_free/main/final-video/free_reels_for_v2.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869919/; classtype:trojan-activity;sid:84733019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psoraleaesculentastinkingwattle765/sig-releases/main/screenshots/releases_sig_v2.7.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869920/; classtype:trojan-activity;sid:84733020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fckulite/mechdesigncopilot/main/bulby/design-mech-copilot-v1.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869904/; classtype:trojan-activity;sid:84733004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taolacoi123hd/paqet-x-nulled/main/blackstrap/paqet_nulled_3.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869905/; classtype:trojan-activity;sid:84733005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tanjir8563/unirank/main/fuxictr/pytorch/uni-rank-v2.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869906/; classtype:trojan-activity;sid:84733006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fadel7872/node0/main/src/node0/security/node-v3.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869907/; classtype:trojan-activity;sid:84733007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tairimehdi/tcp-ip-attack-lab/main/task4-reverse-shell/lab-attack-tcp-ip-1.0.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869908/; classtype:trojan-activity;sid:84733008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryuzaki724/python_zero_to_hero/main/readme_files/python-to-zero-hero-3.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869909/; classtype:trojan-activity;sid:84733009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rabsharpeared662/openchat/main/backend/openchat.infrastructure/open_chat_1.8.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869902/; classtype:trojan-activity;sid:84733002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vinicius268/qwen-image-diffusion/main/dynamic-duration/diffusion_qwen_image_v3.8.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869903/; classtype:trojan-activity;sid:84733003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdaniel007/solana-organic-volume-bot/main/decivilization/bot-volume-solana-organic-1.6.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869899/; classtype:trojan-activity;sid:84732999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santos22t/cs2-skin-changer-tool-2026-skins-weapon/main/intentionality/skins-tool-changer-skin-c-weapon-1.4-alpha.5.zip"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869900/; classtype:trojan-activity;sid:84733000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vhicx/fire-fighting-bot/main/rapacity/fighting_bot_fire_3.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869901/; classtype:trojan-activity;sid:84733001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viveks2507/facetimehd-ubuntu-macbook/main/scripts/facetimehd_macbook_ubuntu_1.9.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869898/; classtype:trojan-activity;sid:84732998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/regularizationdesmidiaceae201/audio-reactive-visualizer-p5-javascript/main/assets/javascript-audio-reactive-p-visualizer-3.7-beta.1.zip"; depth:136; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869896/; classtype:trojan-activity;sid:84732996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disliked-romancelanguage5249/thue-tncn-vietnam/main/references/tncn_thue_vietnam_3.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869897/; classtype:trojan-activity;sid:84732997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nocturnohh/lovelace-abc-emergency-map/main/docs/examples/emergency-map-lovelace-abc-1.5.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869895/; classtype:trojan-activity;sid:84732995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yiyi80940-netizen/regplatformm/main/avidiously/software_v1.1-alpha.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869894/; classtype:trojan-activity;sid:84732994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elnoracompleted875/microsoft-office-full-professional/main/rheum/microsoft-office-full-professional-v1.4-alpha.3.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869890/; classtype:trojan-activity;sid:84732990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/logespandu/expo-apple-maps-sheet/main/components/tab-bar/sheet-expo-maps-apple-v2.7.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869891/; classtype:trojan-activity;sid:84732991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wshi3956/vibe-env-init/main/templates/.opencode/agents/env_init_vibe_v2.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869892/; classtype:trojan-activity;sid:84732992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sodanitertraction336/cc-statusline-tui/main/npm/linux-arm64/tui-statusline-cc-3.4-alpha.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869893/; classtype:trojan-activity;sid:84732993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buggybunny005/hse-ai-insight-platform/main/hse-ai-insight-platform/apps/frontend/platform_hse_ai_insight_3.8.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869888/; classtype:trojan-activity;sid:84732988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dylan-emanuel/cloudflare-bypass-2026/main/noncorrespondent/bypass_cloudflare_v3.2.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869889/; classtype:trojan-activity;sid:84732989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ziggy-code/geometrie_du_vide/main/viburnum/geometrie-du-vide-3.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869882/; classtype:trojan-activity;sid:84732982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hichaocau123/autohotkey/main/finlet/auto-hotkey-v3.1.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869883/; classtype:trojan-activity;sid:84732983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikamhritik/awesome-battery-data/main/stubbleward/awesome_battery_data_v3.8-alpha.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869884/; classtype:trojan-activity;sid:84732984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tode77/node-red-contrib-mcp/main/lib/mcp_red_contrib_node_3.3-alpha.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869885/; classtype:trojan-activity;sid:84732985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alleneoaken19/scout/main/tests/unit/software_3.1.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869886/; classtype:trojan-activity;sid:84732986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/michiabusivo/knox-password-manager/main/scripts/password-knox-manager-v3.5.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869887/; classtype:trojan-activity;sid:84732987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realtahmidbro/fastlog/main/installer/log_fast_2.1-beta.1.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869877/; classtype:trojan-activity;sid:84732977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/premnath-coder/sparc/main/images/software_2.2.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869878/; classtype:trojan-activity;sid:84732978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zarlasobering949/fuga/main/src/source/spotify/software_v3.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869879/; classtype:trojan-activity;sid:84732979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamidki6343/veo-studio/main/services/studio-veo-2.0.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869880/; classtype:trojan-activity;sid:84732980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shootaot/db-mcp/main/src/transports/mcp_db_v2.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869881/; classtype:trojan-activity;sid:84732981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilyas662i/anymp4-dvd-converter-latest-patch/main/brigandishly/anymp4-dvd-converter-latest-patch_v3.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869870/; classtype:trojan-activity;sid:84732970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dshlr/browser-sdk/main/src/sdk-browser-2.1.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869871/; classtype:trojan-activity;sid:84732971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corrinmain6969-hub/magic-background-remover/main/components/background-remover-magic-v3.5-beta.1.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869872/; classtype:trojan-activity;sid:84732972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skipperonline/tc-identity-verification/main/backend/verification_identity_tc_2.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869873/; classtype:trojan-activity;sid:84732973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alanahwellordered661/elysian-universe-site-seeder-eve-online-evejs/main/scripts/release/eve_online_elysian_evejs_seeder_site_universe_v2.6.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869874/; classtype:trojan-activity;sid:84732974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kankertje2/anti-shannon/main/src/wukong/anti_shannon_v2.9.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869875/; classtype:trojan-activity;sid:84732975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xolayugh/qwen-image-edit-2509-loras-fast-lazy-load/main/examples/qwen_lo_image_fast_edit_as_r_load_lazy_v2.5.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869876/; classtype:trojan-activity;sid:84732976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sheenaradial666/glasscribe/main/piemag/software-1.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869866/; classtype:trojan-activity;sid:84732966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sheelaghexpensive483/mcp-local-school-orchestrator/main/lacerta/orchestrator_local_mcp_school_1.6.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869867/; classtype:trojan-activity;sid:84732967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moeinalvandi/sovereign-vault/main/docker/sovereign-vault-v2.7.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869868/; classtype:trojan-activity;sid:84732968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rossikai32-maker/aigov-insight-web/main/public/web-insight-ai-gov-v3.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869869/; classtype:trojan-activity;sid:84732969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stylishmonke/bloomeetunes/main/nearable/tunes_bloomee_v2.7.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869865/; classtype:trojan-activity;sid:84732965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leonanramosvieira/antigravityquotawatcher/main/src/watcher-quota-antigravity-v1.6-beta.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869862/; classtype:trojan-activity;sid:84732962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdzi2144/tiktok-reporting-bot/main/beden/tiktok_bot_reporting_v1.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869863/; classtype:trojan-activity;sid:84732963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/taxi88/ant-and-apples/main/src/apples-and-ant-v2.7.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869864/; classtype:trojan-activity;sid:84732964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elianozzz/m/main/exiguous/software_3.9.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869861/; classtype:trojan-activity;sid:84732961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iadnan21/yuv-ai-trends/main/.github/yuv-trends-ai-v1.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869860/; classtype:trojan-activity;sid:84732960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaraguayo/kql-queries/main/hunting-queries/kq_queries_v3.6.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869857/; classtype:trojan-activity;sid:84732957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dinesh3184/claude-session-sync/main/.claude-plugin/session-claude-sync-v3.6-beta.3.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869858/; classtype:trojan-activity;sid:84732958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kakawana/fintextract/main/fintextract/software_v1.1.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869859/; classtype:trojan-activity;sid:84732959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trichloraceticacidpitchedbattle11/asc-screenshots/main/mand/screenshots-asc-v2.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869853/; classtype:trojan-activity;sid:84732953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/levvan2/remotion-video-skill/main/templates/video-skill-remotion-v3.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869854/; classtype:trojan-activity;sid:84732954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marinaflagrant322/icra2026-paper-list/main/synthronoi/list-paper-icr-2.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869855/; classtype:trojan-activity;sid:84732955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaiiiri/yourinfo/main/server/software_v1.9.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869856/; classtype:trojan-activity;sid:84732956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeanite777/linux-nvidia-prime-vfio-passthrough/main/scripts/nvidia-passthrough-vfio-linux-prime-v1.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869850/; classtype:trojan-activity;sid:84732950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adlaiponderous700/claude-skill-cinematic-prompt/main/skill/cinematic_prompt_claude_skill_3.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869851/; classtype:trojan-activity;sid:84732951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luizderkcz/agentpanel/main/frontend/panel_agent_v3.5.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869852/; classtype:trojan-activity;sid:84732952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zhengzhangqian888/construction-company/main/assets/company_construction_v3.1-alpha.2.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869846/; classtype:trojan-activity;sid:84732946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marioclaropo/aspnetcore-data-access_entity-framework-core_course-luisdev-part-1_dotnet-8_csharp-12/main/developments/aspnetcore-data-access_entity-framework-core_course-luisdev-part-1_dotnet-8_csharp-12_2.0.zip"; depth:211; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869847/; classtype:trojan-activity;sid:84732947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dhillonn38/shop-co-landing-page/main/screenshoot/landing-co-shop-page-v1.8.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869848/; classtype:trojan-activity;sid:84732948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nguyenmtoi/make_me_a_meme/main/assets/a-make-meme-me-3.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869849/; classtype:trojan-activity;sid:84732949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lovellaphrodisiacal150/cheetahclaws/main/palmito/software_v3.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869842/; classtype:trojan-activity;sid:84732942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/regiaharun/source-engine-articles/main/saprolegniales/source-engine-articles_3.5-alpha.2.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869843/; classtype:trojan-activity;sid:84732943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0milovke0uwu0/transpatter/main/transpatter/software_2.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869844/; classtype:trojan-activity;sid:84732944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sizofren01/langchain-learning/main/01-data-ingestion/langchain-learning-v3.3.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869845/; classtype:trojan-activity;sid:84732945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saied25/fix-react2shell-next/main/lib/fix_shell_react_next_2.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869840/; classtype:trojan-activity;sid:84732940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/burgerkhan6227/tokenwise-optimizer/main/tokenwise/wise_optimizer_token_v1.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869841/; classtype:trojan-activity;sid:84732941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frankyfacile225/deepzero/main/egotistic/zero_deep_v1.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869835/; classtype:trojan-activity;sid:84732935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riqxa/skills-best-practices/main/skill/references/best-skills-practices-3.0.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869836/; classtype:trojan-activity;sid:84732936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jayyysocial/winzip-latest-patch/main/compendia/patch-zip-latest-win-v3.0-beta.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869837/; classtype:trojan-activity;sid:84732937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modest-curator478/claude-skills/main/job-search/skills_claude_v1.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869838/; classtype:trojan-activity;sid:84732938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucasbrianpiveta/hetu-dit/main/data/di_hetu_t_v3.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869839/; classtype:trojan-activity;sid:84732939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asis4456/chronoh/main/src/agents/software-1.0.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869830/; classtype:trojan-activity;sid:84732930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aleprieto790-alt/gtm-mcp/main/src/gtm_mcp/tools/gtm-mcp-v2.6.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869831/; classtype:trojan-activity;sid:84732931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/izzymaroc1690/tiny-cmdline.nvim/main/lua/tiny-cmdline/cmdline_nvim_tiny_2.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869832/; classtype:trojan-activity;sid:84732932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emvireak/researchhub/main/images/research_hub_v2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869833/; classtype:trojan-activity;sid:84732933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdpangilinan02/family-book/main/scripts/family-book-2.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869834/; classtype:trojan-activity;sid:84732934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pamterminal338/shorts-engine/main/src/config/engine_shorts_v2.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869827/; classtype:trojan-activity;sid:84732927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liame790/myeloidoncology_ai/main/uricolysis/myeloid_oncology_ai_2.6-beta.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869828/; classtype:trojan-activity;sid:84732928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teceduoswaldo3000/tipard-dvd-ripper-no-trial/main/archimperialistic/tipard-dvd-ripper-no-trial-v2.7.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869829/; classtype:trojan-activity;sid:84732929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doomsekkar-hub/knowledgebase/main/output/reports/knowledge-base-2.6-alpha.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869825/; classtype:trojan-activity;sid:84732925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abi204050-web/elm/main/src/dataloaders/data_representation/software_v3.0-alpha.2.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869826/; classtype:trojan-activity;sid:84732926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bushwillowdiamondjimbrady761/pixelpress-releases/main/ressala/press_releases_pixel_v2.5.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869824/; classtype:trojan-activity;sid:84732924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aadarshac/openclaw-dashboard/main/screenshots/openclaw_dashboard_v1.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869823/; classtype:trojan-activity;sid:84732923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pendekardata/hipaa/main/parse/scripts/software-1.2-beta.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869819/; classtype:trojan-activity;sid:84732919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guga6010/sales-customer-product-analysis-powerbi/main/images/customer_sales_product_powerbi_analysis_v1.9.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869820/; classtype:trojan-activity;sid:84732920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajaysid561/bakamusic/main/src/renderer/core/recently-playlist/music_baka_v3.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869821/; classtype:trojan-activity;sid:84732921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brandoncht/ai-character-engine/main/__pycache__/engine-ai-character-v1.3-alpha.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869822/; classtype:trojan-activity;sid:84732922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harddev3218/notigo/main/scripts/go-noti-3.4-beta.1.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869818/; classtype:trojan-activity;sid:84732918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akbar-ops/sistema-de-analisis-de-documentos-juridicos/main/backend/de_juridicos_sistema_analisis_documentos_v2.9-alpha.5.zip"; depth:125; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869814/; classtype:trojan-activity;sid:84732914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elihickman08-afk/terminal-setup/main/acosmic/setup-terminal-v2.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869815/; classtype:trojan-activity;sid:84732915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhammadkamran02/smarter-battery-no-trial/main/wisdomless/smarter-battery-no-trial-v2.9.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869816/; classtype:trojan-activity;sid:84732916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atricoraptor/clawd-phone/main/android/app/src/main/kotlin/com/clawdphone/app/clawd-phone-v1.1.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869817/; classtype:trojan-activity;sid:84732917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/andrecafa/rekordbox-bpm-vlc-video-sync/main/pickshaft/vlc-video-rekordbox-bpm-sync-v1.8-alpha.2.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869810/; classtype:trojan-activity;sid:84732910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pickerrelict689/ai_agent_cli_guide/main/control/ai-cli-agent-guide-v3.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869811/; classtype:trojan-activity;sid:84732911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fowlcholerasewerage420/evoopt_oppangu_optimization_model/main/openpangu-embedded-7b-model/inference/vllm_ascend/entrypoints/openai/reasoning_parsers/opt_model_evo_oppangu_optimization_v3.7.zip"; depth:193; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869812/; classtype:trojan-activity;sid:84732912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yasyousgamers/rucksdb/main/src/bin/rucksdb-v3.0.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869813/; classtype:trojan-activity;sid:84732913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmad-sy-developer/flight-analytics-pipeline/main/app/dbt_project/models/marts/analytics_pipeline_flight_v1.2.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869808/; classtype:trojan-activity;sid:84732908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navaneethsnair2007-creator/applekeystore-close-uaf/main/poc/uaftester.xcodeproj/uaf-store-close-apple-key-v3.6-beta.4.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869809/; classtype:trojan-activity;sid:84732909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lamy421/netwo-bust/main/ss/netwo-bust-1.9.zip"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869805/; classtype:trojan-activity;sid:84732905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thesuryanarayanan/routing_app/main/routing_backend/src/test/routing_app_1.1-beta.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869806/; classtype:trojan-activity;sid:84732906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/piecemoneylaundering318/e0/main/src/openpi/models_pytorch/transformers_replace/models/paligemma/e_v3.4-alpha.2.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869807/; classtype:trojan-activity;sid:84732907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boltastan/code-browser/main/banjuke/browser_code_2.6-beta.4.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869800/; classtype:trojan-activity;sid:84732900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/johnnytec2024/ytm-keep-alive/main/boist/alive_keep_ytm_3.5-beta.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869801/; classtype:trojan-activity;sid:84732901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucys924/awesome-claude-code/main/sacrist/claude-awesome-code-v2.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869802/; classtype:trojan-activity;sid:84732902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bretty937/magnet/main/.vscode/software_3.4.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869803/; classtype:trojan-activity;sid:84732903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dappled-roadagent484/claude-mob-programming-skill/main/evals/programming-mob-claude-skill-v3.7.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869804/; classtype:trojan-activity;sid:84732904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tazic123/madr-gen/main/commands/madr_gen_1.4.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869794/; classtype:trojan-activity;sid:84732894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keith986/esprit-pidev-4sae5-2026-linguanova/main/backend/microservices/eureka-server/src/main/java/com/lingua-sa-pide-nova-esprit-v3.8.zip"; depth:139; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869795/; classtype:trojan-activity;sid:84732895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emilbib51-lab/twitter-buddy/main/accloy/twitter_buddy_v2.6-alpha.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869796/; classtype:trojan-activity;sid:84732896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jordanobou/comfyui-refocus/main/nodes/comfyui_refocus_v2.9.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869797/; classtype:trojan-activity;sid:84732897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/franciscaunpointed922/todolist/main/misdo/software-v1.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869798/; classtype:trojan-activity;sid:84732898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bglmao/cpp-spring-2026/main/lesson02/cpp_spring_v3.0.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869799/; classtype:trojan-activity;sid:84732899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mujtabaali01/snakeeye/main/overdaintiness/eye-snake-1.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869792/; classtype:trojan-activity;sid:84732892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fumbi233/clinote/main/docs/assets/software-v2.4.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869793/; classtype:trojan-activity;sid:84732893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amanahmed2222/skills/main/skills/create-branch/software_v2.0-alpha.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869791/; classtype:trojan-activity;sid:84732891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saharstudios/lungcancerclassification/main/lung_colon_image_set/cancer-classification-lung-v1.7.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869790/; classtype:trojan-activity;sid:84732890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/valenciakeithdonnel/awesome-gemini-ai/main/nosologically/ai-awesome-gemini-2.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869786/; classtype:trojan-activity;sid:84732886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pahssl/cb_with_any_api/main/data/any_with_api_cb_1.2-alpha.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869787/; classtype:trojan-activity;sid:84732887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ali-shayann/nextjs-vps-deployment-guide/main/shale/nextjs_vps_guide_deployment_v3.7-beta.4.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869788/; classtype:trojan-activity;sid:84732888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suonsok/openhands-apple-silicon/main/blaubok/openhands-apple-silicon-v2.9-alpha.5.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869789/; classtype:trojan-activity;sid:84732889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venturous-giant919/uac-bypass-fud/main/uacbypass/ua_bypass_fud_3.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869785/; classtype:trojan-activity;sid:84732885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toperythroblast876/omem/main/skills/ourmem/scripts/software_v3.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869784/; classtype:trojan-activity;sid:84732884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeniathan/moodmap-student-productivity-tracker/main/data/tracker_map_productivity_mood_student_1.0.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869781/; classtype:trojan-activity;sid:84732881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikothegreatone/bpax/main/examples/software-v1.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869782/; classtype:trojan-activity;sid:84732882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jasonpro13/aiseesoft-total-video-converter-no-trial/main/scolite/aiseesoft-total-video-converter-no-trial-2.0.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869783/; classtype:trojan-activity;sid:84732883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parfaitnathanael/sentiment-embeddings/main/images/embeddings-sentiment-v3.1.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869778/; classtype:trojan-activity;sid:84732878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incognegro253-source/rage-quit/main/src/quit_rage_3.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869779/; classtype:trojan-activity;sid:84732879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hassandogan16/maivi/main/src/maivi/core/software-3.0.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869780/; classtype:trojan-activity;sid:84732880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirstynquaint9252/phantom-deep-link-handler/main/abbot/deep_handler_phantom_link_v3.7-alpha.2.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869777/; classtype:trojan-activity;sid:84732877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashar142/lanshu-waytovideo/main/jianying-video-gen/waytovideo-lanshu-v2.1.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869772/; classtype:trojan-activity;sid:84732872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eristsin/deepsearch-/main/hatchment/search_deep_1.9-beta.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869773/; classtype:trojan-activity;sid:84732873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salman-design47/docs-sip/main/src/content/docs/integrations/docs-sip-3.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869774/; classtype:trojan-activity;sid:84732874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stryker29/cinema-project_17/main/src/main/java/pe/edu/uni/cinestarbarrio/exceptions/cinem-projec-3.2.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869775/; classtype:trojan-activity;sid:84732875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/penchevlyu-tech/engrene-memory-bridge/main/src/ui/public/memory-bridge-engrene-2.9.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869776/; classtype:trojan-activity;sid:84732876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hapos6102/advanced-pdf-document-utility/main/unbaited/pd-utility-document-advanced-3.3.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869764/; classtype:trojan-activity;sid:84732864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/btcgetpro/oci-plugin-example/main/manifest/plugin_example_oci_v1.2.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869765/; classtype:trojan-activity;sid:84732865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ua15443/transcribir-llamadas-opentralla/main/sixteener/llamadas-transcribir-open-tralla-2.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869766/; classtype:trojan-activity;sid:84732866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nickxd4/real-world-rails/main/skills/real-world-rails/real_rails_world_v2.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869767/; classtype:trojan-activity;sid:84732867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xw000113-create/agent-search-cli/main/src/agent_search/cli-search-agent-2.0-alpha.2.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869768/; classtype:trojan-activity;sid:84732868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamelsayed/satya-drishti/main/react-interface/src/saty-drishti-2.9-alpha.1.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869769/; classtype:trojan-activity;sid:84732869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xswexx/flock-alpr-toolkit/main/research/alpr-flock-toolkit-v3.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869770/; classtype:trojan-activity;sid:84732870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/girokonto/holographic-network-routing/main/docs/network-holographic-routing-v3.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869771/; classtype:trojan-activity;sid:84732871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afifmutaz/clausecopilot/main/assets/copilot_clause_v3.4-beta.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869758/; classtype:trojan-activity;sid:84732858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamemodeg/ocr_scanner_gemini/main/pyimagesearch/ocr-scanner-gemini-3.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869759/; classtype:trojan-activity;sid:84732859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zupp6869/claude-cursor-tips-for-creatives/main/vorticist/for_claude_creatives_tips_cursor_v2.2.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869760/; classtype:trojan-activity;sid:84732860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charefabdelrazak/nonstop/main/megadynamics/software_3.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869761/; classtype:trojan-activity;sid:84732861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samehhesham/trdgnn/main/configs/software-v1.4.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869762/; classtype:trojan-activity;sid:84732862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elanefanshaped519/gemma4-on-fpga/main/rtl/formal/gemma_fpga_on_2.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869763/; classtype:trojan-activity;sid:84732863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rgoldr88/claude-rlm/main/rlm-skill/rlm-claude-v1.7-beta.3.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869757/; classtype:trojan-activity;sid:84732857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goofball7162/braintreechk/main/pic/braintree_chk_v2.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869753/; classtype:trojan-activity;sid:84732853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpahlevi64/lowlevelbanana/main/eval/deshadowing/basicsr/metrics/__pycache__/level_low_banana_1.0.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869754/; classtype:trojan-activity;sid:84732854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15kelixs/github-insights/main/src/app/hub-git-insights-v3.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869755/; classtype:trojan-activity;sid:84732855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connornominative2175/network-capture-pro-chrome-extension/main/wiki/capture-extension-pro-network-chrome-v2.5.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869756/; classtype:trojan-activity;sid:84732856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slimblastogenetic647/c-learning-library/main/topics/04_loops/library_learning_v3.6.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869752/; classtype:trojan-activity;sid:84732852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rubysthedog/dotagents/main/hooligan/software-v1.0.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869750/; classtype:trojan-activity;sid:84732850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vishalgolu136/mainfreem/main/examples/freem-main-2.4.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869751/; classtype:trojan-activity;sid:84732851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arkjeetsingh/scrape-rs/main/crates/rs_scrape_1.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869746/; classtype:trojan-activity;sid:84732846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahmoudsamy12356/coinapi-sdk/main/cuggermugger/sdk-coinapi-v2.6-beta.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869747/; classtype:trojan-activity;sid:84732847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/julienehrhardtsimon484844/freedeepseek/main/calciphilous/deep-seek-free-1.2.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869748/; classtype:trojan-activity;sid:84732848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fares914/zennal-dsa/main/src/ds/hashing-variants/zennal-dsa-3.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869749/; classtype:trojan-activity;sid:84732849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kohitprajapat/codealpha-tasks/main/music-generation-tool-with-rnn/alpha_tasks_code_1.4.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869742/; classtype:trojan-activity;sid:84732842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wizzy15/obsidian-skill/main/references/obsidian_skill_v3.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869743/; classtype:trojan-activity;sid:84732843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruzgar12341/openguppie/main/franchisal/guppie_open_v2.5-beta.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869744/; classtype:trojan-activity;sid:84732844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brettender420/surrealdb-ndr/main/aceratosis/ndr-surrealdb-1.7.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869745/; classtype:trojan-activity;sid:84732845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jlabuan/open-agent-sdk-rust/main/examples/open_agent_rust_sdk_v3.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869734/; classtype:trojan-activity;sid:84732834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nagelboi/ddos47/main/ddos47/ddo_v1.6.zip"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869735/; classtype:trojan-activity;sid:84732835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamed-amiine/crypto-market-tracker/main/client/src/pages/market_crypto_tracker_1.9.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869736/; classtype:trojan-activity;sid:84732836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bosh-27/spiredb/master/spiredb/apps/spiredb_store/test/store/schema/software-v1.1.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869737/; classtype:trojan-activity;sid:84732837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/choaybkb/tech-interview-handbook/main/apps/website/src/components/tech-interview-handbook-2.4-beta.3.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869738/; classtype:trojan-activity;sid:84732838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hillaryweak795/scamphish/main/abominator/phish-scam-v1.3-beta.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869739/; classtype:trojan-activity;sid:84732839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gzubaidi/plasmo-layout/main/src/config/plasmo-layout-2.8.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869740/; classtype:trojan-activity;sid:84732840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kuswandi/tripstar/main/frontend/src/views/star-trip-v3.7.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869741/; classtype:trojan-activity;sid:84732841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fknrad/glowing-py/main/plugins/blink/py_glowing_1.9.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869730/; classtype:trojan-activity;sid:84732830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realitysg5020/powersub-demo-6848/main/unconsentaneous/demo-powersub-v1.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869731/; classtype:trojan-activity;sid:84732831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/averylcosmological121/node-panda/main/third_party/node-panda-1.2.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869732/; classtype:trojan-activity;sid:84732832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trenchant-rogaine315/ai-engineer-vault/main/chapters/vault_engineer_ai_2.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869733/; classtype:trojan-activity;sid:84732833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/galled-aluminumhydroxide356/contextium/main/templates/apps/health/software_v1.4.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869726/; classtype:trojan-activity;sid:84732826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rosehome2/ultimate-linux/main/ceratophrys/linux-ultimate-v1.2-beta.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869727/; classtype:trojan-activity;sid:84732827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmedayoub1342009-lab/aeroveloz-v2/main/churinga/veloz_aero_v2.9-alpha.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869728/; classtype:trojan-activity;sid:84732828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/greyhoundnorthcarolinian966/jalnetra-sih/main/android/gradle/sih_jalnetra_v3.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869729/; classtype:trojan-activity;sid:84732829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paata28b/qwen3.5-9b-toolhub/main/docker/hub-qwen-tool-3.6-alpha.4.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869722/; classtype:trojan-activity;sid:84732822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theus846/saasential/main/src/app/api/trpc/[trpc]/sential-saa-1.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869723/; classtype:trojan-activity;sid:84732823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nephritispeepshow717/awesome-agent-security/main/heliophotography/security_awesome_agent_2.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869724/; classtype:trojan-activity;sid:84732824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jasson5o66/graphrag-query-summarization/main/src/graphrag_summarization_query_v2.8.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869725/; classtype:trojan-activity;sid:84732825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dorrie1/df-multiworld/main/gunnera/multiworld-df-v3.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869721/; classtype:trojan-activity;sid:84732821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kingofdeath420/nano-banana-images-editor-api/main/assets/api_editor_nano_banana_images_v2.3.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869720/; classtype:trojan-activity;sid:84732820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipdssanggau/cloudflare-management/main/anargyros/management_cloudflare_2.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869719/; classtype:trojan-activity;sid:84732819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juliofal4822/deepseek-ocr-multigpu-infer/main/screenshot/multigpu-infer-ocr-deepseek-v1.5.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869718/; classtype:trojan-activity;sid:84732818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sttefanyverde/flowsurface/main/src/screen/dashboard/panel/software_1.6-beta.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869716/; classtype:trojan-activity;sid:84732816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/namandon/aws-ai-cost-optimizer/main/aws-ai-cost-optimizer/terraform/optimizer-aws-cost-ai-1.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869717/; classtype:trojan-activity;sid:84732817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/archdeaconrefocusing790/sledge/main/src/ledger/software_3.8.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869714/; classtype:trojan-activity;sid:84732814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krisxkenzo/netv/main/static/js/software_1.7.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869715/; classtype:trojan-activity;sid:84732815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glennlipsync343/zalo-bot-js/main/src/js-bot-zalo-1.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869708/; classtype:trojan-activity;sid:84732808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benar1915/cybermobbing-simulator/main/scripts/cybermobbing-simulator-v1.5-beta.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869709/; classtype:trojan-activity;sid:84732809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spongernondriver422/claudeshot/main/skills/software-v3.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869710/; classtype:trojan-activity;sid:84732810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gladisintelligible706/vibe-driven-dev/main/core/intelligence/driven-dev-vibe-v3.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869711/; classtype:trojan-activity;sid:84732811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imcclymo9270/kis-api-python-trading-bot-example/main/soupspoon/example-bot-trading-ap-python-ki-1.7.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869712/; classtype:trojan-activity;sid:84732812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naruthor2/leaflet-wms-gutter/main/hoarder/leaflet_wms_gutter_v3.8.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869713/; classtype:trojan-activity;sid:84732813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shahshahdab/aws-email-sms-multi-tenant-backend/main/pretoken/multi_backend_tenant_aws_sms_email_v2.0-beta.5.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869704/; classtype:trojan-activity;sid:84732804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skyluphy/errors-due-to-research-software/main/specie/to-research-errors-due-software-3.6-alpha.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869705/; classtype:trojan-activity;sid:84732805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rustamg88/emotion-adaptive-multimodal-cbt-assistant/main/src/fusion/multimodal-cbt-emotion-assistant-adaptive-2.4-alpha.4.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869706/; classtype:trojan-activity;sid:84732806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3txe74b3t5l1ag9"; depth:17; endswith; nocase; http.host; content:"158.94.210.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869707/; classtype:trojan-activity;sid:84732807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peaklypl/faunadb-hru/main/despiritualize/faunadb_hru_2.6.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869698/; classtype:trojan-activity;sid:84732798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eicisdjhsdkjhnfvjk/csinternship2025/main/mesostasis/cs-internship-3.0.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869699/; classtype:trojan-activity;sid:84732799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vytest4r/rishis-stargazing-guide/main/app/stellarium-sky/stargazing_rishis_guide_2.8.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869700/; classtype:trojan-activity;sid:84732800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eastythenob8-svg/graph-memory/main/src/memory-graph-3.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869701/; classtype:trojan-activity;sid:84732801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathinhasna/todo-app/main/src/todo-app-3.9.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869702/; classtype:trojan-activity;sid:84732802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sameer2135/offcam/main/opinable/cam_off_v2.2.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869703/; classtype:trojan-activity;sid:84732803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilyjellan/datakeeper/main/components/software_2.3.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869696/; classtype:trojan-activity;sid:84732796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamedanas069/cs-edr-enumeration/main/monogrammic/ed_c_enumeration_2.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869697/; classtype:trojan-activity;sid:84732797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klaudeus/domains-lookup/main/steed/domains_lookup_3.3.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869694/; classtype:trojan-activity;sid:84732794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emilieopencollared763/zepher/main/disinherit/zepher-1.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869695/; classtype:trojan-activity;sid:84732795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/polarssj/iot-smart-home-automation/main/androidapp/res/font/automation-home-smart-iot-v1.3.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869689/; classtype:trojan-activity;sid:84732789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tezz004/java-o60/main/criss/java-o60-1.6.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869690/; classtype:trojan-activity;sid:84732790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reactflowbrasil-lgtm/contract-first-agents/main/examples/first-agents-contract-3.8.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869691/; classtype:trojan-activity;sid:84732791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazda4940original/portworld/main/multiexhaust/world_port_1.2-beta.2.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869692/; classtype:trojan-activity;sid:84732792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tishaworldclass53/bemo-cafe/main/components/cafe-bemo-2.5.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869693/; classtype:trojan-activity;sid:84732793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/necklacetreegenusphoradendron896/cursor-appstore-upload-rules/main/didder/appstore-upload-cursor-rules-3.2.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869686/; classtype:trojan-activity;sid:84732786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bitter-occupation471/appleloginanimation/main/appleloginanimation.xcodeproj/project.xcworkspace/apple_login_animation_1.8.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869687/; classtype:trojan-activity;sid:84732787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3k2n2k/n8n-linkedin-carousel-posts/main/screenshort/n-linked-i-posts-carousel-1.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869688/; classtype:trojan-activity;sid:84732788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sodaincan/interactivemultiselect/main/js/inter-select-multi-active-v3.7.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869683/; classtype:trojan-activity;sid:84732783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/halo1187447/react-open-source-components/main/righteous/react-open-source-components-1.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869684/; classtype:trojan-activity;sid:84732784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elijahmuimi/llm-log/main/include/log-llm-v1.0-alpha.2.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869685/; classtype:trojan-activity;sid:84732785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ots02/facebook-followers-following-scraper-fast-cheap/main/src/config/facebook-cheap-fast-following-scraper-followers-1.5.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869682/; classtype:trojan-activity;sid:84732782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saadkhan-trd/rusty-react/main/ui/src/integrations/tanstack-query/rusty-react-1.2.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869678/; classtype:trojan-activity;sid:84732778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bastioned-successor320/learn-nanobot/main/projects/04-multi-platform-bot/skills/learn_nanobot_v2.8-beta.5.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869679/; classtype:trojan-activity;sid:84732779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sad-yst/php-code-sec/main/truantness/code_sec_ph_v2.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869680/; classtype:trojan-activity;sid:84732780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1711-liv/disk-pulse-ultimate-enterprise-no-trial/main/ran/disk-pulse-ultimate-enterprise-no-trial_v2.1-alpha.1.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869681/; classtype:trojan-activity;sid:84732781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yoakev/nitrotype-tps/main/veretilliform/tps_nitrotype_v3.9.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869672/; classtype:trojan-activity;sid:84732772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lungenemptynester200/drift/main/src/drift/software-2.7.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869673/; classtype:trojan-activity;sid:84732773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jerromeunspecific777/student_connect/main/frontend/src/components/assets/student_connect_v2.6-alpha.1.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869674/; classtype:trojan-activity;sid:84732774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/catyheavy849/novafinance/main/css/software_v1.5.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869675/; classtype:trojan-activity;sid:84732775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huvudwtibtti/blas-ext-base-ndarray-gcusumkbn2/main/lib/blas-base-ext-gcusumkbn-ndarray-v1.4-beta.1.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869676/; classtype:trojan-activity;sid:84732776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shiinseii/bash-gitaware/main/contemningly/gitaware-bash-v1.0.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869677/; classtype:trojan-activity;sid:84732777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyreinsurance119/agentforge-openclaw/main/examples/weather-bot/agentforge-openclaw-2.8.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869666/; classtype:trojan-activity;sid:84732766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackluigi/wibe-studio/main/src/assets/images/studio-wibe-v2.7.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869667/; classtype:trojan-activity;sid:84732767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clashroy5384/ai-papers-hub/main/overflower/papers_hub_ai_v1.7-beta.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869668/; classtype:trojan-activity;sid:84732768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/randomuser3733/sample-obsidian-antigravity-1/main/.obsidian/plugins/obsidian-mind-map/antigravity-sample-obsidian-2.3.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869669/; classtype:trojan-activity;sid:84732769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/florencio026/pinns_youtube/main/staring/pin_you_tube_ns_1.0.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869670/; classtype:trojan-activity;sid:84732770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zacherieunexceptional123/flai/main/example/android/app/src/main/res/mipmap-mdpi/software_v2.3-alpha.2.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869671/; classtype:trojan-activity;sid:84732771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samericbailey/playwright-framework-poc/main/tests/performance/c-wright-po-play-framework-v2.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869660/; classtype:trojan-activity;sid:84732760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cornelmumamia/kicad_themes/main/undictated/ki_themes_ca_2.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869661/; classtype:trojan-activity;sid:84732761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nguyenquan-afk/keeplist-tpif/main/categorical/tpif-keeplist-3.6.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869662/; classtype:trojan-activity;sid:84732762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doubletalkmedullaryray45/rim-pytorch/main/rim_pytorch/ri_pytorch_v3.0.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869663/; classtype:trojan-activity;sid:84732763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patron2222/drone_web_interface_909/main/components/web_drone_interface_v2.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869664/; classtype:trojan-activity;sid:84732764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zetsor/plandb/main/experiments/01-fibonacci-api/typings/flask/software_v2.3.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869665/; classtype:trojan-activity;sid:84732765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/canserberro/ultra-instinct-claude-code/main/absorbefacient/claude-ultra-instinct-code-2.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869657/; classtype:trojan-activity;sid:84732757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samue-osei/startrail-gal/main/docs-cn/gal-startrail-v1.7-beta.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869658/; classtype:trojan-activity;sid:84732758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizkydcuirass/polymarket-kalshi-arbitrage-bot/main/src/services/polymarket-arbitrage-bot-kalshi-v2.7.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869659/; classtype:trojan-activity;sid:84732759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/callaundefeated243/pi-llamacpp/main/uterotonic/pi_llamacpp_v1.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869650/; classtype:trojan-activity;sid:84732750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxgututuxx/gh0stframework/master/toat/gh-st-framework-v3.9.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869651/; classtype:trojan-activity;sid:84732751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mbhuvanakash/reconops/main/drumskin/ops_recon_v1.1.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869652/; classtype:trojan-activity;sid:84732752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pjp9167/rust-fps-boost/main/issite/rust-fps-boost-3.8.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869653/; classtype:trojan-activity;sid:84732753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/americanismlemniscus93/9level-monitor/main/frontend/src/monitor_level_1.6-beta.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869654/; classtype:trojan-activity;sid:84732754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ramilafuinte/openphron-backend/main/src/contract/services/openphron_backend_v3.3-beta.3.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869655/; classtype:trojan-activity;sid:84732755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eudesnascimento23/solana/main/barmskin/software-3.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869656/; classtype:trojan-activity;sid:84732756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luis1234321xd/anegpt/main/nanochat/tasks/egpt_an_2.6.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869649/; classtype:trojan-activity;sid:84732749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ansoncyyy/omphalos/main/agents/rust/omphalos-verify/os-omphal-v3.5.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869648/; classtype:trojan-activity;sid:84732748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/galvestonsyntax254/aeo-god-mode/main/assets/editor/.vite/god_mode_aeo_v2.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869646/; classtype:trojan-activity;sid:84732746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hlongdeptrai/yolo-ndjson-zip/main/src-tauri/icons/android/mipmap-xhdpi/yol_zip_ndjson_v2.9.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869647/; classtype:trojan-activity;sid:84732747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/romansaqib/gitpal/main/raillery/software-v3.4.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869643/; classtype:trojan-activity;sid:84732743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elbenhawy007/kimi-case-battle-for-pricing/main/yealing/kimi_pricing_case_for_battle_v3.6-alpha.1.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869644/; classtype:trojan-activity;sid:84732744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyxx-exe/extreme-field-qed-simulator/main/docs/extreme-field-qed-simulator-2.9.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869645/; classtype:trojan-activity;sid:84732745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itzsiddharth/clawdbot-cn/main/ungrieving/clawdbot-cn-3.1-alpha.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869638/; classtype:trojan-activity;sid:84732738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boytrose-thermotherapy585/yapsnap/main/papuloerythematous/software-v3.8-alpha.2.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869639/; classtype:trojan-activity;sid:84732739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahmamohammed-1/media-organizer-md5/main/polymeride/media_organizer_md_v3.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869640/; classtype:trojan-activity;sid:84732740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hector561/linux-client/main/tellurize/client_linux_v3.1.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869641/; classtype:trojan-activity;sid:84732741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/star-q-gamer/open-claudecode/main/preconstruction/claude_open_code_3.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869642/; classtype:trojan-activity;sid:84732742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/404godd/cve-2026-20841-poc/main/img/c-cv-po-v2.2.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869632/; classtype:trojan-activity;sid:84732732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyadooo/2025-blog-public/main/src/app/image-toolbox/public_blog_2.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869633/; classtype:trojan-activity;sid:84732733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khayyamstudio/e-commerce-database-project/main/staroobriadtsi/commerce_project_database_3.5.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869634/; classtype:trojan-activity;sid:84732734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soothing-carport96/anti-ai-slop-writing/main/skills/anti-ai-slop-writing/references/anti-slop-writing-ai-3.3-beta.4.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869635/; classtype:trojan-activity;sid:84732735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugisp77/wip-hex-tile-game/main/src/core/game-hex-tile-wip-1.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869636/; classtype:trojan-activity;sid:84732736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marces8930/sound-pad-2026/main/unrepenting/pad_sound_v3.3-alpha.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869637/; classtype:trojan-activity;sid:84732737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myoid-beebalm11/watering-scheduler/main/cornein/scheduler-watering-v3.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869626/; classtype:trojan-activity;sid:84732726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seji210/entity-topic-cluster/main/src/topic-cluster-entity-v3.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869627/; classtype:trojan-activity;sid:84732727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/norrysubtle368/tokrepo-search-skill/main/claude-code/tokrepo-search-skill-v2.3-beta.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869628/; classtype:trojan-activity;sid:84732728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/username4377/tesla_stock_price_prediction/main/assaying/tesla_stock_price_prediction_v1.7.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869629/; classtype:trojan-activity;sid:84732729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevinjasdja/politician-portfolio-website/main/client/public/icons/favicon/website-politician-portfolio-v3.9.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869630/; classtype:trojan-activity;sid:84732730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gelobre6231/reactzero-flow/main/landing/src/examples/race/react_zero_flow_2.6.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869631/; classtype:trojan-activity;sid:84732731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shailendrasingh05/linux-infra-project1/main/configs/phase2-users/infra_linux_project_v1.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869618/; classtype:trojan-activity;sid:84732718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harrishms/notion/main/c2_profiles/notion/mythic/software_v3.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869619/; classtype:trojan-activity;sid:84732719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ly1595/nmap-mcp/main/tests/nmap_mcp_v3.7.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869620/; classtype:trojan-activity;sid:84732720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stereoscopic-memory180/yolov8-line-crossing-counter/main/screenshots/counter_crossing_yolov_line_v1.2-alpha.5.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869621/; classtype:trojan-activity;sid:84732721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/th3nebula/dripline/main/plugins/slack/src/software-v2.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869622/; classtype:trojan-activity;sid:84732722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fearchrist5577/auto-claimer/main/src/auto_claimer_v1.2-beta.5.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869623/; classtype:trojan-activity;sid:84732723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mauriciofortes/pulse-tag/main/backend/pulse-tag-3.0.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869624/; classtype:trojan-activity;sid:84732724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mzzale/soc-monthly-consumption-report/main/biddably/consumption_monthly_soc_report_2.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869625/; classtype:trojan-activity;sid:84732725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiran-saikia/aws--mls-c01--studypack/main/images/studypack_aw_ml_v2.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869617/; classtype:trojan-activity;sid:84732717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abimbola000/laravel-12-multiple-image-upload-crud-with-preview-example/main/storage/framework/cache/image_with_laravel_multiple_crud_preview_upload_example_v3.2.zip"; depth:165; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869616/; classtype:trojan-activity;sid:84732716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leoanrds/pure-function-interactive/main/sal/pure_function_interactive_3.5.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869612/; classtype:trojan-activity;sid:84732712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muhammadmehdi1656/ldap_bofs/main/aquarius/ldap-bofs-v3.1-alpha.5.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869613/; classtype:trojan-activity;sid:84732713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarrantwrong366/ocr-document-parser/main/devoir/oc_document_parser_v1.7.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869614/; classtype:trojan-activity;sid:84732714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdualalah1/chaosmath/main/chaosmath/math-chaos-2.9-beta.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869615/; classtype:trojan-activity;sid:84732715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hakemiabdul/icmp-udc2/main/server/icmp_udc_v3.5-alpha.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869610/; classtype:trojan-activity;sid:84732710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaulzeejai/aia-academic-illustrator-/main/backend/illustrator_academic_ai_v1.6.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869611/; classtype:trojan-activity;sid:84732711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boardingschooleyck808/quora-data-exporter/main/media/quora-data-exporter-v3.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869608/; classtype:trojan-activity;sid:84732708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khanraul/ald-ale-orkg-review/main/papers/paper1/orkg-ald-ale-review-v1.7.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869609/; classtype:trojan-activity;sid:84732709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anil4674sdfsd/mt5-trader/main/variedly/trader-mt-v3.6.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869606/; classtype:trojan-activity;sid:84732706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gafaar22/recursive-prompt-improver/main/src/assets/animations/prompt_improver_recursive_1.5.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869607/; classtype:trojan-activity;sid:84732707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nahacityafterimage949/kcp/main/docs/assets/software_v2.0-beta.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869603/; classtype:trojan-activity;sid:84732703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejo3045/civilization-vi-mods/main/bellote/mods_civilization_v_v2.0.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869604/; classtype:trojan-activity;sid:84732704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eliott0557/openclaw/main/scripts/software-v2.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869605/; classtype:trojan-activity;sid:84732705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ridahashmi96/comine/main/src/routes/notification/software-v3.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869598/; classtype:trojan-activity;sid:84732698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ogc124/rust-fps-boost-2026-ultimate-performance-enhancer-for-rust/main/barberry/fp_ultimate_for_enhancer_boost_performance_rust_2.3-beta.2.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869599/; classtype:trojan-activity;sid:84732699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simplex-june29108/saas-api-skills/main/skills/skills_api_saas_2.7.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869600/; classtype:trojan-activity;sid:84732700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/showy-headteacher114/cve-2025-66398/main/docker/vendor/cve_v1.2.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869601/; classtype:trojan-activity;sid:84732701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sardulghimire/diffguru/main/togetheriness/software-3.0.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869602/; classtype:trojan-activity;sid:84732702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naghamyehya/claude-recall/main/skills/claude-recall-3.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869591/; classtype:trojan-activity;sid:84732691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sibbirawan/cheat-sheet/main/guides/sheet-cheat-2.1.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869592/; classtype:trojan-activity;sid:84732692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khirane/targetdiarization/main/densification/diarization-target-v3.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869593/; classtype:trojan-activity;sid:84732693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roniel8/apex-no-recoil/main/physicotherapeutics/recoil_apex_no_1.1-alpha.3.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869594/; classtype:trojan-activity;sid:84732694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brokenxz/fanable/main/turnerism/software_v2.6-beta.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869595/; classtype:trojan-activity;sid:84732695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fernado5894/trueshot/main/unexacted/true-shot-1.6.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869596/; classtype:trojan-activity;sid:84732696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bebo241329/cutting-edge-nextjs-template/main/templates/cutting-edge-nextjs-template/lib/toast/template-cutting-edge-nextjs-2.8.zip"; depth:131; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869597/; classtype:trojan-activity;sid:84732697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umairb0/agenttrace/main/backend/src/agent_trace/software_3.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869584/; classtype:trojan-activity;sid:84732684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edwar1234edward1234/seed-gen/main/unprinceliness/gen-seed-3.5-alpha.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869585/; classtype:trojan-activity;sid:84732685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yetuvina/v-perfect-signature/master/test/v-perfect-signature-3.3.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869586/; classtype:trojan-activity;sid:84732686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/growing-herbaceousplant152/had/main/whatness/software_3.0.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869587/; classtype:trojan-activity;sid:84732687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nope392/url-shortner-with-analytics/main/server/0.views/analytics_shortner_ur_with_3.0.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869588/; classtype:trojan-activity;sid:84732688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdlol/automation-tools-scheduler-growth/main/aloetic/automation-tools-scheduler-growth_v3.1.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869589/; classtype:trojan-activity;sid:84732689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moiralongspurred78/claude-code-prompts-reference/main/memory/code-prompts-reference-claude-v3.4.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869590/; classtype:trojan-activity;sid:84732690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kietkongu1/nyc-taxi-festival-analysis/main/.conda/ny_analysis_taxi_festival_3.5.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869580/; classtype:trojan-activity;sid:84732680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gisellesleeveless396/go-agent-skills/main/scripts/agent-go-skills-1.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869581/; classtype:trojan-activity;sid:84732681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/the-best7777/libkrun-go/main/examples/features/go_libkrun_1.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869582/; classtype:trojan-activity;sid:84732682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alior8238/qry/main/adapters/qry-adapter-brave-api/software-v3.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869583/; classtype:trojan-activity;sid:84732683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kentunderage549/cc-harness-skills/main/skills/dream-memory/references/harness-cc-skills-v1.1.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869577/; classtype:trojan-activity;sid:84732677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razz-a/ethereum-bot/main/pentastomoid/ethereum-bot-v1.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869578/; classtype:trojan-activity;sid:84732678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/circletk/obsidian-canvas-roots/main/docs/archive/obsidian_canvas_roots_v1.3-alpha.5.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869579/; classtype:trojan-activity;sid:84732679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asa4214/hce/main/technics/software_v3.3-beta.5.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869575/; classtype:trojan-activity;sid:84732675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ego531/quora-trending-topics-bot/main/media/quora-trending-topics-bot-2.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869576/; classtype:trojan-activity;sid:84732676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fizoxt/openwhisper-app/main/openwhisper/resources/openwhisper-app-v2.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869572/; classtype:trojan-activity;sid:84732672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/physiotherapist16/bbtool/main/assets/btool_b_1.4.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869573/; classtype:trojan-activity;sid:84732673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabastianrafa/powergym-ag-system/main/frontend/src/components/powergym-system-ag-v1.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869574/; classtype:trojan-activity;sid:84732674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kumarabhinav15/publicdotcom-api-dashboard/main/lib/server/com_ap_public_dashboard_dot_3.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869571/; classtype:trojan-activity;sid:84732671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lujinyanai/magic-dvd-ripper-no-trial/main/squamously/magic-dvd-ripper-no-trial-2.9.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869570/; classtype:trojan-activity;sid:84732670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guiziinn1/modulout-llc/main/diaclasis/modulout-llc-1.4.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869567/; classtype:trojan-activity;sid:84732667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed3z0/avm-tools/main/build/avm_tools_v2.8.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869568/; classtype:trojan-activity;sid:84732668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaurangwadekar77/pg_lake/main/pg_lake_table/tests/isolation/specs/pg_lake_v1.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869569/; classtype:trojan-activity;sid:84732669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nirvanashelly/memory-lancedb-pro/main/examples/new-session-distill/worker/pro_lancedb_memory_2.8.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869558/; classtype:trojan-activity;sid:84732658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wasdbxb132/rust_visual_editor/main/integration/target/debug/.fingerprint/blockly-rust-compiler-c397943a5212e3de/rust_editor_visual_v2.7.zip"; depth:140; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869559/; classtype:trojan-activity;sid:84732659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vacuous-franchisetax789/standardoc/main/crates/standardoc-bridge-sdk/src/software-v1.2.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869560/; classtype:trojan-activity;sid:84732660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bilgy-watercraft652/aws-landing-zone/main/terraform/organizations/landing_aws_zone_v2.8.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869561/; classtype:trojan-activity;sid:84732661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rehison0-max/rag-ai-system/main/screenshots/system_ai_rag_v2.5.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869562/; classtype:trojan-activity;sid:84732662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamrin11/e-commerce-profitability-and-market-campaign-analysis/main/corncob/and-campaign-analysis-profitability-commerce-market-v3.2.zip"; depth:137; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869563/; classtype:trojan-activity;sid:84732663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj77282/asc-timetables-no-trial/main/unwrangling/sc_no_trial_timetables_a_v1.5.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869564/; classtype:trojan-activity;sid:84732664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamerscream/trierarch/main/predaytime/software-v3.3.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869565/; classtype:trojan-activity;sid:84732665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chavdiet22/sandbooks.space/main/src/store/space-sandbooks-v1.6-beta.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869566/; classtype:trojan-activity;sid:84732666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thisisi3846/openclaw-worker/main/lib/worker-openclaw-2.9.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869547/; classtype:trojan-activity;sid:84732647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/starlincxv177/brute-force-exploitation-and-defense-lab/main/src/python_brute_force/scripts/defense_exploitation_brute_force_and_lab_1.5.zip"; depth:140; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869548/; classtype:trojan-activity;sid:84732648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cikafeee/algorithmic-trading-backtest/main/obligatory/trading_algorithmic_backtest_v2.2.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869549/; classtype:trojan-activity;sid:84732649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chalie56/proxy-multi-protocol-checker/main/diazotizable/protocol-checker-proxy-multi-v3.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869550/; classtype:trojan-activity;sid:84732650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hardhyena978/kitvault/main/backend/middleware/software-3.9-beta.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869551/; classtype:trojan-activity;sid:84732651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huanken110-gray/nahin-search/main/upfold/search-nahin-1.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869552/; classtype:trojan-activity;sid:84732652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zarky05/my-claude-devteam/main/agents/claude-my-devteam-2.3.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869553/; classtype:trojan-activity;sid:84732653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahsanashfa/verbatim-flow/main/assets/flow-verbatim-v1.0.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869554/; classtype:trojan-activity;sid:84732654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gehoren/interpretable-neural-basis-decomposition/main/configs/interpretable-neural-basis-decomposition_2.1.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869555/; classtype:trojan-activity;sid:84732655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/willing-paralithodescamtschatica789/crimson-desert-renodx-mod/main/renodx/crimson-reno-dx-mod-desert-v3.9.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869556/; classtype:trojan-activity;sid:84732656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajayajishaa/contiguous/main/downstream/software-3.1-beta.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869557/; classtype:trojan-activity;sid:84732657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/learn2hack-vishnu/ioctl_volsnap_delete_snapshot/main/ioctl_volsnap_delete_snapshot/delet-snapshot-ioct-volsna-1.0.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869541/; classtype:trojan-activity;sid:84732641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paraguayan-seminarist220/claude-code-source-study/main/docs/code-study-claude-source-2.0.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869542/; classtype:trojan-activity;sid:84732642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merriliunstilted898/fakecall/main/app/release/baselineprofiles/0/call-fake-v2.8.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869543/; classtype:trojan-activity;sid:84732643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkoi/adaptive_dataflow_system_for_financial_time_series_synthesis/main/encrinital/dataflow-system-time-for-series-synthesis-financial-adaptive-v2.1.zip"; depth:152; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869544/; classtype:trojan-activity;sid:84732644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frisk1269/multiagent-database-query-system/main/src/agents/query_system_database_multiagent_v3.7-beta.1.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869545/; classtype:trojan-activity;sid:84732645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abraham321/divessi-padi-divesite-catalog-scraper/main/sumptuousness/divesite-scraper-catalog-padi-divessi-1.2.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869546/; classtype:trojan-activity;sid:84732646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rayanrod/polymarket-trading-bot-v3/main/typescript-version/docs/trading-polymarket-bot-v1.7.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869538/; classtype:trojan-activity;sid:84732638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ansonhermetic435/pgmicro/main/example/software-2.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869539/; classtype:trojan-activity;sid:84732639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iris017/netprobe/main/src/software_v3.4.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869540/; classtype:trojan-activity;sid:84732640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamunex/plano/main/jinniyeh/software-v2.5-alpha.4.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869537/; classtype:trojan-activity;sid:84732637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/farhansaeed/youtube-summary-scraper/main/coquelicot/you_summary_tube_scraper_1.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869536/; classtype:trojan-activity;sid:84732636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hossam444/aibranch/main/cli/software-3.8.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869534/; classtype:trojan-activity;sid:84732634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mamdo555/link-building-software/main/prestable/software_building_link_2.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869535/; classtype:trojan-activity;sid:84732635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hegemonngb368/pixelbeat/main/assets/software_2.2-alpha.3.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869533/; classtype:trojan-activity;sid:84732633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alerandre123/trexo-pdf-signer/main/website/src/pdf-trexo-signer-2.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869532/; classtype:trojan-activity;sid:84732632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guilherme213456/b-n-source-thungphim/main/rosary/b_source_thungphim_n_v3.0.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869526/; classtype:trojan-activity;sid:84732626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpcode233/gfnx/main/proxy/weights/amp/model/ocdbt.process_0/gfnx_v2.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869527/; classtype:trojan-activity;sid:84732627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcke3997/valkey-operator/main/mycophagy/operator-valkey-v3.7.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869528/; classtype:trojan-activity;sid:84732628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prestonbalconied467/cosint/main/agent_runtime/subagents/sint-co-v1.0.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869529/; classtype:trojan-activity;sid:84732629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dutyfree-embroiderystitch433/arcraiderfpsboosterforgithub2026/main/aly/hub_booster_raider_for_git_arc_fps_2.6-alpha.1.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869530/; classtype:trojan-activity;sid:84732630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yashboss1111/llmux/main/img/ll_mux_v1.2.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869531/; classtype:trojan-activity;sid:84732631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phile779/tech-explorer-hub/main/learning/explorer-hub-tech-3.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869514/; classtype:trojan-activity;sid:84732614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hzay123/caledonia/main/completion/zsh/caledonia-v3.2.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869515/; classtype:trojan-activity;sid:84732615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gshacker-cpu/oma/main/examples/basic/src/software-3.0.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869516/; classtype:trojan-activity;sid:84732616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boeotian-genusprocnias332/llm-language/main/skills/update/llm_language_3.9.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869517/; classtype:trojan-activity;sid:84732617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12joelalmeyda/love-calculator/main/github/issue_template/love_calculator_v2.5.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869518/; classtype:trojan-activity;sid:84732618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lavish480/ink/main/docs/software_v1.9.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869519/; classtype:trojan-activity;sid:84732619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bancroftencouraging198/avurna-ai/main/morphotic/ai-avurna-2.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869520/; classtype:trojan-activity;sid:84732620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/long287/cheevopresence/main/desktop/platform/cheevo_presence_v3.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869521/; classtype:trojan-activity;sid:84732621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marek93739/mega-ssh-udp/main/client/src/pages/udp-mega-ssh-3.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869522/; classtype:trojan-activity;sid:84732622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nehalkhalid1985/short-stories-samples/main/assets/img/short-stories-samples-v2.2.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869523/; classtype:trojan-activity;sid:84732623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liverwortenuresis371/copyfail-rs/main/src/vectors/copyfail-rs-3.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869524/; classtype:trojan-activity;sid:84732624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diatomic-assay511/pytorch-gpt2-persian-sentiment-generation/main/scripts/pytorch-gpt2-persian-sentiment-generation_1.9.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869525/; classtype:trojan-activity;sid:84732625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haha123bc52/socks5-proxies/main/rinneite/proxies-sock-v2.1.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869505/; classtype:trojan-activity;sid:84732605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mariam500000/pageindex/main/tutorials/tree-search/index_page_1.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869506/; classtype:trojan-activity;sid:84732606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/srii10/algorithm-learn/main/docs/module-3/learn_algorithm_2.7.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869507/; classtype:trojan-activity;sid:84732607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vijay-33/flutter_3d_shape_switcher/main/ios/runner/assets.xcassets/appicon.appiconset/switcher-shape-flutter-d-v2.5-beta.1.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869508/; classtype:trojan-activity;sid:84732608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aldemirps/arrsuite-guide/main/example-configs/suite_guide_arr_1.5.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869509/; classtype:trojan-activity;sid:84732609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fentseface1447/liquid-glass-prism-dns/main/screenshots/prism-dns-glass-liquid-1.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869510/; classtype:trojan-activity;sid:84732610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reveryfilingcabinet968/kubewise/main/testdata/manifests/software-1.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869511/; classtype:trojan-activity;sid:84732611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mariferraz1/meowniverse/main/src/components/ui/meow-niverse-v1.1-beta.1.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869512/; classtype:trojan-activity;sid:84732612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lipoka/better-plan-mode/main/antithrombic/mode_better_plan_1.9.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869513/; classtype:trojan-activity;sid:84732613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trizaominah/gamanote/main/src/store/software-v3.2.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869502/; classtype:trojan-activity;sid:84732602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohitgitai/postgrest-mcp/main/supabase/functions/postgrest-mcp-v1.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869503/; classtype:trojan-activity;sid:84732603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclearcatlegit/simple_bank/main/footlock/simple_bank_v1.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869504/; classtype:trojan-activity;sid:84732604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yugabharathi91/activerecord-health/main/test/integration/rails_app/config/initializers/health_activerecord_v3.1-beta.2.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869500/; classtype:trojan-activity;sid:84732600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atharva907/claude-token-efficient/main/.claude/claude_token_efficient_v3.3-alpha.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869501/; classtype:trojan-activity;sid:84732601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiffanygrand729/claude-code-sound-notification/main/skill/claude-code-notification-sound-v1.9-alpha.1.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869499/; classtype:trojan-activity;sid:84732599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/larsson9025/supply-chain-ai-for-beginners/main/11-llm-agents-for-planning/supply-for-chain-ai-beginners-v3.8.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869497/; classtype:trojan-activity;sid:84732597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyronepatellar222/oracledb-svf/main/metricize/oracledb-svf_v3.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869498/; classtype:trojan-activity;sid:84732598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/comprehendible-genuslobelia764/rabe/main/superindependent/software-1.4.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869496/; classtype:trojan-activity;sid:84732596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/subtw/claude-codex-duo/main/src/claude_duo_codex_v2.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869495/; classtype:trojan-activity;sid:84732595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anastasiya322/redis-mongo-backup-tool/main/savoyed/backup_mongo_redis_tool_3.2.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869494/; classtype:trojan-activity;sid:84732594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parth3199/10ssoonbase/main/hymenomycetous/ssoon-base-v1.8.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869486/; classtype:trojan-activity;sid:84732586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanjay0601-student/sk-builder/main/icons/s_builder_v2.8.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869487/; classtype:trojan-activity;sid:84732587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggplayer1337/cross-asset-contagion-stress-regimes/main/images/asset-regimes-contagion-stress-cross-v2.6.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869488/; classtype:trojan-activity;sid:84732588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahadevphad0607-del/ecommerce/main/layout/jquery.selectboxit.js-3.8.1/jquery.selectboxit.js-3.8.1/demos/img/commerce-e-2.7.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869489/; classtype:trojan-activity;sid:84732589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pezizalescricketer968/chatgpt-jailbreak/main/vex/gp_jailbreak_chat_2.4-beta.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869490/; classtype:trojan-activity;sid:84732590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slain-counterintelligence516/uts_praktikum_mobile/main/gelatination/ut_mobile_praktikum_3.4.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869491/; classtype:trojan-activity;sid:84732591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m949939/rafx/main/bindings/rafx-odin/examples/software_v3.9-alpha.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869492/; classtype:trojan-activity;sid:84732592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/historical-storedprogram709/line-art-extract/main/uralium/art_line_extract_v3.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869493/; classtype:trojan-activity;sid:84732593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armchaircounty801/cc-weixin/main/packages/openclaw-weixin-cli/weixin_cc_1.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869474/; classtype:trojan-activity;sid:84732574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/richaaard21/ct-archive/main/cmd/ct-archive-1.9.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869475/; classtype:trojan-activity;sid:84732575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haseeb4756/screen-commentator/main/docs/sessions/screen_commentator_v1.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869476/; classtype:trojan-activity;sid:84732576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hanseldemulcent167/html-to-instagram-carousel/main/assets/html_to_carousel_instagram_v2.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869477/; classtype:trojan-activity;sid:84732577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flirnz/adk-web/main/src/app/components/json-editor/web-adk-v2.8.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869478/; classtype:trojan-activity;sid:84732578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djoud3148/browser-extension/main/src/assets/extension-browser-2.6.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869479/; classtype:trojan-activity;sid:84732579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mashjjs/aterm/main/src/components/settings/term-a-v3.4-alpha.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869480/; classtype:trojan-activity;sid:84732580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joyop89/feuermelda/main/ganoidean/software_3.0-alpha.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869481/; classtype:trojan-activity;sid:84732581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muradaldahmashi/swiftuihelpers/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869482/; classtype:trojan-activity;sid:84732582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/katrinenilotic656/polaris-focus/main/sulpharsenic/polaris-focus_v2.2.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869483/; classtype:trojan-activity;sid:84732583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gussiehymeneal841/ikaicms/main/ossified/software_2.1-alpha.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869484/; classtype:trojan-activity;sid:84732584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ashawy13/pi-librarian/main/unsmokable/pi-librarian-v3.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869485/; classtype:trojan-activity;sid:84732585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dororecessed36/telegram-auto-clone-download/main/frenate/telegram_download_clone_auto_v1.9.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869469/; classtype:trojan-activity;sid:84732569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exvideoclips/xrplevm/main/unprovably/software_v2.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869470/; classtype:trojan-activity;sid:84732570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jopex1/real-time-voice-translator/main/.gitlab/merge_request_templates/real_time_voice_translator_v1.9-beta.5.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869471/; classtype:trojan-activity;sid:84732571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wassaillowerlimit6418/awesome-ai-ugc-video-prompts/main/arsenium/ai-video-ugc-prompts-awesome-2.2.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869472/; classtype:trojan-activity;sid:84732572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nestor53top/awesome-ioai-tasks/main/chrysamminic/awesome-tasks-ioai-v3.4.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869473/; classtype:trojan-activity;sid:84732573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thiagocavalheiro/polymarket-sports-trading-bot/main/lib/bot-sports-trading-polymarket-2.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869467/; classtype:trojan-activity;sid:84732567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pertamaxxx/agents/main/licenses/software-v3.3.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869468/; classtype:trojan-activity;sid:84732568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nativesicilianpizza182/preflight/main/socage/pre-flight-v3.1.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869463/; classtype:trojan-activity;sid:84732563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/judedusk/findns/main/cmd/software-v1.1.zip"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869464/; classtype:trojan-activity;sid:84732564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lengthwise-lek697/ai-startup-analyzer/main/apps/frontend/src/app/auth/analyzer-startup-a-1.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869465/; classtype:trojan-activity;sid:84732565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/melinaclincherbuilt937/ui-prompt-library/main/templates/library-prompt-ui-v1.3.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869466/; classtype:trojan-activity;sid:84732566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zelonycodo/memtui/main/viewer/software_1.9.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869461/; classtype:trojan-activity;sid:84732561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehdiel7730/infra-ops/main/terraform/modules/compute/infra-ops-v3.9-beta.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869462/; classtype:trojan-activity;sid:84732562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibam9573/heartbeat-poc/main/obj/debug/net9.0/ref/heartbeat_poc_2.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869460/; classtype:trojan-activity;sid:84732560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/classaphasmidiapresidenttaylor774/neutts-studio/main/data/studio_tt_neu_v3.6.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869458/; classtype:trojan-activity;sid:84732558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/madarauchiha200/flowerbind/main/flowerbind/software_3.1-alpha.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869459/; classtype:trojan-activity;sid:84732559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/indraparama940/ai-ffmpeg-cli/main/tests/performance/ffmpeg_cli_ai_2.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869457/; classtype:trojan-activity;sid:84732557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ouosoeor/transformer-vm/main/assets/vm_transformer_v1.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869456/; classtype:trojan-activity;sid:84732556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lockwoodriddled433/logalytics/main/scripts/software-2.9.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869453/; classtype:trojan-activity;sid:84732553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beljart/heart-disease-prediction/main/heart-disease-prediction/prediction_disease_heart_2.9.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869454/; classtype:trojan-activity;sid:84732554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vkaentertainment/tailcode/main/bin/software-1.1.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869455/; classtype:trojan-activity;sid:84732555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thekanjitv/beacon/main/dashboard/app/events/software-3.2.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869445/; classtype:trojan-activity;sid:84732545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chukwuemekawisdom/claude2api/main/router/api-claude-v1.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869446/; classtype:trojan-activity;sid:84732546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jesusmedrandam/miniature-octo-palm-tree/main/vpn-temp/octo_palm_tree_miniature_v3.7-alpha.5.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869447/; classtype:trojan-activity;sid:84732547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arrio3107/tournament-cli/main/tests/tournament-cli-3.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869448/; classtype:trojan-activity;sid:84732548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lastexb91/threatspectra/main/models/spectra-threat-v3.3.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869449/; classtype:trojan-activity;sid:84732549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dreambear-cloud/ai-peer-review/main/src/components/review-peer-ai-1.2.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869450/; classtype:trojan-activity;sid:84732550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atumkezie/kharagpur-data-science-hackathon/main/data/hackathon_data_science_kharagpur_v3.7.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869451/; classtype:trojan-activity;sid:84732551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akash9345/getopt-win32-mingw/main/test/win_getopt_mingw_v1.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869452/; classtype:trojan-activity;sid:84732552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tienlt2406/browser-pilot/main/frontend/browser-agent/dist/icons/pilot_browser_v1.3-alpha.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869434/; classtype:trojan-activity;sid:84732534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reezeytech/bun-flux/main/deploy/bun-flux-v3.1-alpha.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869435/; classtype:trojan-activity;sid:84732535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kk2091954-hash/python-terminal-chat/main/discorrespondency/terminal_python_chat_2.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869436/; classtype:trojan-activity;sid:84732536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sanamid/fun-asr/main/deepspeed_conf/asr-fun-2.0.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869437/; classtype:trojan-activity;sid:84732537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zembai1/mystical-blue-theme/main/rofi/mystical-theme-blue-3.9.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869438/; classtype:trojan-activity;sid:84732538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamald33n/tweetsave-mcp/main/src/utils/tweetsave-mcp-3.7-beta.5.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869439/; classtype:trojan-activity;sid:84732539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hussabd/vue-video-editor/main/server/api/audio/video-editor-vue-v1.6.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869440/; classtype:trojan-activity;sid:84732540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yasserabada11110/kasumi/main/examples/software_v3.6.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869441/; classtype:trojan-activity;sid:84732541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bartrixxx/engineering-notebook/main/docs/engineering-notebook-v3.9.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869442/; classtype:trojan-activity;sid:84732542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/replica0909xx/oh-my-claude/main/docs/tasks/archived/20260106_180147/oh_claude_my_1.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869443/; classtype:trojan-activity;sid:84732543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bryanppa5478/-discord-osint-transform-for-maltego/main/ghostish/osin_transform_maltego_discord_for_1.1.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869444/; classtype:trojan-activity;sid:84732544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mynadisillusioned804/supply-chain-optimization-from-scratch/main/ch01/scratch-from-optimization-chain-supply-3.5.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869430/; classtype:trojan-activity;sid:84732530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/walloperlioncub193/canva-resource/main/video-editor/resource-canva-2.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869431/; classtype:trojan-activity;sid:84732531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkm10unsera/v-log-alchemy/main/luts/red/alchemy_log_v2.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869432/; classtype:trojan-activity;sid:84732532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kauazin394/vibevoice.swift/main/voice_cache/swift_vibevoice_v1.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869433/; classtype:trojan-activity;sid:84732533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viditk9780/smart-mom-mobile-prod/main/app/mom_mobile_smart_prod_2.7.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869423/; classtype:trojan-activity;sid:84732523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isubbot2iq/windows-10-manager-no-trial/main/setiparous/windows-10-manager-no-trial-2.1-beta.5.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869424/; classtype:trojan-activity;sid:84732524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/professorgabryel/retilab/main/docs/javascripts/software_v3.2.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869425/; classtype:trojan-activity;sid:84732525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowfm/complex-float64-base-add3/main/docs/types/complex-base-float-add-2.1.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869426/; classtype:trojan-activity;sid:84732526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/howardnmclan/metabolic-tokenomics/main/loathsomely/metabolic-tokenomics-2.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869427/; classtype:trojan-activity;sid:84732527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hannibalundulate17/running-heatmap/main/wouch/running_heatmap_2.8-beta.3.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869428/; classtype:trojan-activity;sid:84732528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/powersub-demo-1078/main/shufflingly/demo_powersub_v2.0.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869429/; classtype:trojan-activity;sid:84732529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bryomie/idp-core/main/backend/src/health/idp-core-2.9.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869421/; classtype:trojan-activity;sid:84732521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beenguelllayounes/ragtable-extract/main/test/ragtable_extract_v2.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869422/; classtype:trojan-activity;sid:84732522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmprintworks/godot-bili-live/main/addons/bili_live/entity/live_bili_godot_2.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869419/; classtype:trojan-activity;sid:84732519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solar-thermopsis805/therapeutic-llm/main/therapy_response/__pycache__/therapeutic_llm_3.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869420/; classtype:trojan-activity;sid:84732520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reshma123-atrey/haydee-ai-outfit-generator/main/assets/generator-outfit-ai-haydee-3.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869418/; classtype:trojan-activity;sid:84732518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaya303off/480b-setup/main/web/out/_next/static/chunks/app/b_setup_v2.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869414/; classtype:trojan-activity;sid:84732514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fredeliabound998/port-whisperer/main/src/platform/port_whisperer_1.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869415/; classtype:trojan-activity;sid:84732515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaba0-x3/scarlet-oven_website/main/horning/scarlet-oven_website_3.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869416/; classtype:trojan-activity;sid:84732516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alexiscorrea990/gongxi-mail/main/web/src/api/xi_gong_mail_v2.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869417/; classtype:trojan-activity;sid:84732517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/master2600/auto-comsight/main/auto_comsight/comsight-auto-v3.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869399/; classtype:trojan-activity;sid:84732499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kyllian330/claude-statusline/main/tetchy/statusline_claude_2.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869400/; classtype:trojan-activity;sid:84732500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/simplex-publicspeaking797/claude-code-2.1.88/main/discontentedly/code_claude_3.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869401/; classtype:trojan-activity;sid:84732501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harindukavishka/agentify/main/self/software-2.2.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869402/; classtype:trojan-activity;sid:84732502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intragroup-pottle634/claude-code-analysis/main/diamondiferous/analysis-claude-code-v2.8.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869403/; classtype:trojan-activity;sid:84732503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohamedsamy3450/-yolov8-/main/.github/workflows/yolov_v2.2.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869404/; classtype:trojan-activity;sid:84732504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mishasuperficial646/claude-power-setup/main/config/setup-claude-power-2.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869405/; classtype:trojan-activity;sid:84732505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xthiyanx-ship-it/awesome-europe/main/media/awesome-europe-v3.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869406/; classtype:trojan-activity;sid:84732506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cross-t/linux.do-accelerator/main/fatheaded/accelerator_do_linux_v3.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869407/; classtype:trojan-activity;sid:84732507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jessej123-hash/solidity-economic-risk-scanner/main/se_risk_scanner/features/scanner-economic-risk-solidity-1.8.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869408/; classtype:trojan-activity;sid:84732508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bertineburundi952/claude-code/main/src/commands/agents-platform/code_claude_v3.3.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869409/; classtype:trojan-activity;sid:84732509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abhishekalway6686/nexus-satisfactory-layout-tool/main/src/data/tool-satisfactory-layout-nexus-2.4-alpha.1.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869410/; classtype:trojan-activity;sid:84732510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unofficial-penstemonwhippleanus49/deepseek-v4-pro-app/main/application/deep-app-seek-pro-3.8.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869411/; classtype:trojan-activity;sid:84732511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patenintercontinental4580/apex-platform/main/terraform/modules/azure-spoke-vnet/apex-platform-v3.4.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869412/; classtype:trojan-activity;sid:84732512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gainly-handclap319/padpulse/main/smoothing/pad_pulse_3.6-beta.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869413/; classtype:trojan-activity;sid:84732513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsslargo/capsule/main/reference/software-v3.9.zip"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869387/; classtype:trojan-activity;sid:84732487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bacont9949/vox/main/app/resources/software-1.6.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869388/; classtype:trojan-activity;sid:84732488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kruts/fake-review-detector/main/outputs/fake-review-detector-3.3-beta.5.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869389/; classtype:trojan-activity;sid:84732489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sjmluv/remotion-vercel-sandbox/main/src/remotion/remotion-sandbox-vercel-v3.6.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869390/; classtype:trojan-activity;sid:84732490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakhi999/noaa/main/services/software-2.7.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869391/; classtype:trojan-activity;sid:84732491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cesarin999/claude-code-agents-wizard-v2/main/.claude/agents/agents-v-claude-wizard-code-2.2.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869392/; classtype:trojan-activity;sid:84732492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ken71214/ghost/main/bin/software-3.0-beta.3.zip"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869393/; classtype:trojan-activity;sid:84732493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dolphiin1/sqlmap-skynet/main/screenshots/skynet_sqlmap_v1.1.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869394/; classtype:trojan-activity;sid:84732494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiwhatsup12/ubel-auction/main/lib/features/auction/presentation/widgets/ubel_auction_1.6.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869395/; classtype:trojan-activity;sid:84732495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doped-waterdragon694/refined-github-projects/main/docs/refined-github-projects-v1.4.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869396/; classtype:trojan-activity;sid:84732496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brucekumar/opik-openclaw/main/src/opik_openclaw_v1.8.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869397/; classtype:trojan-activity;sid:84732497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/administrative-assistance/flarecrawl/main/src/flarecrawl/software_2.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869398/; classtype:trojan-activity;sid:84732498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tamadip007/getspnless/main/utils/nless_get_sp_3.6.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869381/; classtype:trojan-activity;sid:84732481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tarnished555/pump-quaner/main/pumpfun-sdk/quaner_pump_2.2.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869382/; classtype:trojan-activity;sid:84732482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sceyanis/robust_offline_rl/main/valoniaceous/offline_robust_rl_v2.6.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869383/; classtype:trojan-activity;sid:84732483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odellphysiotherapeutic71/parfait/main/homomorpha/software-v2.6.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869384/; classtype:trojan-activity;sid:84732484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huisjerry/effect-distributed-lock/main/src/effect-distributed-lock-3.2.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869385/; classtype:trojan-activity;sid:84732485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvcj503/permission_studio/main/permission_studio/config/studio-permission-2.9.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869386/; classtype:trojan-activity;sid:84732486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/murilo2107hh/spaceship-shooter-game/main/screenshots/game_spaceship_shooter_v2.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869379/; classtype:trojan-activity;sid:84732479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeno0077/x402pesa/main/expectable/x402pesa-v3.8.zip"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869380/; classtype:trojan-activity;sid:84732480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ridvansc/desk-reservation-attendance-system/main/docs/system_desk_reservation_attendance_v2.1.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869377/; classtype:trojan-activity;sid:84732477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kfurafaelss/keystroke/main/src/ui/software-2.2.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869378/; classtype:trojan-activity;sid:84732478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nobeliummolestation149/claude-code-doc/main/crazedly/claude-doc-code-1.7-beta.1.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869360/; classtype:trojan-activity;sid:84732460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/risivanthvs05/machinelearningcourse2025/main/notes/2025/mvp/course_machine_learning_v1.4.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869361/; classtype:trojan-activity;sid:84732461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ali-fahd/dingtalk-moltbot-connector/main/lafite/connector_dingtalk_moltbot_1.7.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869362/; classtype:trojan-activity;sid:84732462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/badassx/spec-agents.md/main/gossan/spe-md-agent-1.9.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869363/; classtype:trojan-activity;sid:84732463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/patriciopaulo1995/7semi-as7343/main/examples/a-semi-3.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869364/; classtype:trojan-activity;sid:84732464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jisan52/panoptorss/main/gymnasium/panopto_rss_v2.6.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869365/; classtype:trojan-activity;sid:84732465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaustubh8888/fake-news-detector/main/anchoress/detector_news_fake_v3.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869366/; classtype:trojan-activity;sid:84732466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/misterdog333/cpmigrate/main/cpmigrate.tests/optionstests/cp-migrate-2.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869367/; classtype:trojan-activity;sid:84732467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bambiunivocal281/vecmem/main/vecmem/mem-vec-v3.8.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869368/; classtype:trojan-activity;sid:84732468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruelbernal03/yigtwxx/main/unwareness/software-2.9.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869369/; classtype:trojan-activity;sid:84732469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leptospirasheepcote429/screenbrain/main/screenbrain/app/brain-screen-2.8.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869370/; classtype:trojan-activity;sid:84732470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mamaebuk/xquery/master/dist-firefox/icons/x-query-3.5-beta.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869371/; classtype:trojan-activity;sid:84732471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pnv06/betterclaude-workers/main/src/workers_betterclaude_v3.4.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869372/; classtype:trojan-activity;sid:84732472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandaracadducer320/opendrop/main/server/drop_open_v2.7-alpha.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869373/; classtype:trojan-activity;sid:84732473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/michussq/configguard/main/src/configguard/explain/software-3.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869374/; classtype:trojan-activity;sid:84732474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pintaro/mem0/main/openmemory/api/app/utils/mem-2.9.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869375/; classtype:trojan-activity;sid:84732475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/friedpotato04/cuda-l2/main/assets/cuda-l2-1.4-alpha.4.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869376/; classtype:trojan-activity;sid:84732476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liquidambargenusbolbitis859/diseq/main/resources/favicon/diseq_1.4.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869352/; classtype:trojan-activity;sid:84732452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1010kakq/supersocketunity/main/samples/unity-super-socket-v2.4.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869353/; classtype:trojan-activity;sid:84732453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delhii3590/number-bomb-public/main/pages/ranking/bomb-public-number-3.1.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869354/; classtype:trojan-activity;sid:84732454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chantalmiriane19/advanced-discord-music-bot/main/settings/advanced-music-bot-discord-1.6.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869355/; classtype:trojan-activity;sid:84732455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carbonic-dressage957/stg-bot/main/scripts/st-bot-3.3.zip"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869356/; classtype:trojan-activity;sid:84732456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohammedquddus/nvy/main/internal/archive/software-v2.6-beta.2.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869357/; classtype:trojan-activity;sid:84732457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohmedsala7/smartphone-ranking-system/main/node_modules/reveal.js/plugin/search/system-smartphone-ranking-3.8.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869358/; classtype:trojan-activity;sid:84732458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yghlaio/linux-hello/main/utils/hello_linux_v3.2-alpha.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869359/; classtype:trojan-activity;sid:84732459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leo07/agents-control-tower/main/src/control-tower-agents-v3.7.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869345/; classtype:trojan-activity;sid:84732445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imprecise-nest694/consilium-ai/main/engine/ai_consilium_1.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869346/; classtype:trojan-activity;sid:84732446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/developed-dartboard516/dod-team-semiclip/main/semiclip_mm/addons/semiclip/maps/team_do_semiclip_3.8.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869347/; classtype:trojan-activity;sid:84732447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/carebobo/sulphurapi/main/src/main/java/v1/sulphurapi/interfaces/api-sulphur-3.0.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869348/; classtype:trojan-activity;sid:84732448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoro-69-max/myxpenseapp/main/src/services/xpense-app-my-v2.8-alpha.3.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869349/; classtype:trojan-activity;sid:84732449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/molly2256/popopo.js/main/skills/popopo-cli/references/js-popopo-v3.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869350/; classtype:trojan-activity;sid:84732450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekm4412/docker-registry-exp/main/holosericeous/exp_docker_registry_v2.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869351/; classtype:trojan-activity;sid:84732451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jadcc/hizmetsepetimflutter/main/android/app/src/main/kotlin/com/example/flutter_hizmet_sepetim_3.0.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869342/; classtype:trojan-activity;sid:84732442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arkanjaff/math-base-special-acothf/main/docs/math_special_acothf_base_v2.6.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869343/; classtype:trojan-activity;sid:84732443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reeves75/aranet/main/crates/aranet-service/src/software-v2.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869344/; classtype:trojan-activity;sid:84732444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hassanqureshi6/wa-akg/main/src/app/api/autoreplies/akg-w-2.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869340/; classtype:trojan-activity;sid:84732440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mb13180035511/longvideoagent/main/readme_src/long_agent_video_v3.8.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869341/; classtype:trojan-activity;sid:84732441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emixde12/insightflow/main/core/flow-insight-3.8-beta.1.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869328/; classtype:trojan-activity;sid:84732428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mostospens/can-i-finetune-this/main/examples/finetune-i-can-this-v2.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869329/; classtype:trojan-activity;sid:84732429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hungnguyen1509asd/raydium-trading-bot/main/extrasystolic/raydium-trading-bot-1.0.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869330/; classtype:trojan-activity;sid:84732430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omar98165/noise-injection-techniques/main/paleobotany/noise-injection-techniques-v1.1-alpha.1.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869331/; classtype:trojan-activity;sid:84732431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tailshaped-genusseriphus881/weatherdetector/main/travis/software-v3.0.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869332/; classtype:trojan-activity;sid:84732432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fnfkkengine/website-performance-data-analysis-project/main/untellable/project-website-analysis-data-performance-v2.4.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869333/; classtype:trojan-activity;sid:84732433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zizou068/ros2-ardupilot-sitl-hardware/main/src/simtofly_mavros_sitl/resource/ros_sitl_ardupilot_hardware_3.8.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869334/; classtype:trojan-activity;sid:84732434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaac2006esp/fisicollab/main/views/collab_fisi_2.0.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869335/; classtype:trojan-activity;sid:84732435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agatafranco/rongela-source/main/auto/rongela-source_3.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869336/; classtype:trojan-activity;sid:84732436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/audiewitting902/shellanywhere/main/web/src/wterm/core/shell_any_where_3.8-alpha.3.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869337/; classtype:trojan-activity;sid:84732437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realizable-sucre824/idl-hp0/main/hygeian/idl-hp0-v3.7.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869338/; classtype:trojan-activity;sid:84732438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p4l4c10s/app-store-review-skill/main/rules/app_review_store_skill_v1.8.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869339/; classtype:trojan-activity;sid:84732439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bolshevist-dimension3541/personal-health-graph/main/integrations/healthkit/graph_personal_health_v3.7.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869311/; classtype:trojan-activity;sid:84732411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yunitaanggraini/deutsches-krankenhaus-verzeichnis-hospitals-scraper/main/catechization/deutsches-krankenhaus-verzeichnis-scraper-hospitals-v2.2.zip"; depth:148; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869312/; classtype:trojan-activity;sid:84732412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icebaggoldenrule1862/counselor.skill/main/examples/onboarding/skill_counselor_v3.9.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869313/; classtype:trojan-activity;sid:84732413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amaramg2007/action-dependency-diff/main/massily/action_dependency_diff_3.7.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869314/; classtype:trojan-activity;sid:84732414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fernfamilysystemadministrator709/clearxr-server/main/xtask/src/clearxr-server-2.9.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869315/; classtype:trojan-activity;sid:84732415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amirtha1412/transcribee/main/hypercyanotic/software_1.6.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869316/; classtype:trojan-activity;sid:84732416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sameer125132/ai-meeting-companion-stt/main/counterintrigue/stt_companion_a_meeting_v2.7-alpha.4.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869317/; classtype:trojan-activity;sid:84732417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arjavjain303-lab/content-broadcast-system/main/electrostatic/system_content_broadcast_v3.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869318/; classtype:trojan-activity;sid:84732418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daohuyt5735/codilay/main/codilay/history/software-v1.6.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869319/; classtype:trojan-activity;sid:84732419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ellisdee14/nozzle-perf-estimator-demo/main/tests/nozzle-perf-estimator-demo-3.7.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869320/; classtype:trojan-activity;sid:84732420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajibssss/verifylive/main/src/lib/liveness/software-1.5.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869321/; classtype:trojan-activity;sid:84732421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matrixrainsimulatorofficial/hehe-go/main/assets/games/mrs/hehe_go_v3.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869322/; classtype:trojan-activity;sid:84732422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/papkvnq/on3-recruit-scraper/main/myall/on-recruit-scraper-v3.1-beta.1.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869323/; classtype:trojan-activity;sid:84732423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/straying-bodypad392/vemb/main/src/vemb/software-1.7.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869324/; classtype:trojan-activity;sid:84732424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaac221133/r3f-monitor/main/src/f-monitor-r-v1.1.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869325/; classtype:trojan-activity;sid:84732425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nb-cfq/my-bluefin/main/files/system/my_bluefin_v3.0-alpha.5.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869326/; classtype:trojan-activity;sid:84732426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nilsexe/google-stock-price-forecasting-lstm/main/assets/stock-price-lstm-forecasting-google-v2.4.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869327/; classtype:trojan-activity;sid:84732427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/santiagorm9/ace-tool/main/src/utils/ace-tool-2.6.zip"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869301/; classtype:trojan-activity;sid:84732401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ymodz1/gliese-cua-tool-call-8b-demo/main/ipynb/demo-cu-tool-call-gliese-1.8-beta.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869302/; classtype:trojan-activity;sid:84732402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sahilgulia1/neurovoice-ai-parkinson-prediction/main/eda_new_charts/neuro-prediction-voice-a-parkinson-3.4.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869303/; classtype:trojan-activity;sid:84732403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhavya7995/ai_governance/main/usage/a_governance_v1.1.zip"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869304/; classtype:trojan-activity;sid:84732404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohdumar009/chat-ui/main/src/routes/login/callback/ui-chat-2.8.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869305/; classtype:trojan-activity;sid:84732405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fore4915/petrify/main/tare/software-v3.7.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869306/; classtype:trojan-activity;sid:84732406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/candisulphurous105/sandbox-runtime/main/src/utils/runtime-sandbox-v3.0.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869307/; classtype:trojan-activity;sid:84732407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heyitsriella/kagglerun/master/src/software-1.0.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869308/; classtype:trojan-activity;sid:84732408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salahnahryry/plume-network-season-2/main/src/network_season_plume_v1.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869309/; classtype:trojan-activity;sid:84732409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamehut360/agentic-bi-natural-language-querying/main/app/memory/querying-agentic-bi-natural-language-v2.1.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869310/; classtype:trojan-activity;sid:84732410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/090hn/fashion-ai-studio/main/src/services/fashion_ai_studio_1.7.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869300/; classtype:trojan-activity;sid:84732400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/09sumitdas2/tinyml-human-activity-recognition-on-edge-devices/main/balawu/devices-recognition-human-m-activity-on-tiny-edge-3.5.zip"; depth:132; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869297/; classtype:trojan-activity;sid:84732397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07bamse/rikki-userbot/main/modules/__pycache__/userbot-rikki-2.1.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869298/; classtype:trojan-activity;sid:84732398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07saorabh/npvm/main/api/remote/software_2.5-beta.5.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869299/; classtype:trojan-activity;sid:84732399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.36.27.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869296/; classtype:trojan-activity;sid:84732396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krypton.jar"; depth:12; endswith; nocase; http.host; content:"kryptoniteclient.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869295/; classtype:trojan-activity;sid:84732395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/transfer.png"; depth:13; endswith; nocase; http.host; content:"gaiadeqi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869294/; classtype:trojan-activity;sid:84732394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/get|3f|filekey=6cry8umygkatc9vpnbfqecthiu_ucpqfzc8onkdexjl3ujjdc4od5ib9nv0"; depth:84; endswith; nocase; http.host; content:"3007.filemail.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869293/; classtype:trojan-activity;sid:84732393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mzklo"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869292/; classtype:trojan-activity;sid:84732392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.125.2"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869291/; classtype:trojan-activity;sid:84732391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron10/file.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869290/; classtype:trojan-activity;sid:84732390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.231"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869289/; classtype:trojan-activity;sid:84732389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4cad4e39-765f-4f44-8a49-fb5db66aaed9"; depth:47; endswith; nocase; http.host; content:"9b9bmxfm.megapariwin.poker"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869288/; classtype:trojan-activity;sid:84732388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.66.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869287/; classtype:trojan-activity;sid:84732387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.231"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869286/; classtype:trojan-activity;sid:84732386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.78.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869285/; classtype:trojan-activity;sid:84732385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.10.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869284/; classtype:trojan-activity;sid:84732384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=20f1b116-a3f7-47f9-a0f6-8bc4cae090c3"; depth:47; endswith; nocase; http.host; content:"myrya1hx.megaparicom.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869283/; classtype:trojan-activity;sid:84732383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.14.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869282/; classtype:trojan-activity;sid:84732382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"78.29.39.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869281/; classtype:trojan-activity;sid:84732381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869280/; classtype:trojan-activity;sid:84732380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.5.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869279/; classtype:trojan-activity;sid:84732379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.228.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869278/; classtype:trojan-activity;sid:84732378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.5.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869277/; classtype:trojan-activity;sid:84732377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.192.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869276/; classtype:trojan-activity;sid:84732376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.43.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869274/; classtype:trojan-activity;sid:84732374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_2c556ecd3d7ebd26.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869275/; classtype:trojan-activity;sid:84732375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.11.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869273/; classtype:trojan-activity;sid:84732373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"14.102.34.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869272/; classtype:trojan-activity;sid:84732372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.125.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869271/; classtype:trojan-activity;sid:84732371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.11.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869270/; classtype:trojan-activity;sid:84732370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.192.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869269/; classtype:trojan-activity;sid:84732369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.43.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869268/; classtype:trojan-activity;sid:84732368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.143.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869267/; classtype:trojan-activity;sid:84732367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869266/; classtype:trojan-activity;sid:84732366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.5.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869265/; classtype:trojan-activity;sid:84732365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.151.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869264/; classtype:trojan-activity;sid:84732364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.233"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869263/; classtype:trojan-activity;sid:84732363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.233"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869262/; classtype:trojan-activity;sid:84732362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/se9i"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869261/; classtype:trojan-activity;sid:84732361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rh4"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869259/; classtype:trojan-activity;sid:84732359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xkw"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869260/; classtype:trojan-activity;sid:84732360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/788359"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869246/; classtype:trojan-activity;sid:84732346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/087de7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869247/; classtype:trojan-activity;sid:84732347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/881c88"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869248/; classtype:trojan-activity;sid:84732348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/924e89"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869249/; classtype:trojan-activity;sid:84732349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b95719"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869250/; classtype:trojan-activity;sid:84732350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d6e73"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869251/; classtype:trojan-activity;sid:84732351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e929e0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869252/; classtype:trojan-activity;sid:84732352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9bbae5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869253/; classtype:trojan-activity;sid:84732353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf637d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869254/; classtype:trojan-activity;sid:84732354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2698a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869255/; classtype:trojan-activity;sid:84732355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/897603"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869256/; classtype:trojan-activity;sid:84732356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df996e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869257/; classtype:trojan-activity;sid:84732357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fts"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869258/; classtype:trojan-activity;sid:84732358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amt"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869245/; classtype:trojan-activity;sid:84732345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f816f5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869243/; classtype:trojan-activity;sid:84732343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b4d9d7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869244/; classtype:trojan-activity;sid:84732344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0a8252"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869240/; classtype:trojan-activity;sid:84732340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/683ff5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869241/; classtype:trojan-activity;sid:84732341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1cf553"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869242/; classtype:trojan-activity;sid:84732342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2sh"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869238/; classtype:trojan-activity;sid:84732338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45u"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869239/; classtype:trojan-activity;sid:84732339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uuz4"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869237/; classtype:trojan-activity;sid:84732337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad484e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869207/; classtype:trojan-activity;sid:84732307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3f885a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869208/; classtype:trojan-activity;sid:84732308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a6719"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869209/; classtype:trojan-activity;sid:84732309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/75c94e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869210/; classtype:trojan-activity;sid:84732310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8ea28"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869211/; classtype:trojan-activity;sid:84732311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5a65b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869212/; classtype:trojan-activity;sid:84732312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77f9a3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869213/; classtype:trojan-activity;sid:84732313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4fea0c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869214/; classtype:trojan-activity;sid:84732314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/479f95"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869215/; classtype:trojan-activity;sid:84732315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ab9a3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869216/; classtype:trojan-activity;sid:84732316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e1d03"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869217/; classtype:trojan-activity;sid:84732317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d0e2d6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869218/; classtype:trojan-activity;sid:84732318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a0ff1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869219/; classtype:trojan-activity;sid:84732319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7f7635"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869220/; classtype:trojan-activity;sid:84732320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3f78a5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869221/; classtype:trojan-activity;sid:84732321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1cab17"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869222/; classtype:trojan-activity;sid:84732322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9de4d6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869223/; classtype:trojan-activity;sid:84732323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbe039"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869224/; classtype:trojan-activity;sid:84732324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c639f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869225/; classtype:trojan-activity;sid:84732325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3483f4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869226/; classtype:trojan-activity;sid:84732326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77a63e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869227/; classtype:trojan-activity;sid:84732327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89bc6f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869228/; classtype:trojan-activity;sid:84732328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0af1de"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869229/; classtype:trojan-activity;sid:84732329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8f6186"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869230/; classtype:trojan-activity;sid:84732330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e26810"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869231/; classtype:trojan-activity;sid:84732331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9d880a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869232/; classtype:trojan-activity;sid:84732332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d468fa"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869233/; classtype:trojan-activity;sid:84732333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1cf3cd"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869234/; classtype:trojan-activity;sid:84732334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/260d"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869235/; classtype:trojan-activity;sid:84732335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4jss"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869236/; classtype:trojan-activity;sid:84732336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fcbb51"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869204/; classtype:trojan-activity;sid:84732304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6bef08"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869205/; classtype:trojan-activity;sid:84732305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfca01"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869206/; classtype:trojan-activity;sid:84732306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.125.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869203/; classtype:trojan-activity;sid:84732303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"220.202.65.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869202/; classtype:trojan-activity;sid:84732302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.28.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869201/; classtype:trojan-activity;sid:84732301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.5.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869200/; classtype:trojan-activity;sid:84732300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.143.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869199/; classtype:trojan-activity;sid:84732299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.74.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869198/; classtype:trojan-activity;sid:84732298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0364a39e-c80f-45ee-a729-972320e682a7"; depth:47; endswith; nocase; http.host; content:"7plygnzn.megaparibet.win"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869197/; classtype:trojan-activity;sid:84732297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.232.183.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869196/; classtype:trojan-activity;sid:84732296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"2.25.179.221"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869195/; classtype:trojan-activity;sid:84732295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869194/; classtype:trojan-activity;sid:84732294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.192.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869193/; classtype:trojan-activity;sid:84732293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869192/; classtype:trojan-activity;sid:84732292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869191/; classtype:trojan-activity;sid:84732291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e2f94762-ecd2-44d2-bd85-e40627bde980"; depth:47; endswith; nocase; http.host; content:"x0t2a0jb.raftarsazmani.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869190/; classtype:trojan-activity;sid:84732290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.55.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869189/; classtype:trojan-activity;sid:84732289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.160.141.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869188/; classtype:trojan-activity;sid:84732288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3614a9c5-ca8a-4a5d-9950-a48239e3639e"; depth:47; endswith; nocase; http.host; content:"ujlo7o5o.readthisintro.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869187/; classtype:trojan-activity;sid:84732287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869185/; classtype:trojan-activity;sid:84732285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869186/; classtype:trojan-activity;sid:84732286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.192.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869184/; classtype:trojan-activity;sid:84732284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.215.65"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869183/; classtype:trojan-activity;sid:84732283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.215.65"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869182/; classtype:trojan-activity;sid:84732282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.55.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869181/; classtype:trojan-activity;sid:84732281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cqehd"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869179/; classtype:trojan-activity;sid:84732279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fut_fest.msi"; depth:13; endswith; nocase; http.host; content:"softwaredesing.x10.mx"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869180/; classtype:trojan-activity;sid:84732280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.66.205.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869177/; classtype:trojan-activity;sid:84732277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.250.214"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869178/; classtype:trojan-activity;sid:84732278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=172ec75e-a191-4e5d-a1e3-c5117af58cb5"; depth:47; endswith; nocase; http.host; content:"195q2fia.readthisintro.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869176/; classtype:trojan-activity;sid:84732276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.55.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869174/; classtype:trojan-activity;sid:84732274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.36.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869175/; classtype:trojan-activity;sid:84732275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869172/; classtype:trojan-activity;sid:84732272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869173/; classtype:trojan-activity;sid:84732273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiqep"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869171/; classtype:trojan-activity;sid:84732271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zysce"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869156/; classtype:trojan-activity;sid:84732256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anwad"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869157/; classtype:trojan-activity;sid:84732257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyalc/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869158/; classtype:trojan-activity;sid:84732258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rjvfy"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869159/; classtype:trojan-activity;sid:84732259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qshdl"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869160/; classtype:trojan-activity;sid:84732260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyihx"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869161/; classtype:trojan-activity;sid:84732261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jpltm"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869162/; classtype:trojan-activity;sid:84732262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ezcls"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869163/; classtype:trojan-activity;sid:84732263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncaey"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869164/; classtype:trojan-activity;sid:84732264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrrtu"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869165/; classtype:trojan-activity;sid:84732265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxilw"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869166/; classtype:trojan-activity;sid:84732266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lydhb"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869167/; classtype:trojan-activity;sid:84732267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rwacm"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869168/; classtype:trojan-activity;sid:84732268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxdpx"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869169/; classtype:trojan-activity;sid:84732269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/access.log:80"; depth:23; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869170/; classtype:trojan-activity;sid:84732270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odalc/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869154/; classtype:trojan-activity;sid:84732254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riary"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869155/; classtype:trojan-activity;sid:84732255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eccsd/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869150/; classtype:trojan-activity;sid:84732250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkgaa"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869151/; classtype:trojan-activity;sid:84732251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/optimized_msi.png"; depth:23; endswith; nocase; http.host; content:"hostphpwindowsappsconecting.ydns.eu"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869152/; classtype:trojan-activity;sid:84732252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcigr"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869153/; classtype:trojan-activity;sid:84732253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggldg"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869148/; classtype:trojan-activity;sid:84732248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kovhap/"; depth:8; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869149/; classtype:trojan-activity;sid:84732249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qxijp/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869146/; classtype:trojan-activity;sid:84732246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyalcp/"; depth:8; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869147/; classtype:trojan-activity;sid:84732247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyjpj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869145/; classtype:trojan-activity;sid:84732245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itthy"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869144/; classtype:trojan-activity;sid:84732244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yhcda"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869143/; classtype:trojan-activity;sid:84732243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ygpsp/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869141/; classtype:trojan-activity;sid:84732241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/optimized_msi.png"; depth:25; endswith; nocase; http.host; content:"poxupload2.biz"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869142/; classtype:trojan-activity;sid:84732242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.48.133"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869139/; classtype:trojan-activity;sid:84732239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrvnd//"; depth:8; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869140/; classtype:trojan-activity;sid:84732240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jjsto"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869121/; classtype:trojan-activity;sid:84732221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ribfwp"; depth:7; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869122/; classtype:trojan-activity;sid:84732222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdeaa"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869123/; classtype:trojan-activity;sid:84732223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svqqf"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869124/; classtype:trojan-activity;sid:84732224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voejn"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869125/; classtype:trojan-activity;sid:84732225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxmay"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869126/; classtype:trojan-activity;sid:84732226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ysxpq2c20https3a/pub-ce02802067934e0eb072f69bf6427bf6.r2.dev/"; depth:62; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869127/; classtype:trojan-activity;sid:84732227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"66.63.170.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869128/; classtype:trojan-activity;sid:84732228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qvtmd/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869129/; classtype:trojan-activity;sid:84732229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ktixl"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869130/; classtype:trojan-activity;sid:84732230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qnymu"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869131/; classtype:trojan-activity;sid:84732231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulucj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869132/; classtype:trojan-activity;sid:84732232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mqerj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869133/; classtype:trojan-activity;sid:84732233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptazf/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869134/; classtype:trojan-activity;sid:84732234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xgvnz"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869135/; classtype:trojan-activity;sid:84732235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dmuus"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869136/; classtype:trojan-activity;sid:84732236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wabwl/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869137/; classtype:trojan-activity;sid:84732237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"radialnet.za.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869119/; classtype:trojan-activity;sid:84732219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/99_msi.png"; depth:11; endswith; nocase; http.host; content:"147.124.214.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869120/; classtype:trojan-activity;sid:84732220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ribfw"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869115/; classtype:trojan-activity;sid:84732215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyeql"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869116/; classtype:trojan-activity;sid:84732216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riaryh"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869117/; classtype:trojan-activity;sid:84732217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggwgp/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869118/; classtype:trojan-activity;sid:84732218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/optimized_msi19june.png"; depth:28; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869111/; classtype:trojan-activity;sid:84732211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwqxl/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869112/; classtype:trojan-activity;sid:84732212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eapfp"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869113/; classtype:trojan-activity;sid:84732213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kovha/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869114/; classtype:trojan-activity;sid:84732214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wuswb/2c20http3a/"; depth:18; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869109/; classtype:trojan-activity;sid:84732209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vemrp"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869110/; classtype:trojan-activity;sid:84732210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuxpt"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869104/; classtype:trojan-activity;sid:84732204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jyvki"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869105/; classtype:trojan-activity;sid:84732205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uawix"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869106/; classtype:trojan-activity;sid:84732206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwdra/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869107/; classtype:trojan-activity;sid:84732207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpeqt/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869108/; classtype:trojan-activity;sid:84732208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6edca2a6606f7c3f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869103/; classtype:trojan-activity;sid:84732203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aatuwmwhf37.bin"; depth:16; endswith; nocase; http.host; content:"tu.feyhaum.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869101/; classtype:trojan-activity;sid:84732201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1p0i-puyxw6mxxedfshx2exf10nxpj0t8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869102/; classtype:trojan-activity;sid:84732202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sh1oijoz9yiyh0trpwvbt8ibsatavg0w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869100/; classtype:trojan-activity;sid:84732200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/littoral.sea"; depth:13; endswith; nocase; http.host; content:"tu.feyhaum.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869099/; classtype:trojan-activity;sid:84732199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/stego_payload.png"; depth:20; endswith; nocase; http.host; content:"badeer.fit"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869098/; classtype:trojan-activity;sid:84732198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.66.205.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869097/; classtype:trojan-activity;sid:84732197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1-w88qgends6xkwxclitrzo70m8rp0uem"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869096/; classtype:trojan-activity;sid:84732196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jdcpbealxpi5fkjcakk_b_n7mqzthyeq"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869095/; classtype:trojan-activity;sid:84732195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869094/; classtype:trojan-activity;sid:84732194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.3.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869093/; classtype:trojan-activity;sid:84732193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.75.240"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869092/; classtype:trojan-activity;sid:84732192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.55.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869091/; classtype:trojan-activity;sid:84732191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cd50d3f8-6f05-4a96-9913-b9d0ff97b2b8"; depth:47; endswith; nocase; http.host; content:"r7ytgqqz.megapariwin.casino"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869090/; classtype:trojan-activity;sid:84732190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.42.230"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869089/; classtype:trojan-activity;sid:84732189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dabe0920-9d61-4f50-a32d-549964555bab"; depth:47; endswith; nocase; http.host; content:"fjaoi5is.megaparibet.vip"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869088/; classtype:trojan-activity;sid:84732188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869087/; classtype:trojan-activity;sid:84732187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.75.240"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869086/; classtype:trojan-activity;sid:84732186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.252.234.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869084/; classtype:trojan-activity;sid:84732184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.252.234.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869085/; classtype:trojan-activity;sid:84732185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.8.85.37"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869083/; classtype:trojan-activity;sid:84732183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.59.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869082/; classtype:trojan-activity;sid:84732182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.242.189.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869081/; classtype:trojan-activity;sid:84732181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.198.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869080/; classtype:trojan-activity;sid:84732180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.248.26"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869079/; classtype:trojan-activity;sid:84732179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.198.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869077/; classtype:trojan-activity;sid:84732177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.16.189"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869078/; classtype:trojan-activity;sid:84732178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtp_21_06_26_mp4.apk"; depth:21; endswith; nocase; http.host; content:"register-dtp.online"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869076/; classtype:trojan-activity;sid:84732176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"photodpt-rus.vercel.app"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869075/; classtype:trojan-activity;sid:84732175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.103.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869074/; classtype:trojan-activity;sid:84732174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.103.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869073/; classtype:trojan-activity;sid:84732173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.85.37"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869072/; classtype:trojan-activity;sid:84732172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.85.37"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869071/; classtype:trojan-activity;sid:84732171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869070/; classtype:trojan-activity;sid:84732170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.205.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869069/; classtype:trojan-activity;sid:84732169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.205.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869068/; classtype:trojan-activity;sid:84732168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.176.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869067/; classtype:trojan-activity;sid:84732167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rms.exe"; depth:8; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869066/; classtype:trojan-activity;sid:84732166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/total_3.5754.10.5_install.exe"; depth:30; endswith; nocase; http.host; content:"192.162.199.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869065/; classtype:trojan-activity;sid:84732165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1-ztv0qwr_8cwp9bvywf51qpy3fzp43e7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869064/; classtype:trojan-activity;sid:84732164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11bg9ln_kgcsdclaczrtidgpn5zieuw_r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869063/; classtype:trojan-activity;sid:84732163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sd2vh5yflqtmmfexttiumzrlgafjk6fy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869061/; classtype:trojan-activity;sid:84732161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1toze3brnbdhqhvo5wbsywrynsjjsxm-w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869062/; classtype:trojan-activity;sid:84732162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nmast8kcyfky4acuqghn3h6lyvvzrvlt"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869060/; classtype:trojan-activity;sid:84732160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.230.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869058/; classtype:trojan-activity;sid:84732158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.217.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869059/; classtype:trojan-activity;sid:84732159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1mmq_3m8yd11_kjqnbwy0bot1hngfkf3j"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869057/; classtype:trojan-activity;sid:84732157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stubblassed.ps1"; depth:16; endswith; nocase; http.host; content:"mail.avicennaalliedhealthinstitute.org"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869056/; classtype:trojan-activity;sid:84732156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.255.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869055/; classtype:trojan-activity;sid:84732155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1da80f82-18fc-44f0-a5c7-8a5c8656cb07"; depth:47; endswith; nocase; http.host; content:"izm84irm.megaparibet.poker"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869054/; classtype:trojan-activity;sid:84732154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.182.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869053/; classtype:trojan-activity;sid:84732153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"2.25.179.221"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869052/; classtype:trojan-activity;sid:84732152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"2.25.179.221"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869051/; classtype:trojan-activity;sid:84732151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_257b193c5ef8d4a4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869047/; classtype:trojan-activity;sid:84732147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_dca588b4a35ef8c6.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869048/; classtype:trojan-activity;sid:84732148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_98db67ec4791c842.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869049/; classtype:trojan-activity;sid:84732149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_56026e2e622d7f9f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869050/; classtype:trojan-activity;sid:84732150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.11.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869046/; classtype:trojan-activity;sid:84732146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.75.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869045/; classtype:trojan-activity;sid:84732145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.182.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869044/; classtype:trojan-activity;sid:84732144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.32.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869043/; classtype:trojan-activity;sid:84732143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.10.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869042/; classtype:trojan-activity;sid:84732142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"156.146.25.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869041/; classtype:trojan-activity;sid:84732141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.54.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869040/; classtype:trojan-activity;sid:84732140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.214.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869039/; classtype:trojan-activity;sid:84732139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.226.152"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869038/; classtype:trojan-activity;sid:84732138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.35.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869037/; classtype:trojan-activity;sid:84732137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.27.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869036/; classtype:trojan-activity;sid:84732136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"156.146.25.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869035/; classtype:trojan-activity;sid:84732135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.54.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869034/; classtype:trojan-activity;sid:84732134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.13.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869033/; classtype:trojan-activity;sid:84732133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=df9a7de1-d644-47ef-9938-ffdbb23e3bdf"; depth:47; endswith; nocase; http.host; content:"nwkvg7b4.qurankarim.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869032/; classtype:trojan-activity;sid:84732132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.3.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869031/; classtype:trojan-activity;sid:84732131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.ppc"; depth:13; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869030/; classtype:trojan-activity;sid:84732130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.arm5"; depth:14; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869022/; classtype:trojan-activity;sid:84732122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.arm7"; depth:14; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869023/; classtype:trojan-activity;sid:84732123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.x86"; depth:13; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869024/; classtype:trojan-activity;sid:84732124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.sparc"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869025/; classtype:trojan-activity;sid:84732125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.m68k"; depth:14; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869026/; classtype:trojan-activity;sid:84732126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.mips"; depth:14; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869027/; classtype:trojan-activity;sid:84732127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.arm6"; depth:14; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869028/; classtype:trojan-activity;sid:84732128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869029/; classtype:trojan-activity;sid:84732129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.187.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869021/; classtype:trojan-activity;sid:84732121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.sh4"; depth:13; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869015/; classtype:trojan-activity;sid:84732115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.dbg"; depth:13; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869016/; classtype:trojan-activity;sid:84732116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.arm4"; depth:14; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869017/; classtype:trojan-activity;sid:84732117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.mpsl"; depth:14; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869018/; classtype:trojan-activity;sid:84732118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.x86_32"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869019/; classtype:trojan-activity;sid:84732119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/nerv.x86_64"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869020/; classtype:trojan-activity;sid:84732120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8360b9b1-06d0-48cc-b272-e6bb90dc91c4"; depth:47; endswith; nocase; http.host; content:"73mabfum.303bet.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869014/; classtype:trojan-activity;sid:84732114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=90b80b61-a92d-4956-b06f-967bcaeacd12"; depth:47; endswith; nocase; http.host; content:"27hrchzs.megaparibet.games"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869013/; classtype:trojan-activity;sid:84732113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.106.86"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869012/; classtype:trojan-activity;sid:84732112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.77.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869011/; classtype:trojan-activity;sid:84732111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.36.204"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869010/; classtype:trojan-activity;sid:84732110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.84.134.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869009/; classtype:trojan-activity;sid:84732109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.187.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869008/; classtype:trojan-activity;sid:84732108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.8.92"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869007/; classtype:trojan-activity;sid:84732107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.157.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869006/; classtype:trojan-activity;sid:84732106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.36.204"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869005/; classtype:trojan-activity;sid:84732105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.142.242"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869004/; classtype:trojan-activity;sid:84732104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c11b8973-bf9b-45ef-aca0-4912022ea7d4"; depth:47; endswith; nocase; http.host; content:"qt0z6jqj.megaparibet.casino"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869003/; classtype:trojan-activity;sid:84732103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.91.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869002/; classtype:trojan-activity;sid:84732102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.181.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869001/; classtype:trojan-activity;sid:84732101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3869000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.86.38.187"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3869000/; classtype:trojan-activity;sid:84732100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.157.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868998/; classtype:trojan-activity;sid:84732098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.86.38.187"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868999/; classtype:trojan-activity;sid:84732099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.29.201.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868997/; classtype:trojan-activity;sid:84732097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.176.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868996/; classtype:trojan-activity;sid:84732096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.20.31.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868995/; classtype:trojan-activity;sid:84732095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.91.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868994/; classtype:trojan-activity;sid:84732094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.91.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868993/; classtype:trojan-activity;sid:84732093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.138.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868992/; classtype:trojan-activity;sid:84732092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"71.207.128.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868991/; classtype:trojan-activity;sid:84732091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.30.112"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868990/; classtype:trojan-activity;sid:84732090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.29.201.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868989/; classtype:trojan-activity;sid:84732089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6461681f-9e79-418c-ad98-759631571fe1"; depth:47; endswith; nocase; http.host; content:"94tny3fa.gamebc.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868988/; classtype:trojan-activity;sid:84732088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.20.31.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868987/; classtype:trojan-activity;sid:84732087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.85.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868986/; classtype:trojan-activity;sid:84732086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868985/; classtype:trojan-activity;sid:84732085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.180.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868984/; classtype:trojan-activity;sid:84732084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"71.207.128.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868983/; classtype:trojan-activity;sid:84732083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7352ee3f-621e-416c-88f1-5440db8ee265"; depth:47; endswith; nocase; http.host; content:"bxdc6z4b.betmegapari.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868982/; classtype:trojan-activity;sid:84732082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5a6bb4745f14186f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868981/; classtype:trojan-activity;sid:84732081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.160.141.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868980/; classtype:trojan-activity;sid:84732080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.180.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868978/; classtype:trojan-activity;sid:84732078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.181.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868979/; classtype:trojan-activity;sid:84732079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/je5io4.sh"; depth:10; endswith; nocase; http.host; content:"176.65.139.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868977/; classtype:trojan-activity;sid:84732077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868976/; classtype:trojan-activity;sid:84732076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.48.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868975/; classtype:trojan-activity;sid:84732075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.29.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868974/; classtype:trojan-activity;sid:84732074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.123.145.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868973/; classtype:trojan-activity;sid:84732073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868972/; classtype:trojan-activity;sid:84732072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.48.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868971/; classtype:trojan-activity;sid:84732071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.57.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868970/; classtype:trojan-activity;sid:84732070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.123.145.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868969/; classtype:trojan-activity;sid:84732069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.236.48"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868968/; classtype:trojan-activity;sid:84732068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.57.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868967/; classtype:trojan-activity;sid:84732067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.120.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868966/; classtype:trojan-activity;sid:84732066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868965/; classtype:trojan-activity;sid:84732065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.140.217.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868964/; classtype:trojan-activity;sid:84732064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.29.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868963/; classtype:trojan-activity;sid:84732063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.247.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868962/; classtype:trojan-activity;sid:84732062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.6.172"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868961/; classtype:trojan-activity;sid:84732061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.27.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868960/; classtype:trojan-activity;sid:84732060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.187.29.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868959/; classtype:trojan-activity;sid:84732059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.186.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868958/; classtype:trojan-activity;sid:84732058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.247.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868957/; classtype:trojan-activity;sid:84732057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.84.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868956/; classtype:trojan-activity;sid:84732056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b29e08dc8252bb79.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868955/; classtype:trojan-activity;sid:84732055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.6.172"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868954/; classtype:trojan-activity;sid:84732054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.131.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868953/; classtype:trojan-activity;sid:84732053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.16.189"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868952/; classtype:trojan-activity;sid:84732052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=33e7dd8b-b19d-4396-8075-cd8edc1b4841"; depth:47; endswith; nocase; http.host; content:"qraju7pt.betmegapari.net"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868951/; classtype:trojan-activity;sid:84732051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.220"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868950/; classtype:trojan-activity;sid:84732050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.187.29.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868949/; classtype:trojan-activity;sid:84732049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.131.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868948/; classtype:trojan-activity;sid:84732048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.1.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868947/; classtype:trojan-activity;sid:84732047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.26.61.167"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868946/; classtype:trojan-activity;sid:84732046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.101.187.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868945/; classtype:trojan-activity;sid:84732045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.229.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868944/; classtype:trojan-activity;sid:84732044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.4.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868943/; classtype:trojan-activity;sid:84732043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a5aa14e2-53a4-4b23-89e0-3718c9c7fc02"; depth:47; endswith; nocase; http.host; content:"34va0c3e.bio90.football"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868942/; classtype:trojan-activity;sid:84732042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.140.217.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_22; reference:url, urlhaus.abuse.ch/url/3868941/; classtype:trojan-activity;sid:84732041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.228.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868940/; classtype:trojan-activity;sid:84732040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=59043426-8473-4a7d-a8f5-2fddceecfc5a"; depth:47; endswith; nocase; http.host; content:"uqz8xcw9.gamebc.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868939/; classtype:trojan-activity;sid:84732039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.200.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868938/; classtype:trojan-activity;sid:84732038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.138.191.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868937/; classtype:trojan-activity;sid:84732037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.4.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868936/; classtype:trojan-activity;sid:84732036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.200.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868935/; classtype:trojan-activity;sid:84732035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=185f1b81-97dc-4e65-bde3-9e99f131632e"; depth:47; endswith; nocase; http.host; content:"zsrqcgeo.1xyek.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868934/; classtype:trojan-activity;sid:84732034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.187.236.48"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868933/; classtype:trojan-activity;sid:84732033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.198.88"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868932/; classtype:trojan-activity;sid:84732032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.214.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868931/; classtype:trojan-activity;sid:84732031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.30.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868930/; classtype:trojan-activity;sid:84732030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.119.182.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868929/; classtype:trojan-activity;sid:84732029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.59.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868928/; classtype:trojan-activity;sid:84732028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.59.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868927/; classtype:trojan-activity;sid:84732027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1781548144/qkbrolh.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868926/; classtype:trojan-activity;sid:84732026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.70.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868925/; classtype:trojan-activity;sid:84732025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.78.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868924/; classtype:trojan-activity;sid:84732024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.30.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868923/; classtype:trojan-activity;sid:84732023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.229.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868922/; classtype:trojan-activity;sid:84732022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6c77646c-f21f-44ff-91a6-3477a9542899"; depth:47; endswith; nocase; http.host; content:"q10plfmg.bcgame.poker"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868921/; classtype:trojan-activity;sid:84732021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.46.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868920/; classtype:trojan-activity;sid:84732020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.223.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868919/; classtype:trojan-activity;sid:84732019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.76.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868918/; classtype:trojan-activity;sid:84732018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.36.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868917/; classtype:trojan-activity;sid:84732017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.85.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868916/; classtype:trojan-activity;sid:84732016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.249.183.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868915/; classtype:trojan-activity;sid:84732015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.0.107"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868914/; classtype:trojan-activity;sid:84732014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.46.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868913/; classtype:trojan-activity;sid:84732013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.58.225.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868912/; classtype:trojan-activity;sid:84732012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.36.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868911/; classtype:trojan-activity;sid:84732011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.232.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868910/; classtype:trojan-activity;sid:84732010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.226.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868909/; classtype:trojan-activity;sid:84732009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.0.107"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868908/; classtype:trojan-activity;sid:84732008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.22.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868907/; classtype:trojan-activity;sid:84732007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.205.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868906/; classtype:trojan-activity;sid:84732006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.22.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868905/; classtype:trojan-activity;sid:84732005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.233.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868904/; classtype:trojan-activity;sid:84732004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.233.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868903/; classtype:trojan-activity;sid:84732003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.205.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868902/; classtype:trojan-activity;sid:84732002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=88a15594-f571-4446-b4f1-553cdaa86076"; depth:47; endswith; nocase; http.host; content:"jettvp45.taktikbetkade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868901/; classtype:trojan-activity;sid:84732001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.18.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868900/; classtype:trojan-activity;sid:84732000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.174.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868899/; classtype:trojan-activity;sid:84731999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d907d39376010965.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868898/; classtype:trojan-activity;sid:84731998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0e9ab0c1-5d62-4b23-9d6f-c0584832e9dc"; depth:47; endswith; nocase; http.host; content:"n8n69sm2.bcgameiran.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868897/; classtype:trojan-activity;sid:84731997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.35.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868896/; classtype:trojan-activity;sid:84731996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.6.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868895/; classtype:trojan-activity;sid:84731995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f5040799-e869-4d7c-b0e7-fd361ff9310c"; depth:47; endswith; nocase; http.host; content:"jb9ff818.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868894/; classtype:trojan-activity;sid:84731994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.120.249"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868893/; classtype:trojan-activity;sid:84731993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.18.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868892/; classtype:trojan-activity;sid:84731992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.91.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868891/; classtype:trojan-activity;sid:84731991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.51.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868890/; classtype:trojan-activity;sid:84731990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.6.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868889/; classtype:trojan-activity;sid:84731989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.224.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868888/; classtype:trojan-activity;sid:84731988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868887/; classtype:trojan-activity;sid:84731987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.249.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868886/; classtype:trojan-activity;sid:84731986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.186.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868885/; classtype:trojan-activity;sid:84731985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.99.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868884/; classtype:trojan-activity;sid:84731984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e58f36"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868883/; classtype:trojan-activity;sid:84731983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns2.jpg"; depth:8; endswith; nocase; http.host; content:"162.215.218.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868882/; classtype:trojan-activity;sid:84731982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb35de"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868873/; classtype:trojan-activity;sid:84731973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13a883"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868874/; classtype:trojan-activity;sid:84731974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a85535"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868875/; classtype:trojan-activity;sid:84731975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0be9a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868876/; classtype:trojan-activity;sid:84731976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d8adde"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868877/; classtype:trojan-activity;sid:84731977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/351328"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868878/; classtype:trojan-activity;sid:84731978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/603b1c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868879/; classtype:trojan-activity;sid:84731979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5wg"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868880/; classtype:trojan-activity;sid:84731980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v6dl"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868881/; classtype:trojan-activity;sid:84731981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868872/; classtype:trojan-activity;sid:84731972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b94144"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868862/; classtype:trojan-activity;sid:84731962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/863e7c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868863/; classtype:trojan-activity;sid:84731963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/mipsel"; depth:15; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868864/; classtype:trojan-activity;sid:84731964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/arm7"; depth:13; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868865/; classtype:trojan-activity;sid:84731965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leg7"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868866/; classtype:trojan-activity;sid:84731966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldfq"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868867/; classtype:trojan-activity;sid:84731967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/mips"; depth:13; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868868/; classtype:trojan-activity;sid:84731968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ojv"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868869/; classtype:trojan-activity;sid:84731969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868870/; classtype:trojan-activity;sid:84731970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/arm5"; depth:13; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868871/; classtype:trojan-activity;sid:84731971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/345c4e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868858/; classtype:trojan-activity;sid:84731958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868859/; classtype:trojan-activity;sid:84731959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1bcdc8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868860/; classtype:trojan-activity;sid:84731960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brfb"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868861/; classtype:trojan-activity;sid:84731961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baa3db"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868837/; classtype:trojan-activity;sid:84731937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2752f0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868838/; classtype:trojan-activity;sid:84731938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7955fc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868839/; classtype:trojan-activity;sid:84731939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05d0cb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868840/; classtype:trojan-activity;sid:84731940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f2443"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868841/; classtype:trojan-activity;sid:84731941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/113748"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868842/; classtype:trojan-activity;sid:84731942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eda392"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868843/; classtype:trojan-activity;sid:84731943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb3b8f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868844/; classtype:trojan-activity;sid:84731944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9bab4b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868845/; classtype:trojan-activity;sid:84731945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f66d19"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868846/; classtype:trojan-activity;sid:84731946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a35c4e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868847/; classtype:trojan-activity;sid:84731947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eed7e2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868848/; classtype:trojan-activity;sid:84731948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aff262"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868849/; classtype:trojan-activity;sid:84731949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6aa31c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868850/; classtype:trojan-activity;sid:84731950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f85a3b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868851/; classtype:trojan-activity;sid:84731951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uhj"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868852/; classtype:trojan-activity;sid:84731952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f6n"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868853/; classtype:trojan-activity;sid:84731953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6k2"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868854/; classtype:trojan-activity;sid:84731954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ynu"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868855/; classtype:trojan-activity;sid:84731955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vugu"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868856/; classtype:trojan-activity;sid:84731956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ey"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868857/; classtype:trojan-activity;sid:84731957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868834/; classtype:trojan-activity;sid:84731934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rcf"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868835/; classtype:trojan-activity;sid:84731935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qe5y"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868836/; classtype:trojan-activity;sid:84731936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/981ea2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868833/; classtype:trojan-activity;sid:84731933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868829/; classtype:trojan-activity;sid:84731929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868830/; classtype:trojan-activity;sid:84731930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/arm"; depth:12; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868831/; classtype:trojan-activity;sid:84731931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868832/; classtype:trojan-activity;sid:84731932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b97a5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868822/; classtype:trojan-activity;sid:84731922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05e7f4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868823/; classtype:trojan-activity;sid:84731923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d56300"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868824/; classtype:trojan-activity;sid:84731924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bbcc0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868825/; classtype:trojan-activity;sid:84731925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a4eb82"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868826/; classtype:trojan-activity;sid:84731926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85ef0d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868827/; classtype:trojan-activity;sid:84731927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nx4f"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868828/; classtype:trojan-activity;sid:84731928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0c5c16"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868820/; classtype:trojan-activity;sid:84731920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9d37f3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868821/; classtype:trojan-activity;sid:84731921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.224.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868819/; classtype:trojan-activity;sid:84731919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.122.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868818/; classtype:trojan-activity;sid:84731918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heilongbotnet.arm7"; depth:19; endswith; nocase; http.host; content:"31.56.209.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868817/; classtype:trojan-activity;sid:84731917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heilong.apk"; depth:12; endswith; nocase; http.host; content:"31.56.209.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868816/; classtype:trojan-activity;sid:84731916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.200.216.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868815/; classtype:trojan-activity;sid:84731915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.203.239"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868814/; classtype:trojan-activity;sid:84731914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.203.239"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868813/; classtype:trojan-activity;sid:84731913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.122.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868812/; classtype:trojan-activity;sid:84731912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.221.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868811/; classtype:trojan-activity;sid:84731911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0a28e243-c858-4fbc-b38c-34b86149ee35"; depth:47; endswith; nocase; http.host; content:"ut7worjq.1x303.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868809/; classtype:trojan-activity;sid:84731909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3dcacdb9-68d7-4a42-b910-ecdd4d6c617f"; depth:47; endswith; nocase; http.host; content:"kbm5utm8.shart303.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868808/; classtype:trojan-activity;sid:84731908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vmware-setup.msi"; depth:17; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868807/; classtype:trojan-activity;sid:84731907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deploy_softwaretech.sh"; depth:23; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868806/; classtype:trojan-activity;sid:84731906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.165.157.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868805/; classtype:trojan-activity;sid:84731905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/38e194c0f80a05375977eadf123c7abb"; depth:43; endswith; nocase; http.host; content:"77.90.41.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868804/; classtype:trojan-activity;sid:84731904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/c4337bc932ec7ac0f8a1368cf444a003"; depth:43; endswith; nocase; http.host; content:"cdn.privatefile.host"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868803/; classtype:trojan-activity;sid:84731903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/c4337bc932ec7ac0f8a1368cf444a003"; depth:43; endswith; nocase; http.host; content:"77.90.41.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868802/; classtype:trojan-activity;sid:84731902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/79fa0ef13c04d252be3860c9ca8560fe"; depth:43; endswith; nocase; http.host; content:"cdn.privatefile.host"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868801/; classtype:trojan-activity;sid:84731901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/79fa0ef13c04d252be3860c9ca8560fe"; depth:43; endswith; nocase; http.host; content:"77.90.41.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868800/; classtype:trojan-activity;sid:84731900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/063935fd7849651eab889f519e9c7f64"; depth:43; endswith; nocase; http.host; content:"cdn.privatefile.host"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868798/; classtype:trojan-activity;sid:84731898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/46f82cd809e6896a6a2a7b9349d2035c"; depth:43; endswith; nocase; http.host; content:"77.90.41.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868799/; classtype:trojan-activity;sid:84731899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/063935fd7849651eab889f519e9c7f64"; depth:43; endswith; nocase; http.host; content:"77.90.41.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868797/; classtype:trojan-activity;sid:84731897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/46f82cd809e6896a6a2a7b9349d2035c"; depth:43; endswith; nocase; http.host; content:"cdn.privatefile.host"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868796/; classtype:trojan-activity;sid:84731896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/73aa37e5d41cd5b21741ed115b761732"; depth:43; endswith; nocase; http.host; content:"77.90.41.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868795/; classtype:trojan-activity;sid:84731895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/73aa37e5d41cd5b21741ed115b761732"; depth:43; endswith; nocase; http.host; content:"cdn.privatefile.host"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868794/; classtype:trojan-activity;sid:84731894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/38e194c0f80a05375977eadf123c7abb"; depth:43; endswith; nocase; http.host; content:"cdn.privatefile.host"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868793/; classtype:trojan-activity;sid:84731893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/soundpack.zip"; depth:24; endswith; nocase; http.host; content:"www.paperrig.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868788/; classtype:trojan-activity;sid:84731888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/glass-to-spawner.jar"; depth:31; endswith; nocase; http.host; content:"www.paperrig.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868789/; classtype:trojan-activity;sid:84731889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/v2.zip"; depth:17; endswith; nocase; http.host; content:"www.paperrig.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868790/; classtype:trojan-activity;sid:84731890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/b4820d907eff50dedb47027e4e0a08bc"; depth:43; endswith; nocase; http.host; content:"cdn.privatefile.host"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868791/; classtype:trojan-activity;sid:84731891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/cdn/f/b4820d907eff50dedb47027e4e0a08bc"; depth:43; endswith; nocase; http.host; content:"77.90.41.3"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868792/; classtype:trojan-activity;sid:84731892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/fakepay.jar"; depth:22; endswith; nocase; http.host; content:"www.paperrig.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868787/; classtype:trojan-activity;sid:84731887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.165.157.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868786/; classtype:trojan-activity;sid:84731886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.221.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868785/; classtype:trojan-activity;sid:84731885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b6244de1-ed51-408d-89b2-2ae5b36f7e6e"; depth:47; endswith; nocase; http.host; content:"gdxai3cp.shart.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868784/; classtype:trojan-activity;sid:84731884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"42.54.3.39"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868783/; classtype:trojan-activity;sid:84731883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868782/; classtype:trojan-activity;sid:84731882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.50.19"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868781/; classtype:trojan-activity;sid:84731881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.tgz"; depth:12; endswith; nocase; http.host; content:"162.215.218.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868780/; classtype:trojan-activity;sid:84731880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.50.19"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868779/; classtype:trojan-activity;sid:84731879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868778/; classtype:trojan-activity;sid:84731878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oto"; depth:4; endswith; nocase; http.host; content:"162.215.218.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868777/; classtype:trojan-activity;sid:84731877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.81.98.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868776/; classtype:trojan-activity;sid:84731876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8cb11574-6afb-4fb4-a70c-898c94a71ed8"; depth:47; endswith; nocase; http.host; content:"phitqv0l.ravabetensani.site"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868775/; classtype:trojan-activity;sid:84731875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.81.98.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868774/; classtype:trojan-activity;sid:84731874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.68.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868773/; classtype:trojan-activity;sid:84731873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.187.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868772/; classtype:trojan-activity;sid:84731872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bb006138-4dff-4f04-a3eb-c1a5bf21df70"; depth:47; endswith; nocase; http.host; content:"zonk2dl9.asibshenasiyahya.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868771/; classtype:trojan-activity;sid:84731871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.8.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868770/; classtype:trojan-activity;sid:84731870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.198.88"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868769/; classtype:trojan-activity;sid:84731869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.220.145.75"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868768/; classtype:trojan-activity;sid:84731868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.128.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868767/; classtype:trojan-activity;sid:84731867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.128.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868766/; classtype:trojan-activity;sid:84731866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.7.141"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868765/; classtype:trojan-activity;sid:84731865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.7.141"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868764/; classtype:trojan-activity;sid:84731864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.214.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868762/; classtype:trojan-activity;sid:84731862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.138.114.111"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868763/; classtype:trojan-activity;sid:84731863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.43.219.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868761/; classtype:trojan-activity;sid:84731861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.138.114.111"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868760/; classtype:trojan-activity;sid:84731860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.113.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868759/; classtype:trojan-activity;sid:84731859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.148.97.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868758/; classtype:trojan-activity;sid:84731858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.175.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868757/; classtype:trojan-activity;sid:84731857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output.exe"; depth:11; endswith; nocase; http.host; content:"192.162.199.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868756/; classtype:trojan-activity;sid:84731856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868755/; classtype:trojan-activity;sid:84731855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.113.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868754/; classtype:trojan-activity;sid:84731854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.148.97.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868753/; classtype:trojan-activity;sid:84731853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.73.99"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868752/; classtype:trojan-activity;sid:84731852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.99.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868751/; classtype:trojan-activity;sid:84731851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.241.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868750/; classtype:trojan-activity;sid:84731850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.131.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868749/; classtype:trojan-activity;sid:84731849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.139.62.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868748/; classtype:trojan-activity;sid:84731848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d051667a-d10c-4178-9e73-c878b617f7ca"; depth:47; endswith; nocase; http.host; content:"ah8vpm3o.tafsirnasiri.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868747/; classtype:trojan-activity;sid:84731847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=40b842e1-a2f0-404c-b427-83b1ef06e618"; depth:47; endswith; nocase; http.host; content:"c8u4wod9.shartland.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868746/; classtype:trojan-activity;sid:84731846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.73.3"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868745/; classtype:trojan-activity;sid:84731845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.39.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868744/; classtype:trojan-activity;sid:84731844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.25.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868743/; classtype:trojan-activity;sid:84731843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.182.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868742/; classtype:trojan-activity;sid:84731842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.182.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868741/; classtype:trojan-activity;sid:84731841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.199.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868740/; classtype:trojan-activity;sid:84731840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.199.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868739/; classtype:trojan-activity;sid:84731839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=430d563a-4421-4543-9f73-367aa9af43cd"; depth:47; endswith; nocase; http.host; content:"kefds8uo.zerangbet.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868737/; classtype:trojan-activity;sid:84731837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868738/; classtype:trojan-activity;sid:84731838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.8.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868736/; classtype:trojan-activity;sid:84731836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.70.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868735/; classtype:trojan-activity;sid:84731835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.8.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868734/; classtype:trojan-activity;sid:84731834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c0a1dccf-aa24-42e6-9e58-c53f82ffdf5e"; depth:47; endswith; nocase; http.host; content:"zyppn5vo.riyazishahkilid.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868733/; classtype:trojan-activity;sid:84731833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/v2.zip"; depth:17; endswith; nocase; http.host; content:"paperrig.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868732/; classtype:trojan-activity;sid:84731832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/glass-to-spawner.jar"; depth:31; endswith; nocase; http.host; content:"paperrig.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868731/; classtype:trojan-activity;sid:84731831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/soundpack.zip"; depth:24; endswith; nocase; http.host; content:"paperrig.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868730/; classtype:trojan-activity;sid:84731830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/fakepay.jar"; depth:22; endswith; nocase; http.host; content:"paperrig.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868729/; classtype:trojan-activity;sid:84731829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_03e1dd22b8ec149f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868727/; classtype:trojan-activity;sid:84731827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868728/; classtype:trojan-activity;sid:84731828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f03a4ac2-4ff0-4f5a-8f32-12df3ea32699"; depth:47; endswith; nocase; http.host; content:"6w8npdwb.angizeshfarahani.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868726/; classtype:trojan-activity;sid:84731826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.85.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868725/; classtype:trojan-activity;sid:84731825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.70.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868724/; classtype:trojan-activity;sid:84731824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.8.92"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868722/; classtype:trojan-activity;sid:84731822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.39.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868723/; classtype:trojan-activity;sid:84731823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.147.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868721/; classtype:trojan-activity;sid:84731821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.200.4.39"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868720/; classtype:trojan-activity;sid:84731820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.147.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868719/; classtype:trojan-activity;sid:84731819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.100.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868718/; classtype:trojan-activity;sid:84731818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868717/; classtype:trojan-activity;sid:84731817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.89.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868716/; classtype:trojan-activity;sid:84731816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.74.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868715/; classtype:trojan-activity;sid:84731815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.173.67"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868714/; classtype:trojan-activity;sid:84731814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.100.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868713/; classtype:trojan-activity;sid:84731813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868712/; classtype:trojan-activity;sid:84731812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.89.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868711/; classtype:trojan-activity;sid:84731811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.26.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868710/; classtype:trojan-activity;sid:84731810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.125.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868708/; classtype:trojan-activity;sid:84731808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b7994dc1-d98b-4389-8a1c-566e41ae6338"; depth:47; endswith; nocase; http.host; content:"6xelt3vl.shartplus.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868709/; classtype:trojan-activity;sid:84731809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.122.5"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868707/; classtype:trojan-activity;sid:84731807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.74.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868706/; classtype:trojan-activity;sid:84731806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.7.53"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868705/; classtype:trojan-activity;sid:84731805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.14.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868704/; classtype:trojan-activity;sid:84731804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"156.146.24.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868703/; classtype:trojan-activity;sid:84731803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.74.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868702/; classtype:trojan-activity;sid:84731802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.175.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868700/; classtype:trojan-activity;sid:84731800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=29c59a7e-c8f6-4450-92d0-0e39ec1ff97a"; depth:47; endswith; nocase; http.host; content:"8tgfwtsg.zamineravan.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868701/; classtype:trojan-activity;sid:84731801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.232.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868699/; classtype:trojan-activity;sid:84731799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.27.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868698/; classtype:trojan-activity;sid:84731798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"156.146.24.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868697/; classtype:trojan-activity;sid:84731797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.94.31.253"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868695/; classtype:trojan-activity;sid:84731795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.94.31.253"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868696/; classtype:trojan-activity;sid:84731796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.232.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868694/; classtype:trojan-activity;sid:84731794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868692/; classtype:trojan-activity;sid:84731792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv6"; depth:10; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868693/; classtype:trojan-activity;sid:84731793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i386"; depth:9; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868691/; classtype:trojan-activity;sid:84731791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868689/; classtype:trojan-activity;sid:84731789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.jpg"; depth:6; endswith; nocase; http.host; content:"kickstrean.art"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868690/; classtype:trojan-activity;sid:84731790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/1.jpg"; depth:10; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868688/; classtype:trojan-activity;sid:84731788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv4"; depth:10; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868684/; classtype:trojan-activity;sid:84731784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv7"; depth:10; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868685/; classtype:trojan-activity;sid:84731785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868686/; classtype:trojan-activity;sid:84731786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv5l"; depth:11; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868687/; classtype:trojan-activity;sid:84731787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"124.198.132.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868683/; classtype:trojan-activity;sid:84731783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"124.198.132.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868682/; classtype:trojan-activity;sid:84731782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.21.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868681/; classtype:trojan-activity;sid:84731781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868680/; classtype:trojan-activity;sid:84731780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.122.5"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868679/; classtype:trojan-activity;sid:84731779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.138.128.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868678/; classtype:trojan-activity;sid:84731778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.163.107.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868677/; classtype:trojan-activity;sid:84731777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868676/; classtype:trojan-activity;sid:84731776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.80.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868675/; classtype:trojan-activity;sid:84731775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.80.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868674/; classtype:trojan-activity;sid:84731774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.21.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868673/; classtype:trojan-activity;sid:84731773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.9.35.137"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868672/; classtype:trojan-activity;sid:84731772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"140.237.7.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868671/; classtype:trojan-activity;sid:84731771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f1268677-a220-4abb-b582-1db2329de012"; depth:47; endswith; nocase; http.host; content:"q3wqwvcx.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868670/; classtype:trojan-activity;sid:84731770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.67.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868669/; classtype:trojan-activity;sid:84731769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.49.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868668/; classtype:trojan-activity;sid:84731768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.195.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868667/; classtype:trojan-activity;sid:84731767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.49.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868666/; classtype:trojan-activity;sid:84731766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"140.237.7.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868665/; classtype:trojan-activity;sid:84731765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=485b1aed-be09-4f12-8cfb-d39c46408f8d"; depth:47; endswith; nocase; http.host; content:"yezqbe5v.tarahisystem.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868664/; classtype:trojan-activity;sid:84731764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.25.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868663/; classtype:trojan-activity;sid:84731763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=750af544-cc40-4e01-b5ab-1af6fde9ceb0"; depth:47; endswith; nocase; http.host; content:"4wi7kgpf.tinybetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868662/; classtype:trojan-activity;sid:84731762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.25.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868661/; classtype:trojan-activity;sid:84731761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868660/; classtype:trojan-activity;sid:84731760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=01c443ba-9eeb-4df3-88ff-7802e8625144"; depth:47; endswith; nocase; http.host; content:"xlp38wsp.yekiran.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868659/; classtype:trojan-activity;sid:84731759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.25.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868658/; classtype:trojan-activity;sid:84731758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.77.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868657/; classtype:trojan-activity;sid:84731757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmpsl"; depth:6; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868656/; classtype:trojan-activity;sid:84731756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm"; depth:8; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868655/; classtype:trojan-activity;sid:84731755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmips"; depth:6; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868654/; classtype:trojan-activity;sid:84731754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm5"; depth:9; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868653/; classtype:trojan-activity;sid:84731753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868652/; classtype:trojan-activity;sid:84731752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.125.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868651/; classtype:trojan-activity;sid:84731751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.8.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868650/; classtype:trojan-activity;sid:84731750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.208.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868649/; classtype:trojan-activity;sid:84731749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.208.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868648/; classtype:trojan-activity;sid:84731748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworker_u8"; depth:16; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868647/; classtype:trojan-activity;sid:84731747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bioset0"; depth:13; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868642/; classtype:trojan-activity;sid:84731742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kswapd0"; depth:13; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868643/; classtype:trojan-activity;sid:84731743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ksoftirqd0"; depth:16; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868644/; classtype:trojan-activity;sid:84731744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/edac_polld"; depth:16; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868645/; classtype:trojan-activity;sid:84731745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xfsaild_sda"; depth:17; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868646/; classtype:trojan-activity;sid:84731746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zswap_shrinkd"; depth:19; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868639/; classtype:trojan-activity;sid:84731739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rcuop_0"; depth:13; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868640/; classtype:trojan-activity;sid:84731740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/scsi_tmf_0"; depth:16; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868641/; classtype:trojan-activity;sid:84731741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ecryptfsd"; depth:15; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868638/; classtype:trojan-activity;sid:84731738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cfg80211d"; depth:15; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868633/; classtype:trojan-activity;sid:84731733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.sh"; depth:10; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868634/; classtype:trojan-activity;sid:84731734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/devfreq_wq"; depth:16; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868635/; classtype:trojan-activity;sid:84731735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kblockd0"; depth:14; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868636/; classtype:trojan-activity;sid:84731736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jbd2_sda1d"; depth:16; endswith; nocase; http.host; content:"85.192.40.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868637/; classtype:trojan-activity;sid:84731737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.226.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868632/; classtype:trojan-activity;sid:84731732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.56.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868631/; classtype:trojan-activity;sid:84731731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.197.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868630/; classtype:trojan-activity;sid:84731730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.8.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868629/; classtype:trojan-activity;sid:84731729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.56.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868628/; classtype:trojan-activity;sid:84731728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmix.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868627/; classtype:trojan-activity;sid:84731727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.101.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868626/; classtype:trojan-activity;sid:84731726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.200.4.39"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868625/; classtype:trojan-activity;sid:84731725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.197.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868624/; classtype:trojan-activity;sid:84731724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.101.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868623/; classtype:trojan-activity;sid:84731723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43741c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868621/; classtype:trojan-activity;sid:84731721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ittd"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868622/; classtype:trojan-activity;sid:84731722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y8on"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868620/; classtype:trojan-activity;sid:84731720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/266986"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868618/; classtype:trojan-activity;sid:84731718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3a0dd5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868619/; classtype:trojan-activity;sid:84731719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d9cbab"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868611/; classtype:trojan-activity;sid:84731711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1380fe"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868612/; classtype:trojan-activity;sid:84731712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a978ce"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868613/; classtype:trojan-activity;sid:84731713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26ebb5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868614/; classtype:trojan-activity;sid:84731714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4c213"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868615/; classtype:trojan-activity;sid:84731715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vmu"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868616/; classtype:trojan-activity;sid:84731716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t0kc"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868617/; classtype:trojan-activity;sid:84731717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2545dc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868610/; classtype:trojan-activity;sid:84731710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtie"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868609/; classtype:trojan-activity;sid:84731709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed800c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868605/; classtype:trojan-activity;sid:84731705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8f1b48"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868606/; classtype:trojan-activity;sid:84731706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/49436a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868607/; classtype:trojan-activity;sid:84731707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21a02d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868608/; classtype:trojan-activity;sid:84731708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4227ac"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868602/; classtype:trojan-activity;sid:84731702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g0g"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868603/; classtype:trojan-activity;sid:84731703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvmsupdate"; depth:11; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868604/; classtype:trojan-activity;sid:84731704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ce0e3f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868597/; classtype:trojan-activity;sid:84731697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f93d1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868598/; classtype:trojan-activity;sid:84731698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/172827"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868599/; classtype:trojan-activity;sid:84731699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae8560"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868600/; classtype:trojan-activity;sid:84731700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abecd0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868601/; classtype:trojan-activity;sid:84731701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e92983"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868582/; classtype:trojan-activity;sid:84731682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3193e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868583/; classtype:trojan-activity;sid:84731683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66e576"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868584/; classtype:trojan-activity;sid:84731684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a8187"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868585/; classtype:trojan-activity;sid:84731685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/162d73"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868586/; classtype:trojan-activity;sid:84731686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3f5390"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868587/; classtype:trojan-activity;sid:84731687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3d8453"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868588/; classtype:trojan-activity;sid:84731688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59fa88"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868589/; classtype:trojan-activity;sid:84731689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/168767"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868590/; classtype:trojan-activity;sid:84731690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5win"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868591/; classtype:trojan-activity;sid:84731691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0x5g"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868592/; classtype:trojan-activity;sid:84731692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kbw"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868593/; classtype:trojan-activity;sid:84731693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7t8"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868594/; classtype:trojan-activity;sid:84731694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ika3"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868595/; classtype:trojan-activity;sid:84731695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z7l"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868596/; classtype:trojan-activity;sid:84731696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.ppc440fp"; depth:19; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868581/; classtype:trojan-activity;sid:84731681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/27a229"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868572/; classtype:trojan-activity;sid:84731672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868573/; classtype:trojan-activity;sid:84731673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f14ad7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868574/; classtype:trojan-activity;sid:84731674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1u"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868575/; classtype:trojan-activity;sid:84731675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jkp"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868576/; classtype:trojan-activity;sid:84731676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ewl"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868577/; classtype:trojan-activity;sid:84731677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ukx"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868578/; classtype:trojan-activity;sid:84731678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikjc"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868579/; classtype:trojan-activity;sid:84731679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ma4"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868580/; classtype:trojan-activity;sid:84731680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/523a67"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868568/; classtype:trojan-activity;sid:84731668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb055e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868569/; classtype:trojan-activity;sid:84731669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a84888"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868570/; classtype:trojan-activity;sid:84731670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j1no"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868571/; classtype:trojan-activity;sid:84731671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ebec0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868542/; classtype:trojan-activity;sid:84731642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9e0d2e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868543/; classtype:trojan-activity;sid:84731643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab2e91"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868544/; classtype:trojan-activity;sid:84731644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0d5bc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868545/; classtype:trojan-activity;sid:84731645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6bcbd"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868546/; classtype:trojan-activity;sid:84731646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4acf91"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868547/; classtype:trojan-activity;sid:84731647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29849a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868548/; classtype:trojan-activity;sid:84731648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/344e2b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868549/; classtype:trojan-activity;sid:84731649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1b976"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868550/; classtype:trojan-activity;sid:84731650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f4081d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868551/; classtype:trojan-activity;sid:84731651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d90292"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868552/; classtype:trojan-activity;sid:84731652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59faac"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868553/; classtype:trojan-activity;sid:84731653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23d922"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868554/; classtype:trojan-activity;sid:84731654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e44caa"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868555/; classtype:trojan-activity;sid:84731655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2yr"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868556/; classtype:trojan-activity;sid:84731656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vl0"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868557/; classtype:trojan-activity;sid:84731657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tb3"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868558/; classtype:trojan-activity;sid:84731658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelr"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868559/; classtype:trojan-activity;sid:84731659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ropd"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868560/; classtype:trojan-activity;sid:84731660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l5tm"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868561/; classtype:trojan-activity;sid:84731661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qkbb"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868562/; classtype:trojan-activity;sid:84731662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wca"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868563/; classtype:trojan-activity;sid:84731663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7sae"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868564/; classtype:trojan-activity;sid:84731664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba5bd4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868565/; classtype:trojan-activity;sid:84731665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqo"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868566/; classtype:trojan-activity;sid:84731666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rs9"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868567/; classtype:trojan-activity;sid:84731667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.222.145"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868541/; classtype:trojan-activity;sid:84731641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.222.145"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868540/; classtype:trojan-activity;sid:84731640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/y11.png"; depth:15; endswith; nocase; http.host; content:"www.nccommunication.be"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868539/; classtype:trojan-activity;sid:84731639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.39.255.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868537/; classtype:trojan-activity;sid:84731637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868535/; classtype:trojan-activity;sid:84731635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3ea5e472e881dbd0.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868536/; classtype:trojan-activity;sid:84731636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868526/; classtype:trojan-activity;sid:84731626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv4"; depth:10; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868527/; classtype:trojan-activity;sid:84731627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv5l"; depth:11; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868528/; classtype:trojan-activity;sid:84731628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868529/; classtype:trojan-activity;sid:84731629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv6"; depth:10; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868530/; classtype:trojan-activity;sid:84731630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i386"; depth:9; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868531/; classtype:trojan-activity;sid:84731631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv7"; depth:10; endswith; nocase; http.host; content:"184.174.96.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868532/; classtype:trojan-activity;sid:84731632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tadashi.x86"; depth:12; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868533/; classtype:trojan-activity;sid:84731633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tadashibotmaster.arm7"; depth:22; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868534/; classtype:trojan-activity;sid:84731634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download"; depth:9; endswith; nocase; http.host; content:"46.151.182.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868525/; classtype:trojan-activity;sid:84731625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868523/; classtype:trojan-activity;sid:84731623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"5.252.153.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868521/; classtype:trojan-activity;sid:84731621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binbattle.arm7"; depth:15; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868522/; classtype:trojan-activity;sid:84731622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i.arm7"; depth:7; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868511/; classtype:trojan-activity;sid:84731611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gaming.arm7"; depth:12; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868512/; classtype:trojan-activity;sid:84731612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.arm7"; depth:13; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868513/; classtype:trojan-activity;sid:84731613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868514/; classtype:trojan-activity;sid:84731614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lhaha.arm7"; depth:11; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868515/; classtype:trojan-activity;sid:84731615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/candy.arm7"; depth:11; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868516/; classtype:trojan-activity;sid:84731616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol.arm7"; depth:9; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868517/; classtype:trojan-activity;sid:84731617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joker.arm7"; depth:11; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868518/; classtype:trojan-activity;sid:84731618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ddoz.arm7"; depth:10; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868519/; classtype:trojan-activity;sid:84731619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tadashi.arm7"; depth:13; endswith; nocase; http.host; content:"45.11.18.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868520/; classtype:trojan-activity;sid:84731620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_302a59396fd6bb59.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868510/; classtype:trojan-activity;sid:84731610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1f8420f6b572e644.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868509/; classtype:trojan-activity;sid:84731609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d8eae6bae0a0d014.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868505/; classtype:trojan-activity;sid:84731605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_15c4fbb0658c3fd8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868506/; classtype:trojan-activity;sid:84731606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_643960b2b6504b03.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868507/; classtype:trojan-activity;sid:84731607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e45416dfbeb38fe1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868508/; classtype:trojan-activity;sid:84731608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.141.178.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868504/; classtype:trojan-activity;sid:84731604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m.png"; depth:6; endswith; nocase; http.host; content:"51.15.39.25"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868503/; classtype:trojan-activity;sid:84731603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.125.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868502/; classtype:trojan-activity;sid:84731602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.101.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868501/; classtype:trojan-activity;sid:84731601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4ac125da-b165-43f9-8ff9-2533409a7a09"; depth:47; endswith; nocase; http.host; content:"s3zzh7np.sigaribetkade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868500/; classtype:trojan-activity;sid:84731600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.38.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868499/; classtype:trojan-activity;sid:84731599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.146.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868498/; classtype:trojan-activity;sid:84731598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.201.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868497/; classtype:trojan-activity;sid:84731597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.6.212"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868496/; classtype:trojan-activity;sid:84731596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.61.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868495/; classtype:trojan-activity;sid:84731595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.227.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868494/; classtype:trojan-activity;sid:84731594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.61.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868493/; classtype:trojan-activity;sid:84731593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.226.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868492/; classtype:trojan-activity;sid:84731592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.221.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868491/; classtype:trojan-activity;sid:84731591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.146.238.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868490/; classtype:trojan-activity;sid:84731590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.134.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868489/; classtype:trojan-activity;sid:84731589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.146.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868488/; classtype:trojan-activity;sid:84731588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.38.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868487/; classtype:trojan-activity;sid:84731587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868486/; classtype:trojan-activity;sid:84731586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.168.214.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868485/; classtype:trojan-activity;sid:84731585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e5dd0f36-e327-46a2-86a0-feab81a39cb9"; depth:47; endswith; nocase; http.host; content:"xfq2kf92.angizeshfarahani.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868484/; classtype:trojan-activity;sid:84731584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.48.133"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868483/; classtype:trojan-activity;sid:84731583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.168.214.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868482/; classtype:trojan-activity;sid:84731582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.152.244"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868481/; classtype:trojan-activity;sid:84731581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.134.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868480/; classtype:trojan-activity;sid:84731580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.201.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868479/; classtype:trojan-activity;sid:84731579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.249.199.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868478/; classtype:trojan-activity;sid:84731578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.124.40"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868477/; classtype:trojan-activity;sid:84731577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.146.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868476/; classtype:trojan-activity;sid:84731576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.249.199.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868474/; classtype:trojan-activity;sid:84731574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.73.3"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868475/; classtype:trojan-activity;sid:84731575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.74.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868473/; classtype:trojan-activity;sid:84731573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.229.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868472/; classtype:trojan-activity;sid:84731572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.73.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868471/; classtype:trojan-activity;sid:84731571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"139.211.170.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868470/; classtype:trojan-activity;sid:84731570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.74.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868469/; classtype:trojan-activity;sid:84731569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.152.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868468/; classtype:trojan-activity;sid:84731568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.173.56.78"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868467/; classtype:trojan-activity;sid:84731567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868466/; classtype:trojan-activity;sid:84731566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.152.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868465/; classtype:trojan-activity;sid:84731565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868464/; classtype:trojan-activity;sid:84731564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.73.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868463/; classtype:trojan-activity;sid:84731563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.248.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868462/; classtype:trojan-activity;sid:84731562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.70.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868460/; classtype:trojan-activity;sid:84731560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.70.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868461/; classtype:trojan-activity;sid:84731561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8f400450-60ce-4df1-bf58-94d7bff91700"; depth:47; endswith; nocase; http.host; content:"ceitnaao.zamineravanshenasi.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868459/; classtype:trojan-activity;sid:84731559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=76119499-e141-4378-913d-82bedd91d884"; depth:47; endswith; nocase; http.host; content:"mlm2cm0b.yasbetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868458/; classtype:trojan-activity;sid:84731558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.190.10.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868457/; classtype:trojan-activity;sid:84731557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8c05bfc1-3c08-4bb4-a524-f1d57ccb6469"; depth:47; endswith; nocase; http.host; content:"cp45rrnx.shartplus.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868456/; classtype:trojan-activity;sid:84731556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.115.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868455/; classtype:trojan-activity;sid:84731555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.221.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868454/; classtype:trojan-activity;sid:84731554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.236.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868453/; classtype:trojan-activity;sid:84731553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.253.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868452/; classtype:trojan-activity;sid:84731552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.127.235.110"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868451/; classtype:trojan-activity;sid:84731551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.50.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868450/; classtype:trojan-activity;sid:84731550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868448/; classtype:trojan-activity;sid:84731548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.253.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868449/; classtype:trojan-activity;sid:84731549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.130.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868447/; classtype:trojan-activity;sid:84731547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.103.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868446/; classtype:trojan-activity;sid:84731546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.186.237.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868445/; classtype:trojan-activity;sid:84731545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.37.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868444/; classtype:trojan-activity;sid:84731544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.127.235.110"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868443/; classtype:trojan-activity;sid:84731543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.37.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868442/; classtype:trojan-activity;sid:84731542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868441/; classtype:trojan-activity;sid:84731541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.50.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868440/; classtype:trojan-activity;sid:84731540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.171.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868439/; classtype:trojan-activity;sid:84731539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.97.218"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868438/; classtype:trojan-activity;sid:84731538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.124.40"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868437/; classtype:trojan-activity;sid:84731537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.200.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868436/; classtype:trojan-activity;sid:84731536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.131.112"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868435/; classtype:trojan-activity;sid:84731535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.229.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868434/; classtype:trojan-activity;sid:84731534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=08008267-152d-4e5d-bce6-b717c0b128b8"; depth:47; endswith; nocase; http.host; content:"s6va4ija.asibshenasiyahya.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868433/; classtype:trojan-activity;sid:84731533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.103.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868432/; classtype:trojan-activity;sid:84731532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.184.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868431/; classtype:trojan-activity;sid:84731531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.43.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868430/; classtype:trojan-activity;sid:84731530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.97.218"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868429/; classtype:trojan-activity;sid:84731529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.171.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868428/; classtype:trojan-activity;sid:84731528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9e0a6d88-1e49-463b-8de7-60e1dffccce0"; depth:47; endswith; nocase; http.host; content:"bbzvqin8.zamineravan.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868426/; classtype:trojan-activity;sid:84731526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.120.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868427/; classtype:trojan-activity;sid:84731527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.184.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868425/; classtype:trojan-activity;sid:84731525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.123.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868424/; classtype:trojan-activity;sid:84731524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.64.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868423/; classtype:trojan-activity;sid:84731523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868422/; classtype:trojan-activity;sid:84731522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"110.37.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868421/; classtype:trojan-activity;sid:84731521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.120.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868420/; classtype:trojan-activity;sid:84731520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.172.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868419/; classtype:trojan-activity;sid:84731519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.59.117"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868418/; classtype:trojan-activity;sid:84731518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.55.141.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868417/; classtype:trojan-activity;sid:84731517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868416/; classtype:trojan-activity;sid:84731516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868415/; classtype:trojan-activity;sid:84731515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=56f774b3-8d87-4b3a-b695-3534d6c5fcd3"; depth:47; endswith; nocase; http.host; content:"g9lo26em.shartland.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868414/; classtype:trojan-activity;sid:84731514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.120.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868413/; classtype:trojan-activity;sid:84731513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.64.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868411/; classtype:trojan-activity;sid:84731511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868412/; classtype:trojan-activity;sid:84731512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.80.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868410/; classtype:trojan-activity;sid:84731510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm5"; depth:12; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868409/; classtype:trojan-activity;sid:84731509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.m68k"; depth:12; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868405/; classtype:trojan-activity;sid:84731505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm6"; depth:12; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868406/; classtype:trojan-activity;sid:84731506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86"; depth:11; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868407/; classtype:trojan-activity;sid:84731507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linnn"; depth:6; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868408/; classtype:trojan-activity;sid:84731508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.ppc"; depth:11; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868404/; classtype:trojan-activity;sid:84731504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mips"; depth:12; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868402/; classtype:trojan-activity;sid:84731502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.m68k"; depth:12; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868403/; classtype:trojan-activity;sid:84731503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mips"; depth:12; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868401/; classtype:trojan-activity;sid:84731501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86_64"; depth:14; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868400/; classtype:trojan-activity;sid:84731500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mipsel"; depth:14; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868399/; classtype:trojan-activity;sid:84731499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm8"; depth:12; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868398/; classtype:trojan-activity;sid:84731498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm8"; depth:12; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868397/; classtype:trojan-activity;sid:84731497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm5"; depth:12; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868391/; classtype:trojan-activity;sid:84731491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm6"; depth:12; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868392/; classtype:trojan-activity;sid:84731492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linnn"; depth:6; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868393/; classtype:trojan-activity;sid:84731493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mipsel"; depth:14; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868394/; classtype:trojan-activity;sid:84731494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.ppc"; depth:11; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868395/; classtype:trojan-activity;sid:84731495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86_64"; depth:14; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868396/; classtype:trojan-activity;sid:84731496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86"; depth:11; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868390/; classtype:trojan-activity;sid:84731490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.179.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868388/; classtype:trojan-activity;sid:84731488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_21; reference:url, urlhaus.abuse.ch/url/3868389/; classtype:trojan-activity;sid:84731489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7726345600/dsl2jed.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868387/; classtype:trojan-activity;sid:84731487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.61.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868386/; classtype:trojan-activity;sid:84731486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.118.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868385/; classtype:trojan-activity;sid:84731485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"219.71.131.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868384/; classtype:trojan-activity;sid:84731484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.80.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868383/; classtype:trojan-activity;sid:84731483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.94.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868382/; classtype:trojan-activity;sid:84731482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=af4da29a-f2d1-4f9e-86ca-ac457ceae7b4"; depth:47; endswith; nocase; http.host; content:"jootj2zm.zabantehrani.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868381/; classtype:trojan-activity;sid:84731481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.243.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868380/; classtype:trojan-activity;sid:84731480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.65.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868379/; classtype:trojan-activity;sid:84731479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.71.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868378/; classtype:trojan-activity;sid:84731478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.44.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868377/; classtype:trojan-activity;sid:84731477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.148.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868376/; classtype:trojan-activity;sid:84731476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.65.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868375/; classtype:trojan-activity;sid:84731475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.187.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868374/; classtype:trojan-activity;sid:84731474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.225.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868373/; classtype:trojan-activity;sid:84731473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.9.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868372/; classtype:trojan-activity;sid:84731472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.10.133.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868371/; classtype:trojan-activity;sid:84731471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.71.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868370/; classtype:trojan-activity;sid:84731470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.252.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868369/; classtype:trojan-activity;sid:84731469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.9.151"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868368/; classtype:trojan-activity;sid:84731468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5f3947b8-7bd0-4a41-b459-639acfd79669"; depth:47; endswith; nocase; http.host; content:"wc7skdzu.yakhbet.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868367/; classtype:trojan-activity;sid:84731467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.225.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868366/; classtype:trojan-activity;sid:84731466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.223.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868365/; classtype:trojan-activity;sid:84731465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.69.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868364/; classtype:trojan-activity;sid:84731464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.252.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868363/; classtype:trojan-activity;sid:84731463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.243.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868362/; classtype:trojan-activity;sid:84731462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a22b3a25-b16c-41f8-bf5b-1ee31e8dd83b"; depth:47; endswith; nocase; http.host; content:"l3q1ng7a.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868361/; classtype:trojan-activity;sid:84731461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.arm7"; depth:17; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868360/; classtype:trojan-activity;sid:84731460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gocl"; depth:5; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868359/; classtype:trojan-activity;sid:84731459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.x86_64"; depth:19; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868358/; classtype:trojan-activity;sid:84731458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.arm6"; depth:17; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868357/; classtype:trojan-activity;sid:84731457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.arm7"; depth:17; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868356/; classtype:trojan-activity;sid:84731456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.ppc"; depth:16; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868355/; classtype:trojan-activity;sid:84731455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.m68k"; depth:17; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868349/; classtype:trojan-activity;sid:84731449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.mips"; depth:17; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868350/; classtype:trojan-activity;sid:84731450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.arm"; depth:16; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868351/; classtype:trojan-activity;sid:84731451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.arm8"; depth:17; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868352/; classtype:trojan-activity;sid:84731452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.x86"; depth:16; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868353/; classtype:trojan-activity;sid:84731453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.arm5"; depth:17; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868354/; classtype:trojan-activity;sid:84731454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.148.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868348/; classtype:trojan-activity;sid:84731448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.mipsel"; depth:19; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868347/; classtype:trojan-activity;sid:84731447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.215.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868346/; classtype:trojan-activity;sid:84731446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/monero.mipsel"; depth:19; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868345/; classtype:trojan-activity;sid:84731445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.244.222"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868344/; classtype:trojan-activity;sid:84731444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.42.243.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868343/; classtype:trojan-activity;sid:84731443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"213.21.250.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868342/; classtype:trojan-activity;sid:84731442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.69.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868341/; classtype:trojan-activity;sid:84731441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.149.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868340/; classtype:trojan-activity;sid:84731440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.185.93.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868339/; classtype:trojan-activity;sid:84731439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.123.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868338/; classtype:trojan-activity;sid:84731438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7726345600/stqho73.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868335/; classtype:trojan-activity;sid:84731435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron2/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868336/; classtype:trojan-activity;sid:84731436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron3/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868337/; classtype:trojan-activity;sid:84731437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/qmgxayc.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868333/; classtype:trojan-activity;sid:84731433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron1/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868334/; classtype:trojan-activity;sid:84731434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.244.222"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868332/; classtype:trojan-activity;sid:84731432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2b5744cb-cb73-4b3b-9c62-c22db6b43ef6"; depth:47; endswith; nocase; http.host; content:"iplzbag0.shartbandi.casino"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868331/; classtype:trojan-activity;sid:84731431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.149.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868330/; classtype:trojan-activity;sid:84731430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=43e82bf4-5102-4cb0-a9fa-8d7f8d43b410"; depth:47; endswith; nocase; http.host; content:"dv4wbkrb.shart.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868329/; classtype:trojan-activity;sid:84731429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.234.150"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868328/; classtype:trojan-activity;sid:84731428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.10.144.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868327/; classtype:trojan-activity;sid:84731427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.205.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868326/; classtype:trojan-activity;sid:84731426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.10.144.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868325/; classtype:trojan-activity;sid:84731425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868323/; classtype:trojan-activity;sid:84731423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868324/; classtype:trojan-activity;sid:84731424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868322/; classtype:trojan-activity;sid:84731422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868319/; classtype:trojan-activity;sid:84731419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868320/; classtype:trojan-activity;sid:84731420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868321/; classtype:trojan-activity;sid:84731421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868318/; classtype:trojan-activity;sid:84731418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.205.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868317/; classtype:trojan-activity;sid:84731417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.255.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868316/; classtype:trojan-activity;sid:84731416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/scsi_tmf_0"; depth:16; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868315/; classtype:trojan-activity;sid:84731415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.39.250"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868312/; classtype:trojan-activity;sid:84731412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworker_u8"; depth:16; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868313/; classtype:trojan-activity;sid:84731413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kblockd0"; depth:14; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868314/; classtype:trojan-activity;sid:84731414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xfsaild_sda"; depth:17; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868310/; classtype:trojan-activity;sid:84731410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/devfreq_wq"; depth:16; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868311/; classtype:trojan-activity;sid:84731411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kswapd0"; depth:13; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868301/; classtype:trojan-activity;sid:84731401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jbd2_sda1d"; depth:16; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868302/; classtype:trojan-activity;sid:84731402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bioset0"; depth:13; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868303/; classtype:trojan-activity;sid:84731403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/edac_polld"; depth:16; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868304/; classtype:trojan-activity;sid:84731404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cfg80211d"; depth:15; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868305/; classtype:trojan-activity;sid:84731405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zswap_shrinkd"; depth:19; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868306/; classtype:trojan-activity;sid:84731406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ksoftirqd0"; depth:16; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868307/; classtype:trojan-activity;sid:84731407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rcuop_0"; depth:13; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868308/; classtype:trojan-activity;sid:84731408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ecryptfsd"; depth:15; endswith; nocase; http.host; content:"178.236.246.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868309/; classtype:trojan-activity;sid:84731409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.16.164.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868300/; classtype:trojan-activity;sid:84731400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.185.93.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868299/; classtype:trojan-activity;sid:84731399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.52.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868298/; classtype:trojan-activity;sid:84731398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.126.121.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868297/; classtype:trojan-activity;sid:84731397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.39.250"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868296/; classtype:trojan-activity;sid:84731396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.133.214.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868295/; classtype:trojan-activity;sid:84731395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e7ec3f8707f74fc5.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868294/; classtype:trojan-activity;sid:84731394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.133.214.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868293/; classtype:trojan-activity;sid:84731393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.77.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868292/; classtype:trojan-activity;sid:84731392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.52.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868291/; classtype:trojan-activity;sid:84731391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.209.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868290/; classtype:trojan-activity;sid:84731390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.148.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868289/; classtype:trojan-activity;sid:84731389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.148.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868288/; classtype:trojan-activity;sid:84731388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868279/; classtype:trojan-activity;sid:84731379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868280/; classtype:trojan-activity;sid:84731380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868281/; classtype:trojan-activity;sid:84731381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868282/; classtype:trojan-activity;sid:84731382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868283/; classtype:trojan-activity;sid:84731383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868284/; classtype:trojan-activity;sid:84731384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868285/; classtype:trojan-activity;sid:84731385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868286/; classtype:trojan-activity;sid:84731386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868287/; classtype:trojan-activity;sid:84731387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868277/; classtype:trojan-activity;sid:84731377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868278/; classtype:trojan-activity;sid:84731378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868268/; classtype:trojan-activity;sid:84731368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868269/; classtype:trojan-activity;sid:84731369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868270/; classtype:trojan-activity;sid:84731370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868271/; classtype:trojan-activity;sid:84731371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868272/; classtype:trojan-activity;sid:84731372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868273/; classtype:trojan-activity;sid:84731373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868274/; classtype:trojan-activity;sid:84731374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868275/; classtype:trojan-activity;sid:84731375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"94.249.230.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868276/; classtype:trojan-activity;sid:84731376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.245.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868267/; classtype:trojan-activity;sid:84731367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868266/; classtype:trojan-activity;sid:84731366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868265/; classtype:trojan-activity;sid:84731365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.75.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868264/; classtype:trojan-activity;sid:84731364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9f8abff7-2551-4575-835d-bced68005c79"; depth:47; endswith; nocase; http.host; content:"nonlddo9.riyazishahkilid.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868263/; classtype:trojan-activity;sid:84731363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.34.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868262/; classtype:trojan-activity;sid:84731362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.83.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868261/; classtype:trojan-activity;sid:84731361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6698df11-0d32-4e73-99f8-d80debf3d869"; depth:47; endswith; nocase; http.host; content:"liwxdd48.romabetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868260/; classtype:trojan-activity;sid:84731360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.92.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868259/; classtype:trojan-activity;sid:84731359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.168.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868258/; classtype:trojan-activity;sid:84731358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.195.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868257/; classtype:trojan-activity;sid:84731357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.73.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868256/; classtype:trojan-activity;sid:84731356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.245.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868255/; classtype:trojan-activity;sid:84731355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.83.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868254/; classtype:trojan-activity;sid:84731354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.28.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868253/; classtype:trojan-activity;sid:84731353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.168.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868252/; classtype:trojan-activity;sid:84731352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868250/; classtype:trojan-activity;sid:84731350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.73.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868251/; classtype:trojan-activity;sid:84731351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.92.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868249/; classtype:trojan-activity;sid:84731349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.195.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868248/; classtype:trojan-activity;sid:84731348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.sh4"; depth:13; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868233/; classtype:trojan-activity;sid:84731333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.armv4l"; depth:16; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868234/; classtype:trojan-activity;sid:84731334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.armv4tl"; depth:17; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868235/; classtype:trojan-activity;sid:84731335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.mips64"; depth:16; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868236/; classtype:trojan-activity;sid:84731336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.i686"; depth:14; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868237/; classtype:trojan-activity;sid:84731337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.armv5l"; depth:16; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868238/; classtype:trojan-activity;sid:84731338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.powerpc-440fp"; depth:23; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868239/; classtype:trojan-activity;sid:84731339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.powerpc"; depth:17; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868240/; classtype:trojan-activity;sid:84731340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.armv7l"; depth:16; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868241/; classtype:trojan-activity;sid:84731341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.i486"; depth:14; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868242/; classtype:trojan-activity;sid:84731342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.mips"; depth:14; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868243/; classtype:trojan-activity;sid:84731343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.armv6l"; depth:16; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868244/; classtype:trojan-activity;sid:84731344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.i586"; depth:14; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868245/; classtype:trojan-activity;sid:84731345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.m68k"; depth:14; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868246/; classtype:trojan-activity;sid:84731346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.armv4eb"; depth:17; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868247/; classtype:trojan-activity;sid:84731347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.x86_64"; depth:16; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868232/; classtype:trojan-activity;sid:84731332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.233.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868231/; classtype:trojan-activity;sid:84731331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.200.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868230/; classtype:trojan-activity;sid:84731330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.123.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868229/; classtype:trojan-activity;sid:84731329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cdd73d74-48e8-442f-b1e3-89e30b7a5e9c"; depth:47; endswith; nocase; http.host; content:"vqdtk497.bio90.football"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868228/; classtype:trojan-activity;sid:84731328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.233.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868227/; classtype:trojan-activity;sid:84731327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvst.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868226/; classtype:trojan-activity;sid:84731326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.218.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868225/; classtype:trojan-activity;sid:84731325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.77.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868224/; classtype:trojan-activity;sid:84731324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868223/; classtype:trojan-activity;sid:84731323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868222/; classtype:trojan-activity;sid:84731322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868221/; classtype:trojan-activity;sid:84731321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868219/; classtype:trojan-activity;sid:84731319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.121.79.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868220/; classtype:trojan-activity;sid:84731320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.43.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868218/; classtype:trojan-activity;sid:84731318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868217/; classtype:trojan-activity;sid:84731317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.138.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868216/; classtype:trojan-activity;sid:84731316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a2672a1a-566a-4588-aa06-c8e43d5596ae"; depth:47; endswith; nocase; http.host; content:"zuldqm04.riyaziyattajrobi.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868215/; classtype:trojan-activity;sid:84731315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cb73ba8b-9b71-4004-9a42-b0f10ed2fd0f"; depth:47; endswith; nocase; http.host; content:"o0gbvk16.winenfejar.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868214/; classtype:trojan-activity;sid:84731314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868213/; classtype:trojan-activity;sid:84731313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.190.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868212/; classtype:trojan-activity;sid:84731312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.77.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868211/; classtype:trojan-activity;sid:84731311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.12.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868210/; classtype:trojan-activity;sid:84731310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.9.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868209/; classtype:trojan-activity;sid:84731309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.41.243"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868208/; classtype:trojan-activity;sid:84731308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.190.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868207/; classtype:trojan-activity;sid:84731307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.27.4.68"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868206/; classtype:trojan-activity;sid:84731306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=36f4445b-d57c-42f2-b606-a03acd39c2bb"; depth:47; endswith; nocase; http.host; content:"lqakwmlg.taktikbetkade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868205/; classtype:trojan-activity;sid:84731305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.115.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868203/; classtype:trojan-activity;sid:84731303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.211.170.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868204/; classtype:trojan-activity;sid:84731304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868202/; classtype:trojan-activity;sid:84731302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.41.243"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868201/; classtype:trojan-activity;sid:84731301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.95.54.96"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868200/; classtype:trojan-activity;sid:84731300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868199/; classtype:trojan-activity;sid:84731299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.242.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868198/; classtype:trojan-activity;sid:84731298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868197/; classtype:trojan-activity;sid:84731297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.13.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868196/; classtype:trojan-activity;sid:84731296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.186.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868195/; classtype:trojan-activity;sid:84731295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a24bde55-3a6d-472d-9a9d-c4fe4e9e9d68"; depth:47; endswith; nocase; http.host; content:"wljus01z.tafsirnasiri.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868194/; classtype:trojan-activity;sid:84731294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.171.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868192/; classtype:trojan-activity;sid:84731292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.171.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868193/; classtype:trojan-activity;sid:84731293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.186.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868191/; classtype:trojan-activity;sid:84731291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.46.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868190/; classtype:trojan-activity;sid:84731290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868189/; classtype:trojan-activity;sid:84731289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.11.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868188/; classtype:trojan-activity;sid:84731288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=766e687f-9634-4ef4-819a-e71eaffcb591"; depth:47; endswith; nocase; http.host; content:"4q74zsh8.raftarsazmani.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868187/; classtype:trojan-activity;sid:84731287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868186/; classtype:trojan-activity;sid:84731286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.160.140.27"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868185/; classtype:trojan-activity;sid:84731285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.236.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868184/; classtype:trojan-activity;sid:84731284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.74.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868183/; classtype:trojan-activity;sid:84731283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.128.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868182/; classtype:trojan-activity;sid:84731282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868181/; classtype:trojan-activity;sid:84731281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.160.140.27"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868180/; classtype:trojan-activity;sid:84731280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.137.244.186"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868179/; classtype:trojan-activity;sid:84731279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.178.210.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868178/; classtype:trojan-activity;sid:84731278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"91.92.240.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868177/; classtype:trojan-activity;sid:84731277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"91.92.242.6"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868176/; classtype:trojan-activity;sid:84731276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"91.92.242.6"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868175/; classtype:trojan-activity;sid:84731275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=09504c92-600d-4386-9a6e-450eaf13a8b8"; depth:47; endswith; nocase; http.host; content:"58shz66o.tahlilsazeha.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868174/; classtype:trojan-activity;sid:84731274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8f2689ff-a327-4e0a-a31b-9cd5e303bed3"; depth:47; endswith; nocase; http.host; content:"zxe9u0st.sigaribetkade.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868173/; classtype:trojan-activity;sid:84731273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.70.109.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868172/; classtype:trojan-activity;sid:84731272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.178.210.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868171/; classtype:trojan-activity;sid:84731271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.224.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868170/; classtype:trojan-activity;sid:84731270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron8/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868167/; classtype:trojan-activity;sid:84731267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron7/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868168/; classtype:trojan-activity;sid:84731268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron9/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868169/; classtype:trojan-activity;sid:84731269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.39.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868166/; classtype:trojan-activity;sid:84731266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.179.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868165/; classtype:trojan-activity;sid:84731265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kshwxb.dll"; depth:11; endswith; nocase; http.host; content:"158.94.210.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868163/; classtype:trojan-activity;sid:84731263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vmlyjlrir.exe"; depth:14; endswith; nocase; http.host; content:"158.94.210.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868164/; classtype:trojan-activity;sid:84731264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.70.109.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868162/; classtype:trojan-activity;sid:84731262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.39.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868161/; classtype:trojan-activity;sid:84731261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz.sh"; depth:6; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868160/; classtype:trojan-activity;sid:84731260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/debug"; depth:9; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868159/; classtype:trojan-activity;sid:84731259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.138.16.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868158/; classtype:trojan-activity;sid:84731258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.113.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868157/; classtype:trojan-activity;sid:84731257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"193.26.115.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868156/; classtype:trojan-activity;sid:84731256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"193.26.115.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868155/; classtype:trojan-activity;sid:84731255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868154/; classtype:trojan-activity;sid:84731254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"192.159.99.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868153/; classtype:trojan-activity;sid:84731253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"192.159.99.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868152/; classtype:trojan-activity;sid:84731252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.i686"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868139/; classtype:trojan-activity;sid:84731239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.ppc"; depth:14; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868140/; classtype:trojan-activity;sid:84731240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm6"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868141/; classtype:trojan-activity;sid:84731241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.m68k"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868142/; classtype:trojan-activity;sid:84731242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.sparc"; depth:16; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868143/; classtype:trojan-activity;sid:84731243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.x86"; depth:14; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868144/; classtype:trojan-activity;sid:84731244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mpsl"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868145/; classtype:trojan-activity;sid:84731245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm5"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868146/; classtype:trojan-activity;sid:84731246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.sh4"; depth:14; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868147/; classtype:trojan-activity;sid:84731247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.mips"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868148/; classtype:trojan-activity;sid:84731248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.i586"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868149/; classtype:trojan-activity;sid:84731249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm4"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868150/; classtype:trojan-activity;sid:84731250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assailant.arm7"; depth:15; endswith; nocase; http.host; content:"203.159.90.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868151/; classtype:trojan-activity;sid:84731251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cf3f7cbc-a614-49da-926a-36cd8aea53ba"; depth:47; endswith; nocase; http.host; content:"rurhmgw2.readthisintro.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868138/; classtype:trojan-activity;sid:84731238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868137/; classtype:trojan-activity;sid:84731237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.68.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868136/; classtype:trojan-activity;sid:84731236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.156.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868135/; classtype:trojan-activity;sid:84731235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.146.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868134/; classtype:trojan-activity;sid:84731234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.68.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868133/; classtype:trojan-activity;sid:84731233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.174.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868132/; classtype:trojan-activity;sid:84731232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.208.65"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868131/; classtype:trojan-activity;sid:84731231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f1ef8854-65ee-4dd3-8a0a-345d43dd7552"; depth:47; endswith; nocase; http.host; content:"y0fm52vk.tarahisystem.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868130/; classtype:trojan-activity;sid:84731230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.208.65"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868129/; classtype:trojan-activity;sid:84731229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868128/; classtype:trojan-activity;sid:84731228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.74.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868126/; classtype:trojan-activity;sid:84731226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.224.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868127/; classtype:trojan-activity;sid:84731227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.30.109"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868125/; classtype:trojan-activity;sid:84731225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"5.252.153.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868124/; classtype:trojan-activity;sid:84731224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_396aa4593b46cf32.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868123/; classtype:trojan-activity;sid:84731223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.212.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868122/; classtype:trojan-activity;sid:84731222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"77.83.39.53"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868121/; classtype:trojan-activity;sid:84731221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"77.83.39.53"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868120/; classtype:trojan-activity;sid:84731220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=65c18bdf-2858-44da-89bd-b68adb35fd03"; depth:47; endswith; nocase; http.host; content:"txm0jrdz.rahnemayenegaresh.site"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868119/; classtype:trojan-activity;sid:84731219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"yandisk-arxiv2023.vercel.app"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868118/; classtype:trojan-activity;sid:84731218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868117/; classtype:trojan-activity;sid:84731217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"94.26.106.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868116/; classtype:trojan-activity;sid:84731216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.83.28.231"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868115/; classtype:trojan-activity;sid:84731215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"84.54.33.85"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868114/; classtype:trojan-activity;sid:84731214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"124.198.131.152"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868112/; classtype:trojan-activity;sid:84731212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"84.54.33.85"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868113/; classtype:trojan-activity;sid:84731213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"124.198.131.152"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868111/; classtype:trojan-activity;sid:84731211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"91.224.92.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868110/; classtype:trojan-activity;sid:84731210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"91.224.92.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868108/; classtype:trojan-activity;sid:84731208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.11.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868109/; classtype:trojan-activity;sid:84731209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"138.124.14.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868107/; classtype:trojan-activity;sid:84731207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"138.124.14.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868106/; classtype:trojan-activity;sid:84731206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"138.124.14.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868105/; classtype:trojan-activity;sid:84731205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"138.124.14.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868104/; classtype:trojan-activity;sid:84731204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"138.124.14.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868103/; classtype:trojan-activity;sid:84731203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.30.109"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868102/; classtype:trojan-activity;sid:84731202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868101/; classtype:trojan-activity;sid:84731201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.25.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868099/; classtype:trojan-activity;sid:84731199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.196.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868100/; classtype:trojan-activity;sid:84731200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=816bcaea-b165-41a7-b019-b56622b06566"; depth:47; endswith; nocase; http.host; content:"guo1otbf.shartplus.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868098/; classtype:trojan-activity;sid:84731198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.90.54.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868097/; classtype:trojan-activity;sid:84731197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.156.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868096/; classtype:trojan-activity;sid:84731196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868095/; classtype:trojan-activity;sid:84731195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"5.167.224.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868094/; classtype:trojan-activity;sid:84731194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"220.192.106.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868093/; classtype:trojan-activity;sid:84731193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868092/; classtype:trojan-activity;sid:84731192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.145.75"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868091/; classtype:trojan-activity;sid:84731191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868090/; classtype:trojan-activity;sid:84731190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.135.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868089/; classtype:trojan-activity;sid:84731189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.60.11"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868088/; classtype:trojan-activity;sid:84731188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ca0a10e1-15b1-489c-a27f-7703d460170c"; depth:47; endswith; nocase; http.host; content:"87khq5gx.ravabetensani.site"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868087/; classtype:trojan-activity;sid:84731187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.234.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868086/; classtype:trojan-activity;sid:84731186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.200.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868085/; classtype:trojan-activity;sid:84731185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.135.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868084/; classtype:trojan-activity;sid:84731184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868082/; classtype:trojan-activity;sid:84731182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.212.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868083/; classtype:trojan-activity;sid:84731183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0f6e2464-5512-4f2b-8517-43be4f0313ec"; depth:47; endswith; nocase; http.host; content:"77h5jddd.yek1.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868081/; classtype:trojan-activity;sid:84731181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/youtmfefoeofem"; depth:15; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868080/; classtype:trojan-activity;sid:84731180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases_v3.9.0.rar"; depth:20; endswith; nocase; http.host; content:"rbxproject.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868079/; classtype:trojan-activity;sid:84731179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"police1906work.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868078/; classtype:trojan-activity;sid:84731178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"yandisk-arxiv2023.vercel.app"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868076/; classtype:trojan-activity;sid:84731176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.146.238.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868077/; classtype:trojan-activity;sid:84731177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/md/dog_payload.png"; depth:19; endswith; nocase; http.host; content:"mamigummy.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868075/; classtype:trojan-activity;sid:84731175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.14.61.121"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868074/; classtype:trojan-activity;sid:84731174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.213.254.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868073/; classtype:trojan-activity;sid:84731173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868072/; classtype:trojan-activity;sid:84731172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.226.73"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868071/; classtype:trojan-activity;sid:84731171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.65.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868070/; classtype:trojan-activity;sid:84731170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.100.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868069/; classtype:trojan-activity;sid:84731169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.35.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868068/; classtype:trojan-activity;sid:84731168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.65.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868067/; classtype:trojan-activity;sid:84731167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.116.181"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868066/; classtype:trojan-activity;sid:84731166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.191.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868065/; classtype:trojan-activity;sid:84731165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.61.53.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868064/; classtype:trojan-activity;sid:84731164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.172.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868063/; classtype:trojan-activity;sid:84731163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b2d2ef25-684e-41f3-8551-e611e71778ee"; depth:47; endswith; nocase; http.host; content:"7cj04th6.shartland.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868062/; classtype:trojan-activity;sid:84731162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.61.53.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868061/; classtype:trojan-activity;sid:84731161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.164.238.73"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868060/; classtype:trojan-activity;sid:84731160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9f2a6de4-e120-4cc8-b431-c346378d9e6b"; depth:47; endswith; nocase; http.host; content:"7l4byl0u.mustatabashpazi.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868059/; classtype:trojan-activity;sid:84731159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5faebbf8-e155-43d4-8ca2-c27159814744"; depth:47; endswith; nocase; http.host; content:"v8xihekm.ramzfile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868058/; classtype:trojan-activity;sid:84731158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.235.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868057/; classtype:trojan-activity;sid:84731157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868056/; classtype:trojan-activity;sid:84731156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.191.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868055/; classtype:trojan-activity;sid:84731155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1d28f3ea-d3c9-4384-ba4c-6c9caf7b8125"; depth:47; endswith; nocase; http.host; content:"05jsazp3.shart.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868054/; classtype:trojan-activity;sid:84731154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.41.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868053/; classtype:trojan-activity;sid:84731153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=11373dc2-14e6-4809-a498-662efd34d650"; depth:47; endswith; nocase; http.host; content:"13i466gp.shart303.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868052/; classtype:trojan-activity;sid:84731152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.193.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868051/; classtype:trojan-activity;sid:84731151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e0a9cd24-ed90-4f22-9204-3b1509469822"; depth:47; endswith; nocase; http.host; content:"9s34xd0g.rahnemayenegaresh.site"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868049/; classtype:trojan-activity;sid:84731149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868050/; classtype:trojan-activity;sid:84731150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.83.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868048/; classtype:trojan-activity;sid:84731148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.250.17.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868047/; classtype:trojan-activity;sid:84731147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.16.118"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868046/; classtype:trojan-activity;sid:84731146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.44.137.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868045/; classtype:trojan-activity;sid:84731145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.18.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868044/; classtype:trojan-activity;sid:84731144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.250.17.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868043/; classtype:trojan-activity;sid:84731143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868042/; classtype:trojan-activity;sid:84731142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.87.152"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868041/; classtype:trojan-activity;sid:84731141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.156.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868040/; classtype:trojan-activity;sid:84731140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.251.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868039/; classtype:trojan-activity;sid:84731139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.233.57.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868037/; classtype:trojan-activity;sid:84731137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.224.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868038/; classtype:trojan-activity;sid:84731138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868036/; classtype:trojan-activity;sid:84731136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.90.54.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868035/; classtype:trojan-activity;sid:84731135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.249.199.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868034/; classtype:trojan-activity;sid:84731134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.190.23.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868033/; classtype:trojan-activity;sid:84731133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm64"; depth:10; endswith; nocase; http.host; content:"217.60.195.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868032/; classtype:trojan-activity;sid:84731132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_armv7"; depth:10; endswith; nocase; http.host; content:"217.60.195.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868031/; classtype:trojan-activity;sid:84731131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_i486"; depth:9; endswith; nocase; http.host; content:"217.60.195.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868029/; classtype:trojan-activity;sid:84731129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_x86_64"; depth:11; endswith; nocase; http.host; content:"217.60.195.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868030/; classtype:trojan-activity;sid:84731130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mips"; depth:9; endswith; nocase; http.host; content:"217.60.195.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868027/; classtype:trojan-activity;sid:84731127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mipsel"; depth:11; endswith; nocase; http.host; content:"217.60.195.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868028/; classtype:trojan-activity;sid:84731128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-irq"; depth:18; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868014/; classtype:trojan-activity;sid:84731114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-netns-rt"; depth:23; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868015/; classtype:trojan-activity;sid:84731115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-irq-bal"; depth:22; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868016/; classtype:trojan-activity;sid:84731116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-events"; depth:21; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868017/; classtype:trojan-activity;sid:84731117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-blkcg"; depth:20; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868018/; classtype:trojan-activity;sid:84731118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-netns"; depth:20; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868019/; classtype:trojan-activity;sid:84731119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd"; depth:14; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868020/; classtype:trojan-activity;sid:84731120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-rcu"; depth:18; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868021/; classtype:trojan-activity;sid:84731121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-softirq"; depth:22; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868022/; classtype:trojan-activity;sid:84731122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-cgroup"; depth:21; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868023/; classtype:trojan-activity;sid:84731123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-writeback"; depth:24; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868024/; classtype:trojan-activity;sid:84731124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-scsi"; depth:19; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868025/; classtype:trojan-activity;sid:84731125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-crypto"; depth:21; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868026/; classtype:trojan-activity;sid:84731126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/813154778115997736/1517464091013283840/xeron.zip|3f|ex=6a366010|7c|26|7c|is=6a350e90|7c|26|7c|hm=07b6a487c601d038853f191c6b407694987760cf47a367512d3ddccd86589527|7c|26|7c|"; depth:184; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868013/; classtype:trojan-activity;sid:84731113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.181.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868011/; classtype:trojan-activity;sid:84731111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msmpeng.exe"; depth:12; endswith; nocase; http.host; content:"pub-56fcfc5f11f04341a91be50cb1de6a47.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868012/; classtype:trojan-activity;sid:84731112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mips"; depth:9; endswith; nocase; http.host; content:"217.60.195.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868010/; classtype:trojan-activity;sid:84731110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miner/xmrig"; depth:12; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868008/; classtype:trojan-activity;sid:84731108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.233.57.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868009/; classtype:trojan-activity;sid:84731109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/init.sh"; depth:8; endswith; nocase; http.host; content:"91.239.211.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868007/; classtype:trojan-activity;sid:84731107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_504da931847c100c.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868001/; classtype:trojan-activity;sid:84731101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b34bc862de1448b8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868002/; classtype:trojan-activity;sid:84731102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f707d1dbd509f8bf.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868004/; classtype:trojan-activity;sid:84731104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_955d2a66642a3e71.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868005/; classtype:trojan-activity;sid:84731105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_af4a0ffcd7644ab1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868006/; classtype:trojan-activity;sid:84731106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3868000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.249.199.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3868000/; classtype:trojan-activity;sid:84731100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4c59b2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867998/; classtype:trojan-activity;sid:84731098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ddcfd4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867999/; classtype:trojan-activity;sid:84731099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72bda4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867994/; classtype:trojan-activity;sid:84731094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da546c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867995/; classtype:trojan-activity;sid:84731095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd33bf"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867996/; classtype:trojan-activity;sid:84731096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpt"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867997/; classtype:trojan-activity;sid:84731097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b8e214"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867987/; classtype:trojan-activity;sid:84731087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5abd16"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867988/; classtype:trojan-activity;sid:84731088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15497e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867989/; classtype:trojan-activity;sid:84731089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9d441f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867990/; classtype:trojan-activity;sid:84731090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f394ef"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867991/; classtype:trojan-activity;sid:84731091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3j8r"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867992/; classtype:trojan-activity;sid:84731092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z8dh"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867993/; classtype:trojan-activity;sid:84731093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keaj"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867986/; classtype:trojan-activity;sid:84731086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cliaarch"; depth:9; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867985/; classtype:trojan-activity;sid:84731085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9733be"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867983/; classtype:trojan-activity;sid:84731083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/60e7ca"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867984/; classtype:trojan-activity;sid:84731084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.x86_64"; depth:12; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867980/; classtype:trojan-activity;sid:84731080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a77a4b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867981/; classtype:trojan-activity;sid:84731081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/687662"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867982/; classtype:trojan-activity;sid:84731082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zpg"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867969/; classtype:trojan-activity;sid:84731069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jdi"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867970/; classtype:trojan-activity;sid:84731070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vaw6"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867971/; classtype:trojan-activity;sid:84731071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5nq3"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867972/; classtype:trojan-activity;sid:84731072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1v"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867973/; classtype:trojan-activity;sid:84731073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z0le"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867974/; classtype:trojan-activity;sid:84731074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k1"; depth:8; endswith; nocase; http.host; content:"hungrywifi.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867975/; classtype:trojan-activity;sid:84731075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/k2"; depth:8; endswith; nocase; http.host; content:"hungrywifi.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867976/; classtype:trojan-activity;sid:84731076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea4b7c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867977/; classtype:trojan-activity;sid:84731077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lx6k"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867978/; classtype:trojan-activity;sid:84731078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8lns"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867979/; classtype:trojan-activity;sid:84731079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef2eef"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867956/; classtype:trojan-activity;sid:84731056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc79c5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867957/; classtype:trojan-activity;sid:84731057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43f53a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867958/; classtype:trojan-activity;sid:84731058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e1d2e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867959/; classtype:trojan-activity;sid:84731059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3c82e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867960/; classtype:trojan-activity;sid:84731060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d6b5cb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867961/; classtype:trojan-activity;sid:84731061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ec8fe"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867962/; classtype:trojan-activity;sid:84731062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5fdd1d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867963/; classtype:trojan-activity;sid:84731063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/600509"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867964/; classtype:trojan-activity;sid:84731064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33f2ad"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867965/; classtype:trojan-activity;sid:84731065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf625c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867966/; classtype:trojan-activity;sid:84731066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e033b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867967/; classtype:trojan-activity;sid:84731067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb9297"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867968/; classtype:trojan-activity;sid:84731068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7b9c52"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867944/; classtype:trojan-activity;sid:84731044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7c0bf6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867945/; classtype:trojan-activity;sid:84731045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fe77a0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867946/; classtype:trojan-activity;sid:84731046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dce6c2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867947/; classtype:trojan-activity;sid:84731047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1c26c6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867948/; classtype:trojan-activity;sid:84731048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/002ba2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867949/; classtype:trojan-activity;sid:84731049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zero.x86_64"; depth:17; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867950/; classtype:trojan-activity;sid:84731050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/270644"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867951/; classtype:trojan-activity;sid:84731051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/98559a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867952/; classtype:trojan-activity;sid:84731052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lyz"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867953/; classtype:trojan-activity;sid:84731053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4fxc"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867954/; classtype:trojan-activity;sid:84731054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnnf"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867955/; classtype:trojan-activity;sid:84731055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.18.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867943/; classtype:trojan-activity;sid:84731043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.156.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867942/; classtype:trojan-activity;sid:84731042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.76.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867941/; classtype:trojan-activity;sid:84731041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.153.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867940/; classtype:trojan-activity;sid:84731040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.33.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867939/; classtype:trojan-activity;sid:84731039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867938/; classtype:trojan-activity;sid:84731038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.173.67"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867937/; classtype:trojan-activity;sid:84731037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.127.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867936/; classtype:trojan-activity;sid:84731036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=14c5924f-cc5c-482b-ad64-3c54f3af01ac"; depth:47; endswith; nocase; http.host; content:"gjjyn1c2.plinko.mobi"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867935/; classtype:trojan-activity;sid:84731035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.153.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867934/; classtype:trojan-activity;sid:84731034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.190.23.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867933/; classtype:trojan-activity;sid:84731033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.33.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867932/; classtype:trojan-activity;sid:84731032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.199.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867930/; classtype:trojan-activity;sid:84731030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.233.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867931/; classtype:trojan-activity;sid:84731031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.63.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867929/; classtype:trojan-activity;sid:84731029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.29.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867928/; classtype:trojan-activity;sid:84731028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.29.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867927/; classtype:trojan-activity;sid:84731027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bubu/bin.mipsel"; depth:16; endswith; nocase; http.host; content:"46.151.182.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867926/; classtype:trojan-activity;sid:84731026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.206.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867925/; classtype:trojan-activity;sid:84731025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867924/; classtype:trojan-activity;sid:84731024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.233.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867923/; classtype:trojan-activity;sid:84731023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.63.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867922/; classtype:trojan-activity;sid:84731022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.76.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867921/; classtype:trojan-activity;sid:84731021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.106.106"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867920/; classtype:trojan-activity;sid:84731020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.199.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867919/; classtype:trojan-activity;sid:84731019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=68ac466e-8b27-4e71-9ed1-fa6aa3370cf5"; depth:47; endswith; nocase; http.host; content:"lc5lya7l.romabetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867918/; classtype:trojan-activity;sid:84731018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.192.33"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867917/; classtype:trojan-activity;sid:84731017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.192.33"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867916/; classtype:trojan-activity;sid:84731016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.121.201"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867915/; classtype:trojan-activity;sid:84731015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.206.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867914/; classtype:trojan-activity;sid:84731014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.142.153.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867913/; classtype:trojan-activity;sid:84731013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.106.106"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867912/; classtype:trojan-activity;sid:84731012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=408ef56f-c1bb-4082-8619-28b580434ba1"; depth:47; endswith; nocase; http.host; content:"g6gib60b.raftarsazmani.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867911/; classtype:trojan-activity;sid:84731011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9e4106e1-b3ee-4342-a215-712578feb755"; depth:47; endswith; nocase; http.host; content:"0odlgi4q.motuntakhasosi.store"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867910/; classtype:trojan-activity;sid:84731010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d42075c4-e0eb-48dd-b2a4-de7db9f7a7a5"; depth:47; endswith; nocase; http.host; content:"e57ra5jx.plinkobet.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867909/; classtype:trojan-activity;sid:84731009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.12.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867908/; classtype:trojan-activity;sid:84731008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.127.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867907/; classtype:trojan-activity;sid:84731007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867906/; classtype:trojan-activity;sid:84731006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.94.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867905/; classtype:trojan-activity;sid:84731005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mipsel"; depth:12; endswith; nocase; http.host; content:"45.38.228.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867904/; classtype:trojan-activity;sid:84731004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.122.157"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867903/; classtype:trojan-activity;sid:84731003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.29.192.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867902/; classtype:trojan-activity;sid:84731002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.44.137.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867901/; classtype:trojan-activity;sid:84731001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.145.162.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867900/; classtype:trojan-activity;sid:84731000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.122.157"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867899/; classtype:trojan-activity;sid:84730999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.83.191.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867898/; classtype:trojan-activity;sid:84730998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.145.162.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867897/; classtype:trojan-activity;sid:84730997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.208.110"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867896/; classtype:trojan-activity;sid:84730996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.186.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867895/; classtype:trojan-activity;sid:84730995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.59.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867894/; classtype:trojan-activity;sid:84730994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=22fb1bab-933c-4bf8-8505-aa26e0ad0327"; depth:47; endswith; nocase; http.host; content:"0knbl1ve.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867893/; classtype:trojan-activity;sid:84730993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=61310ee4-8ffc-484b-a895-ce4c3e99c677"; depth:47; endswith; nocase; http.host; content:"ci7lslzb.enfej.win"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867892/; classtype:trojan-activity;sid:84730992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.43.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867891/; classtype:trojan-activity;sid:84730991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.15.2.207"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867890/; classtype:trojan-activity;sid:84730990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867889/; classtype:trojan-activity;sid:84730989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.69.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867888/; classtype:trojan-activity;sid:84730988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.184.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867887/; classtype:trojan-activity;sid:84730987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.4"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867886/; classtype:trojan-activity;sid:84730986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.43.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867885/; classtype:trojan-activity;sid:84730985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.5"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867884/; classtype:trojan-activity;sid:84730984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.2"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867879/; classtype:trojan-activity;sid:84730979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.11"; depth:13; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867880/; classtype:trojan-activity;sid:84730980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.13"; depth:13; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867881/; classtype:trojan-activity;sid:84730981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.12"; depth:13; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867882/; classtype:trojan-activity;sid:84730982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.9"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867883/; classtype:trojan-activity;sid:84730983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.7"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867873/; classtype:trojan-activity;sid:84730973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.10"; depth:13; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867874/; classtype:trojan-activity;sid:84730974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.8"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867875/; classtype:trojan-activity;sid:84730975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.1"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867876/; classtype:trojan-activity;sid:84730976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic3atyourdoorstep.sh"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867877/; classtype:trojan-activity;sid:84730977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.6"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867878/; classtype:trojan-activity;sid:84730978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.36.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867872/; classtype:trojan-activity;sid:84730972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.69.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867871/; classtype:trojan-activity;sid:84730971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.186.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867870/; classtype:trojan-activity;sid:84730970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.184.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_20; reference:url, urlhaus.abuse.ch/url/3867869/; classtype:trojan-activity;sid:84730969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.36.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867868/; classtype:trojan-activity;sid:84730968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.44.152.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867867/; classtype:trojan-activity;sid:84730967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.121.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867866/; classtype:trojan-activity;sid:84730966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9bac4235-18e2-4b15-914f-d6b5c569ba96"; depth:47; endswith; nocase; http.host; content:"n7yv4866.qurankarim.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867865/; classtype:trojan-activity;sid:84730965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.4.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867864/; classtype:trojan-activity;sid:84730964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_powerpc"; depth:13; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867860/; classtype:trojan-activity;sid:84730960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_x86_64"; depth:12; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867861/; classtype:trojan-activity;sid:84730961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_x86"; depth:9; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867862/; classtype:trojan-activity;sid:84730962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips-uclibc"; depth:17; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867863/; classtype:trojan-activity;sid:84730963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mipsel"; depth:12; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867852/; classtype:trojan-activity;sid:84730952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm5"; depth:10; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867853/; classtype:trojan-activity;sid:84730953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm6"; depth:10; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867854/; classtype:trojan-activity;sid:84730954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm7"; depth:10; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867855/; classtype:trojan-activity;sid:84730955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mipsel-uclibc"; depth:19; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867856/; classtype:trojan-activity;sid:84730956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_aarch64"; depth:13; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867857/; classtype:trojan-activity;sid:84730957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm4"; depth:10; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867858/; classtype:trojan-activity;sid:84730958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/womp"; depth:5; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867859/; classtype:trojan-activity;sid:84730959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips"; depth:10; endswith; nocase; http.host; content:"124.198.132.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867851/; classtype:trojan-activity;sid:84730951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867850/; classtype:trojan-activity;sid:84730950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.16.46"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867849/; classtype:trojan-activity;sid:84730949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.229.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867848/; classtype:trojan-activity;sid:84730948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.184.164"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867847/; classtype:trojan-activity;sid:84730947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.170.136.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867846/; classtype:trojan-activity;sid:84730946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.44.152.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867845/; classtype:trojan-activity;sid:84730945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.229.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867844/; classtype:trojan-activity;sid:84730944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.4.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867843/; classtype:trojan-activity;sid:84730943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/klr.exe"; depth:8; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867842/; classtype:trojan-activity;sid:84730942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6def8626-d0ec-45d8-a55e-b63acb8cbfef"; depth:47; endswith; nocase; http.host; content:"byz28tfk.rasmfani.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867841/; classtype:trojan-activity;sid:84730941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"108.170.136.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867840/; classtype:trojan-activity;sid:84730940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b5cff80e-b66c-4ff5-a889-5ad30b96a4bb"; depth:47; endswith; nocase; http.host; content:"i83pv2vx.ravabetensani.site"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867839/; classtype:trojan-activity;sid:84730939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.39.6"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867838/; classtype:trojan-activity;sid:84730938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.40.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867837/; classtype:trojan-activity;sid:84730937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.218.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867836/; classtype:trojan-activity;sid:84730936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867835/; classtype:trojan-activity;sid:84730935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.11.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867834/; classtype:trojan-activity;sid:84730934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.162.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867833/; classtype:trojan-activity;sid:84730933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.119.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867832/; classtype:trojan-activity;sid:84730932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.135.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867830/; classtype:trojan-activity;sid:84730930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.76.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867831/; classtype:trojan-activity;sid:84730931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867828/; classtype:trojan-activity;sid:84730928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.172.218.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867829/; classtype:trojan-activity;sid:84730929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.39.6"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867827/; classtype:trojan-activity;sid:84730927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.135.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867826/; classtype:trojan-activity;sid:84730926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c61cdf62-4dba-4044-b272-c9c935e2a19d"; depth:47; endswith; nocase; http.host; content:"umusdqbj.hesabdarieskandari.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867825/; classtype:trojan-activity;sid:84730925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.172.218.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867824/; classtype:trojan-activity;sid:84730924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.119.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867823/; classtype:trojan-activity;sid:84730923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.124.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867822/; classtype:trojan-activity;sid:84730922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ff151024-5d4e-49df-9a1b-a2592cd87a77"; depth:47; endswith; nocase; http.host; content:"sjn9cbzs.betvarzeshkade.online"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867821/; classtype:trojan-activity;sid:84730921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.118.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867820/; classtype:trojan-activity;sid:84730920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.155.175"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867819/; classtype:trojan-activity;sid:84730919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.129.144.42"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867818/; classtype:trojan-activity;sid:84730918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867817/; classtype:trojan-activity;sid:84730917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867816/; classtype:trojan-activity;sid:84730916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.218.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867815/; classtype:trojan-activity;sid:84730915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.40.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867814/; classtype:trojan-activity;sid:84730914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"78.38.19.237"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867813/; classtype:trojan-activity;sid:84730913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.131.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867812/; classtype:trojan-activity;sid:84730912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.166.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867811/; classtype:trojan-activity;sid:84730911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.16.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867810/; classtype:trojan-activity;sid:84730910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.166.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867809/; classtype:trojan-activity;sid:84730909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.228.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867807/; classtype:trojan-activity;sid:84730907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867808/; classtype:trojan-activity;sid:84730908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867806/; classtype:trojan-activity;sid:84730906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.181.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867805/; classtype:trojan-activity;sid:84730905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.106.25.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867804/; classtype:trojan-activity;sid:84730904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=aa879d2a-0555-45e3-8f82-e884a5c1d702"; depth:47; endswith; nocase; http.host; content:"7ooj1o3v.tarbiyateslami.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867803/; classtype:trojan-activity;sid:84730903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.166.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867802/; classtype:trojan-activity;sid:84730902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.166.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867801/; classtype:trojan-activity;sid:84730901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.16.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867800/; classtype:trojan-activity;sid:84730900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.44.18.204"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867799/; classtype:trojan-activity;sid:84730899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.84.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867798/; classtype:trojan-activity;sid:84730898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.57.125.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867797/; classtype:trojan-activity;sid:84730897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867796/; classtype:trojan-activity;sid:84730896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.8.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867795/; classtype:trojan-activity;sid:84730895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.44.18.204"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867794/; classtype:trojan-activity;sid:84730894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.162.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867793/; classtype:trojan-activity;sid:84730893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.124.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867792/; classtype:trojan-activity;sid:84730892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.57.125.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867791/; classtype:trojan-activity;sid:84730891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.162.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867790/; classtype:trojan-activity;sid:84730890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867789/; classtype:trojan-activity;sid:84730889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.34.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867788/; classtype:trojan-activity;sid:84730888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.228.109.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867787/; classtype:trojan-activity;sid:84730887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=86afe00d-8653-407b-a4e2-3d60388a4e30"; depth:47; endswith; nocase; http.host; content:"owxoxg4v.jetbetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867786/; classtype:trojan-activity;sid:84730886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.110.28"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867785/; classtype:trojan-activity;sid:84730885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.38.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867784/; classtype:trojan-activity;sid:84730884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.220.84"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867783/; classtype:trojan-activity;sid:84730883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.220.84"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867782/; classtype:trojan-activity;sid:84730882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.131.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867781/; classtype:trojan-activity;sid:84730881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=68e63799-94d1-4249-8e3e-b745c613f3e3"; depth:47; endswith; nocase; http.host; content:"4nd2h8ef.bio90.football"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867780/; classtype:trojan-activity;sid:84730880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.157.253.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867779/; classtype:trojan-activity;sid:84730879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.34.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867778/; classtype:trojan-activity;sid:84730878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"221.200.215.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867777/; classtype:trojan-activity;sid:84730877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.38.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867776/; classtype:trojan-activity;sid:84730876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.150.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867775/; classtype:trojan-activity;sid:84730875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.103.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867774/; classtype:trojan-activity;sid:84730874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.228.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867773/; classtype:trojan-activity;sid:84730873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.103.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867772/; classtype:trojan-activity;sid:84730872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massload"; depth:9; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867770/; classtype:trojan-activity;sid:84730870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toot"; depth:5; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867771/; classtype:trojan-activity;sid:84730871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867769/; classtype:trojan-activity;sid:84730869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867768/; classtype:trojan-activity;sid:84730868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867767/; classtype:trojan-activity;sid:84730867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867766/; classtype:trojan-activity;sid:84730866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867764/; classtype:trojan-activity;sid:84730864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giga.sh"; depth:8; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867765/; classtype:trojan-activity;sid:84730865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"212.193.3.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867763/; classtype:trojan-activity;sid:84730863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5928c2ac-7174-4927-afc5-2cb0973c7ff0"; depth:47; endswith; nocase; http.host; content:"jqqh90zb.usoleamoozesh.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867762/; classtype:trojan-activity;sid:84730862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e5eaaa54-1db9-4048-880c-0cb05262ad15"; depth:47; endswith; nocase; http.host; content:"s18b1z48.tarahisystem.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867761/; classtype:trojan-activity;sid:84730861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.157.253.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867760/; classtype:trojan-activity;sid:84730860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"124.95.18.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867759/; classtype:trojan-activity;sid:84730859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.242.109"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867758/; classtype:trojan-activity;sid:84730858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.157.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867757/; classtype:trojan-activity;sid:84730857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.163.107.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867756/; classtype:trojan-activity;sid:84730856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.103.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867755/; classtype:trojan-activity;sid:84730855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"42.57.233.228"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867754/; classtype:trojan-activity;sid:84730854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.241.15"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867751/; classtype:trojan-activity;sid:84730851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.165.120"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867752/; classtype:trojan-activity;sid:84730852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.230.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867753/; classtype:trojan-activity;sid:84730853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.111.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867750/; classtype:trojan-activity;sid:84730850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/kgf8sinv80cd.exe"; depth:25; endswith; nocase; http.host; content:"62.60.226.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867749/; classtype:trojan-activity;sid:84730849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cntv"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867738/; classtype:trojan-activity;sid:84730838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/udyh"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867739/; classtype:trojan-activity;sid:84730839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jgsc"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867740/; classtype:trojan-activity;sid:84730840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jzlz"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867741/; classtype:trojan-activity;sid:84730841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsxc"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867742/; classtype:trojan-activity;sid:84730842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yvsm"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867743/; classtype:trojan-activity;sid:84730843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wrab"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867744/; classtype:trojan-activity;sid:84730844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qjmh"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867745/; classtype:trojan-activity;sid:84730845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/orqq"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867746/; classtype:trojan-activity;sid:84730846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghwc"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867747/; classtype:trojan-activity;sid:84730847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fabg"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867735/; classtype:trojan-activity;sid:84730835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jthq"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867736/; classtype:trojan-activity;sid:84730836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ubgh"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867737/; classtype:trojan-activity;sid:84730837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hqut"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867734/; classtype:trojan-activity;sid:84730834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfcj"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867732/; classtype:trojan-activity;sid:84730832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libi"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867733/; classtype:trojan-activity;sid:84730833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.88.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867731/; classtype:trojan-activity;sid:84730831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.111.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867730/; classtype:trojan-activity;sid:84730830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867728/; classtype:trojan-activity;sid:84730828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/input"; depth:6; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867729/; classtype:trojan-activity;sid:84730829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.163.107.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867725/; classtype:trojan-activity;sid:84730825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nulltrafficaway/project-lab-test/releases/download/test/softwaretech"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867724/; classtype:trojan-activity;sid:84730824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nulltrafficaway/project-lab-test/refs/heads/main/config.json"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867723/; classtype:trojan-activity;sid:84730823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nulltrafficaway/project-lab-test/refs/heads/main/watchsoftware.sh"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867722/; classtype:trojan-activity;sid:84730822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1af46952e933c3eb.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867721/; classtype:trojan-activity;sid:84730821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.113.186.130"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867720/; classtype:trojan-activity;sid:84730820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.157.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867719/; classtype:trojan-activity;sid:84730819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.86.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867718/; classtype:trojan-activity;sid:84730818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.191.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867717/; classtype:trojan-activity;sid:84730817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"115.54.144.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867716/; classtype:trojan-activity;sid:84730816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nulltrafficaway/project-lab-test/refs/heads/main/deploy_softwaretech.sh"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867715/; classtype:trojan-activity;sid:84730815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.251.185.42"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867714/; classtype:trojan-activity;sid:84730814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.155.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867713/; classtype:trojan-activity;sid:84730813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.150.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867712/; classtype:trojan-activity;sid:84730812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.191.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867711/; classtype:trojan-activity;sid:84730811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.185.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867710/; classtype:trojan-activity;sid:84730810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=111233da-a24b-450a-851f-4a875af1c597"; depth:47; endswith; nocase; http.host; content:"0q26dscq.anodaz.vip"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867709/; classtype:trojan-activity;sid:84730809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.86.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867708/; classtype:trojan-activity;sid:84730808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.124.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867707/; classtype:trojan-activity;sid:84730807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.124.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867706/; classtype:trojan-activity;sid:84730806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f3789c0b-645e-4d51-b665-0ff38995e7ee"; depth:47; endswith; nocase; http.host; content:"pz5clklw.tanasobmafhumi.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867705/; classtype:trojan-activity;sid:84730805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.99.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867704/; classtype:trojan-activity;sid:84730804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.155.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867703/; classtype:trojan-activity;sid:84730803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.165.120"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867702/; classtype:trojan-activity;sid:84730802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.94.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867701/; classtype:trojan-activity;sid:84730801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86_64"; depth:11; endswith; nocase; http.host; content:"94.26.106.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867697/; classtype:trojan-activity;sid:84730797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"94.26.106.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867698/; classtype:trojan-activity;sid:84730798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"94.26.106.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867699/; classtype:trojan-activity;sid:84730799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"94.26.106.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867700/; classtype:trojan-activity;sid:84730800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"23.146.240.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867696/; classtype:trojan-activity;sid:84730796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867695/; classtype:trojan-activity;sid:84730795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867682/; classtype:trojan-activity;sid:84730782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867683/; classtype:trojan-activity;sid:84730783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867684/; classtype:trojan-activity;sid:84730784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867685/; classtype:trojan-activity;sid:84730785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867686/; classtype:trojan-activity;sid:84730786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867687/; classtype:trojan-activity;sid:84730787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867688/; classtype:trojan-activity;sid:84730788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867689/; classtype:trojan-activity;sid:84730789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867690/; classtype:trojan-activity;sid:84730790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867691/; classtype:trojan-activity;sid:84730791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867692/; classtype:trojan-activity;sid:84730792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867693/; classtype:trojan-activity;sid:84730793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"217.60.195.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867694/; classtype:trojan-activity;sid:84730794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.110.15.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867681/; classtype:trojan-activity;sid:84730781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.99.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867680/; classtype:trojan-activity;sid:84730780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8814af92-9f82-4200-9c73-faffa9eb9f5a"; depth:47; endswith; nocase; http.host; content:"2rvmsbh4.bet303.download"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867679/; classtype:trojan-activity;sid:84730779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867677/; classtype:trojan-activity;sid:84730777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867678/; classtype:trojan-activity;sid:84730778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.205.177.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867676/; classtype:trojan-activity;sid:84730776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867673/; classtype:trojan-activity;sid:84730773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867674/; classtype:trojan-activity;sid:84730774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867675/; classtype:trojan-activity;sid:84730775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867663/; classtype:trojan-activity;sid:84730763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867664/; classtype:trojan-activity;sid:84730764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867665/; classtype:trojan-activity;sid:84730765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867666/; classtype:trojan-activity;sid:84730766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867667/; classtype:trojan-activity;sid:84730767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867668/; classtype:trojan-activity;sid:84730768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867669/; classtype:trojan-activity;sid:84730769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867670/; classtype:trojan-activity;sid:84730770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867671/; classtype:trojan-activity;sid:84730771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867672/; classtype:trojan-activity;sid:84730772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/payload.sh"; depth:16; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867661/; classtype:trojan-activity;sid:84730761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867662/; classtype:trojan-activity;sid:84730762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c0d42fcd-2171-40e4-a759-9d2c5a6f9852"; depth:47; endswith; nocase; http.host; content:"fvkyh2up.testpaye.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867660/; classtype:trojan-activity;sid:84730760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867659/; classtype:trojan-activity;sid:84730759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.205.177.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867658/; classtype:trojan-activity;sid:84730758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867657/; classtype:trojan-activity;sid:84730757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867654/; classtype:trojan-activity;sid:84730754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshmips"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867655/; classtype:trojan-activity;sid:84730755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshx86"; depth:7; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867656/; classtype:trojan-activity;sid:84730756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.146.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867653/; classtype:trojan-activity;sid:84730753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshppc"; depth:7; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867649/; classtype:trojan-activity;sid:84730749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkppc"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867650/; classtype:trojan-activity;sid:84730750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsharm"; depth:7; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867651/; classtype:trojan-activity;sid:84730751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp.sh"; depth:6; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867652/; classtype:trojan-activity;sid:84730752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkmpsl"; depth:9; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867646/; classtype:trojan-activity;sid:84730746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkarm"; depth:8; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867647/; classtype:trojan-activity;sid:84730747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867648/; classtype:trojan-activity;sid:84730748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867637/; classtype:trojan-activity;sid:84730737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867638/; classtype:trojan-activity;sid:84730738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867639/; classtype:trojan-activity;sid:84730739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867640/; classtype:trojan-activity;sid:84730740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867641/; classtype:trojan-activity;sid:84730741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867642/; classtype:trojan-activity;sid:84730742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867643/; classtype:trojan-activity;sid:84730743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867644/; classtype:trojan-activity;sid:84730744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867645/; classtype:trojan-activity;sid:84730745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867636/; classtype:trojan-activity;sid:84730736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867629/; classtype:trojan-activity;sid:84730729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867630/; classtype:trojan-activity;sid:84730730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867631/; classtype:trojan-activity;sid:84730731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867632/; classtype:trojan-activity;sid:84730732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867633/; classtype:trojan-activity;sid:84730733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867634/; classtype:trojan-activity;sid:84730734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"///arm5"; depth:7; endswith; nocase; http.host; content:"194.48.251.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867635/; classtype:trojan-activity;sid:84730735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.33.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867628/; classtype:trojan-activity;sid:84730728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.118.136.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867627/; classtype:trojan-activity;sid:84730727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.11.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867626/; classtype:trojan-activity;sid:84730726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.33.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867625/; classtype:trojan-activity;sid:84730725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.118.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867624/; classtype:trojan-activity;sid:84730724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.m68k"; depth:12; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867623/; classtype:trojan-activity;sid:84730723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867616/; classtype:trojan-activity;sid:84730716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.ppc"; depth:11; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867617/; classtype:trojan-activity;sid:84730717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86"; depth:11; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867618/; classtype:trojan-activity;sid:84730718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mips"; depth:12; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867619/; classtype:trojan-activity;sid:84730719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm8"; depth:12; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867620/; classtype:trojan-activity;sid:84730720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mipsel"; depth:14; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867621/; classtype:trojan-activity;sid:84730721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i53kfwixe"; depth:10; endswith; nocase; http.host; content:"45.225.135.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867622/; classtype:trojan-activity;sid:84730722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86_64"; depth:14; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867615/; classtype:trojan-activity;sid:84730715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.sh"; depth:6; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867614/; classtype:trojan-activity;sid:84730714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.68.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867613/; classtype:trojan-activity;sid:84730713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.65.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867612/; classtype:trojan-activity;sid:84730712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.215.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867611/; classtype:trojan-activity;sid:84730711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ztnzfcdj2vgyflw"; depth:16; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867610/; classtype:trojan-activity;sid:84730710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9e94590f-2f5b-4d05-973b-c76a1edde7eb"; depth:47; endswith; nocase; http.host; content:"aygi86ej.tahlilsazeha.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867609/; classtype:trojan-activity;sid:84730709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.68.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867607/; classtype:trojan-activity;sid:84730707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.234.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867608/; classtype:trojan-activity;sid:84730708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867606/; classtype:trojan-activity;sid:84730706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.118.136.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867605/; classtype:trojan-activity;sid:84730705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system4.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867602/; classtype:trojan-activity;sid:84730702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system1.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867603/; classtype:trojan-activity;sid:84730703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system.vbs"; depth:11; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867604/; classtype:trojan-activity;sid:84730704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system5.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867600/; classtype:trojan-activity;sid:84730700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.187.101.68"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867601/; classtype:trojan-activity;sid:84730701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system5.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867599/; classtype:trojan-activity;sid:84730699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system4.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867598/; classtype:trojan-activity;sid:84730698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system3.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867596/; classtype:trojan-activity;sid:84730696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/system3.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.160.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867597/; classtype:trojan-activity;sid:84730697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.153.189"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867595/; classtype:trojan-activity;sid:84730695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener.vbs"; depth:13; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867587/; classtype:trojan-activity;sid:84730687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867588/; classtype:trojan-activity;sid:84730688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener.vbs"; depth:13; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867589/; classtype:trojan-activity;sid:84730689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proceso.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867590/; classtype:trojan-activity;sid:84730690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener1.vbs"; depth:14; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867591/; classtype:trojan-activity;sid:84730691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proceso.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867592/; classtype:trojan-activity;sid:84730692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sostener1.vbs"; depth:14; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867593/; classtype:trojan-activity;sid:84730693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.vbs"; depth:12; endswith; nocase; http.host; content:"64.89.161.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867594/; classtype:trojan-activity;sid:84730694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867586/; classtype:trojan-activity;sid:84730686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.17.5"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867585/; classtype:trojan-activity;sid:84730685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"42.233.105.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867584/; classtype:trojan-activity;sid:84730684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.js"; depth:8; endswith; nocase; http.host; content:"178.16.52.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867581/; classtype:trojan-activity;sid:84730681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.js"; depth:8; endswith; nocase; http.host; content:"178.16.52.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867582/; classtype:trojan-activity;sid:84730682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.bat"; depth:9; endswith; nocase; http.host; content:"178.16.52.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867583/; classtype:trojan-activity;sid:84730683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.vbs"; depth:9; endswith; nocase; http.host; content:"178.16.52.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867579/; classtype:trojan-activity;sid:84730679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.bat"; depth:9; endswith; nocase; http.host; content:"178.16.52.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867580/; classtype:trojan-activity;sid:84730680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.vbs"; depth:9; endswith; nocase; http.host; content:"178.16.52.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867578/; classtype:trojan-activity;sid:84730678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.25.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867577/; classtype:trojan-activity;sid:84730677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"178.205.159.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867576/; classtype:trojan-activity;sid:84730676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867575/; classtype:trojan-activity;sid:84730675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867574/; classtype:trojan-activity;sid:84730674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.11.56.90"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867573/; classtype:trojan-activity;sid:84730673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.11.56.90"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867572/; classtype:trojan-activity;sid:84730672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.145.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867571/; classtype:trojan-activity;sid:84730671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.213.68.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867570/; classtype:trojan-activity;sid:84730670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"138.226.251.29"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867569/; classtype:trojan-activity;sid:84730669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"138.226.251.29"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867568/; classtype:trojan-activity;sid:84730668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6a025d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867565/; classtype:trojan-activity;sid:84730665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f6965d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867566/; classtype:trojan-activity;sid:84730666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6299a7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867567/; classtype:trojan-activity;sid:84730667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1c4ad8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867560/; classtype:trojan-activity;sid:84730660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d11ba5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867561/; classtype:trojan-activity;sid:84730661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08102d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867562/; classtype:trojan-activity;sid:84730662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4be2ef"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867563/; classtype:trojan-activity;sid:84730663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a60eb0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867564/; classtype:trojan-activity;sid:84730664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcore.apk"; depth:15; endswith; nocase; http.host; content:"91.92.40.15"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867559/; classtype:trojan-activity;sid:84730659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867552/; classtype:trojan-activity;sid:84730652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2b44b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867553/; classtype:trojan-activity;sid:84730653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/706900"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867554/; classtype:trojan-activity;sid:84730654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/379653"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867555/; classtype:trojan-activity;sid:84730655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed0aa8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867556/; classtype:trojan-activity;sid:84730656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867557/; classtype:trojan-activity;sid:84730657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867558/; classtype:trojan-activity;sid:84730658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867548/; classtype:trojan-activity;sid:84730648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867549/; classtype:trojan-activity;sid:84730649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867550/; classtype:trojan-activity;sid:84730650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867551/; classtype:trojan-activity;sid:84730651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.95.136"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867547/; classtype:trojan-activity;sid:84730647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/therecruiter809876/liquidbounce/raw/master/downloads/liquiedbounce/liquidbounce-1.21.1-v2.0.4.jar"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867546/; classtype:trojan-activity;sid:84730646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867544/; classtype:trojan-activity;sid:84730644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867545/; classtype:trojan-activity;sid:84730645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glazed-1.21.10.jar"; depth:19; endswith; nocase; http.host; content:"downloads.glazedclients.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867541/; classtype:trojan-activity;sid:84730641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glazed-1.21.4.jar"; depth:18; endswith; nocase; http.host; content:"downloads.glazedclients.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867542/; classtype:trojan-activity;sid:84730642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glazed-1.21.11.jar"; depth:19; endswith; nocase; http.host; content:"downloads.glazedclients.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867543/; classtype:trojan-activity;sid:84730643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lezys-optimizations-1.21.11.jar"; depth:32; endswith; nocase; http.host; content:"lezysoptimizations.lovable.app"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867540/; classtype:trojan-activity;sid:84730640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.38.64.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867539/; classtype:trojan-activity;sid:84730639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_x86_64"; depth:11; endswith; nocase; http.host; content:"176.65.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867538/; classtype:trojan-activity;sid:84730638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm"; depth:8; endswith; nocase; http.host; content:"176.65.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867536/; classtype:trojan-activity;sid:84730636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_aarch64"; depth:12; endswith; nocase; http.host; content:"176.65.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867537/; classtype:trojan-activity;sid:84730637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mipsel"; depth:11; endswith; nocase; http.host; content:"176.65.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867534/; classtype:trojan-activity;sid:84730634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mips"; depth:9; endswith; nocase; http.host; content:"176.65.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867535/; classtype:trojan-activity;sid:84730635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"176.65.134.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867533/; classtype:trojan-activity;sid:84730633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/simjxtksv"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867529/; classtype:trojan-activity;sid:84730629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/rubcopfkd"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867530/; classtype:trojan-activity;sid:84730630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/dtjogcysu"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867531/; classtype:trojan-activity;sid:84730631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/zlkbnkpmc"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867532/; classtype:trojan-activity;sid:84730632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/kznpkpoyh"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867519/; classtype:trojan-activity;sid:84730619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/morormcey"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867520/; classtype:trojan-activity;sid:84730620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867521/; classtype:trojan-activity;sid:84730621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/ytaabxcxa"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867522/; classtype:trojan-activity;sid:84730622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/evpyuqbis"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867523/; classtype:trojan-activity;sid:84730623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/tdhyctkjq"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867524/; classtype:trojan-activity;sid:84730624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/nqmwdsyht"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867525/; classtype:trojan-activity;sid:84730625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/uoicjoyug"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867526/; classtype:trojan-activity;sid:84730626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/obmsxxvnc"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867527/; classtype:trojan-activity;sid:84730627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/lfpxfytvz"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867528/; classtype:trojan-activity;sid:84730628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/lqtucsxvn"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867518/; classtype:trojan-activity;sid:84730618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.31.201.20"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867517/; classtype:trojan-activity;sid:84730617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.95.136"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867516/; classtype:trojan-activity;sid:84730616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.146.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867515/; classtype:trojan-activity;sid:84730615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"212.232.22.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867514/; classtype:trojan-activity;sid:84730614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/crz.exe"; depth:17; endswith; nocase; http.host; content:"5.252.155.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867513/; classtype:trojan-activity;sid:84730613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/beb.exe"; depth:17; endswith; nocase; http.host; content:"5.252.155.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867512/; classtype:trojan-activity;sid:84730612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.153.189"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867511/; classtype:trojan-activity;sid:84730611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867510/; classtype:trojan-activity;sid:84730610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867509/; classtype:trojan-activity;sid:84730609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"193.31.201.20"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867508/; classtype:trojan-activity;sid:84730608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.38.64.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867507/; classtype:trojan-activity;sid:84730607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=19b26b7f-fe38-4016-a8a6-b85d6f133179"; depth:47; endswith; nocase; http.host; content:"kqldanpg.testdrivepaye3.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867505/; classtype:trojan-activity;sid:84730605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.67.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867506/; classtype:trojan-activity;sid:84730606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.146.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867504/; classtype:trojan-activity;sid:84730604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c89cc9cd-6f84-4aef-a327-98936d9fb796"; depth:47; endswith; nocase; http.host; content:"7p8in376.tahgigbazargan.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867503/; classtype:trojan-activity;sid:84730603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.252.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867502/; classtype:trojan-activity;sid:84730602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.208.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867501/; classtype:trojan-activity;sid:84730601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.211.209"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867500/; classtype:trojan-activity;sid:84730600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.67.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867499/; classtype:trojan-activity;sid:84730599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.72.145.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867498/; classtype:trojan-activity;sid:84730598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.116.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867497/; classtype:trojan-activity;sid:84730597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=404acca0-be0f-4ae7-87ad-710f8d51d924"; depth:47; endswith; nocase; http.host; content:"9k4etp9p.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867496/; classtype:trojan-activity;sid:84730596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867495/; classtype:trojan-activity;sid:84730595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.156.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867494/; classtype:trojan-activity;sid:84730594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.194.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867493/; classtype:trojan-activity;sid:84730593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.39.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867492/; classtype:trojan-activity;sid:84730592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=21555214-4c66-4be2-b550-6eb8d7abf589"; depth:47; endswith; nocase; http.host; content:"byvvv0is.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867491/; classtype:trojan-activity;sid:84730591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.150.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867490/; classtype:trojan-activity;sid:84730590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.101.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867489/; classtype:trojan-activity;sid:84730589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"158.255.83.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867488/; classtype:trojan-activity;sid:84730588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.247.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867487/; classtype:trojan-activity;sid:84730587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.162.192"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867486/; classtype:trojan-activity;sid:84730586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.39.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867485/; classtype:trojan-activity;sid:84730585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.156.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867484/; classtype:trojan-activity;sid:84730584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.87.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867482/; classtype:trojan-activity;sid:84730582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.58.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867483/; classtype:trojan-activity;sid:84730583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.150.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867481/; classtype:trojan-activity;sid:84730581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.36.65.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867480/; classtype:trojan-activity;sid:84730580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coraline_4.7.zip"; depth:17; endswith; nocase; http.host; content:"coraline.buzz"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867479/; classtype:trojan-activity;sid:84730579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u.sh"; depth:5; endswith; nocase; http.host; content:"91.92.40.15"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867474/; classtype:trojan-activity;sid:84730574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nshkarm5"; depth:9; endswith; nocase; http.host; content:"137.220.242.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867473/; classtype:trojan-activity;sid:84730573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test22.txt"; depth:11; endswith; nocase; http.host; content:"91.92.34.228"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867472/; classtype:trojan-activity;sid:84730572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c3e26435ae069c5c.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867468/; classtype:trojan-activity;sid:84730568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_8f3d5f27d351cf7a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867469/; classtype:trojan-activity;sid:84730569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f3f5f94ea0848af3.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867470/; classtype:trojan-activity;sid:84730570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hwkop5"; depth:7; endswith; nocase; http.host; content:"beroniw.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867471/; classtype:trojan-activity;sid:84730571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bebra.zip"; depth:10; endswith; nocase; http.host; content:"bebra-dev.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867467/; classtype:trojan-activity;sid:84730567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uqazxy4ik9ugl_quvs2tgdrlw9_026uoqqzwzirv5cthg9pqay4jt_ddos3gndf3ftu7bruxb_gipcpqhyza_utiyreo3iqsdqlag9k4nofu7j2yx9t2bp60zv7iikh_jrgnwyts-tbjyiubc3zov11mw7rt-luvx5jxxwfcovjf/g6gzegiqkdgnyf9/kiddonsmodmenu.rar"; depth:208; endswith; nocase; http.host; content:"download2300.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867466/; classtype:trojan-activity;sid:84730566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.53.208.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867465/; classtype:trojan-activity;sid:84730565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867464/; classtype:trojan-activity;sid:84730564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.94.0"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867463/; classtype:trojan-activity;sid:84730563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.148.155.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867462/; classtype:trojan-activity;sid:84730562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867461/; classtype:trojan-activity;sid:84730561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.12.25"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867460/; classtype:trojan-activity;sid:84730560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.239.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867459/; classtype:trojan-activity;sid:84730559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.211.209"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867458/; classtype:trojan-activity;sid:84730558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=61552d60-b336-4872-af31-450d86a0e1bb"; depth:47; endswith; nocase; http.host; content:"eub0atxx.tafsirnasiri.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867457/; classtype:trojan-activity;sid:84730557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.58.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867456/; classtype:trojan-activity;sid:84730556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.31.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867455/; classtype:trojan-activity;sid:84730555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.36.80.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867454/; classtype:trojan-activity;sid:84730554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.107.162.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867453/; classtype:trojan-activity;sid:84730553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.72.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867452/; classtype:trojan-activity;sid:84730552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867451/; classtype:trojan-activity;sid:84730551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.165.189.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867450/; classtype:trojan-activity;sid:84730550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.145.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867448/; classtype:trojan-activity;sid:84730548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.20.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867449/; classtype:trojan-activity;sid:84730549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.239.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867447/; classtype:trojan-activity;sid:84730547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.124.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867446/; classtype:trojan-activity;sid:84730546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867445/; classtype:trojan-activity;sid:84730545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"113.229.185.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867444/; classtype:trojan-activity;sid:84730544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.31.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867443/; classtype:trojan-activity;sid:84730543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a4f60686-52c8-488d-b828-2efa2e38ffb9"; depth:47; endswith; nocase; http.host; content:"borb5c9q.megaparikade.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867442/; classtype:trojan-activity;sid:84730542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.61.52.84"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867441/; classtype:trojan-activity;sid:84730541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.83.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867440/; classtype:trojan-activity;sid:84730540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.42.89.149"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867439/; classtype:trojan-activity;sid:84730539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.35.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867438/; classtype:trojan-activity;sid:84730538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.39.232.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867437/; classtype:trojan-activity;sid:84730537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.39.233.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867436/; classtype:trojan-activity;sid:84730536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.165.189.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867435/; classtype:trojan-activity;sid:84730535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.36.65.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867434/; classtype:trojan-activity;sid:84730534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.186.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867433/; classtype:trojan-activity;sid:84730533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.247.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867432/; classtype:trojan-activity;sid:84730532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.124.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867431/; classtype:trojan-activity;sid:84730531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.250.238"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867430/; classtype:trojan-activity;sid:84730530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.145.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867429/; classtype:trojan-activity;sid:84730529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.240.165.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867428/; classtype:trojan-activity;sid:84730528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.50.4.212"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867427/; classtype:trojan-activity;sid:84730527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.186.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867426/; classtype:trojan-activity;sid:84730526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.35.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867425/; classtype:trojan-activity;sid:84730525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"110.39.251.84"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867424/; classtype:trojan-activity;sid:84730524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.247.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867423/; classtype:trojan-activity;sid:84730523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.83.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867422/; classtype:trojan-activity;sid:84730522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"intellicaddev.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867418/; classtype:trojan-activity;sid:84730518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"intellicaddev.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867419/; classtype:trojan-activity;sid:84730519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"intellicaddev.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867420/; classtype:trojan-activity;sid:84730520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kla.sh"; depth:12; endswith; nocase; http.host; content:"intellicaddev.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867421/; classtype:trojan-activity;sid:84730521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"intellicaddev.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867415/; classtype:trojan-activity;sid:84730515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"intellicaddev.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867416/; classtype:trojan-activity;sid:84730516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"intellicaddev.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867417/; classtype:trojan-activity;sid:84730517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bebra.zip|3f|v=1781859532366|7c|26|7c|r=nl14nh"; depth:47; endswith; nocase; http.host; content:"bebra-dev.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867414/; classtype:trojan-activity;sid:84730514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.42.89.149"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867413/; classtype:trojan-activity;sid:84730513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.146.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867412/; classtype:trojan-activity;sid:84730512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1443878c027b966b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867410/; classtype:trojan-activity;sid:84730510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.213.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867407/; classtype:trojan-activity;sid:84730507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.72.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867406/; classtype:trojan-activity;sid:84730506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=42bf9821-47b1-4f86-80cf-af4340fa39b0"; depth:47; endswith; nocase; http.host; content:"i9yfz7a0.asibshenasiyahya.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867405/; classtype:trojan-activity;sid:84730505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9d0efbe7-d4fe-412d-a8a3-5340710cf3a4"; depth:47; endswith; nocase; http.host; content:"ma3ukklt.riyaziyattajrobi.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867404/; classtype:trojan-activity;sid:84730504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.231.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867403/; classtype:trojan-activity;sid:84730503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b2j"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867400/; classtype:trojan-activity;sid:84730500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0bze"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867401/; classtype:trojan-activity;sid:84730501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zlgl"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867402/; classtype:trojan-activity;sid:84730502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/254ae3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867394/; classtype:trojan-activity;sid:84730494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/235023"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867395/; classtype:trojan-activity;sid:84730495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76afeb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867396/; classtype:trojan-activity;sid:84730496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e15aec"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867397/; classtype:trojan-activity;sid:84730497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/446a81"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867398/; classtype:trojan-activity;sid:84730498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b05475"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867399/; classtype:trojan-activity;sid:84730499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6peh"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867393/; classtype:trojan-activity;sid:84730493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81d826"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867392/; classtype:trojan-activity;sid:84730492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eixv"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867379/; classtype:trojan-activity;sid:84730479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyiq"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867380/; classtype:trojan-activity;sid:84730480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/medd"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867381/; classtype:trojan-activity;sid:84730481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee8263"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867382/; classtype:trojan-activity;sid:84730482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f991c0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867383/; classtype:trojan-activity;sid:84730483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1840db"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867384/; classtype:trojan-activity;sid:84730484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59cfe2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867385/; classtype:trojan-activity;sid:84730485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/910471"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867386/; classtype:trojan-activity;sid:84730486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1b2d3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867387/; classtype:trojan-activity;sid:84730487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df1c74"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867388/; classtype:trojan-activity;sid:84730488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867389/; classtype:trojan-activity;sid:84730489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n1z"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867390/; classtype:trojan-activity;sid:84730490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867391/; classtype:trojan-activity;sid:84730491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c9780d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867354/; classtype:trojan-activity;sid:84730454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/302641"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867355/; classtype:trojan-activity;sid:84730455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a9d49"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867356/; classtype:trojan-activity;sid:84730456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e769c0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867357/; classtype:trojan-activity;sid:84730457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbc47a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867358/; classtype:trojan-activity;sid:84730458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41dc78"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867359/; classtype:trojan-activity;sid:84730459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c10abf"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867360/; classtype:trojan-activity;sid:84730460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d26a3f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867361/; classtype:trojan-activity;sid:84730461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43d27a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867362/; classtype:trojan-activity;sid:84730462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01abd5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867363/; classtype:trojan-activity;sid:84730463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d26e3d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867364/; classtype:trojan-activity;sid:84730464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3449b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867365/; classtype:trojan-activity;sid:84730465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1f642"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867366/; classtype:trojan-activity;sid:84730466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a43ade"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867367/; classtype:trojan-activity;sid:84730467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61673f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867368/; classtype:trojan-activity;sid:84730468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/038355"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867369/; classtype:trojan-activity;sid:84730469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14f32d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867370/; classtype:trojan-activity;sid:84730470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u0t"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867371/; classtype:trojan-activity;sid:84730471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n924"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867372/; classtype:trojan-activity;sid:84730472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxz"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867373/; classtype:trojan-activity;sid:84730473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867374/; classtype:trojan-activity;sid:84730474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867375/; classtype:trojan-activity;sid:84730475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ieur"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867376/; classtype:trojan-activity;sid:84730476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e8o"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867377/; classtype:trojan-activity;sid:84730477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31xd"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867378/; classtype:trojan-activity;sid:84730478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7icw"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867353/; classtype:trojan-activity;sid:84730453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/458a82"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867342/; classtype:trojan-activity;sid:84730442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e92db4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867343/; classtype:trojan-activity;sid:84730443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94785a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867344/; classtype:trojan-activity;sid:84730444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e9df60"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867345/; classtype:trojan-activity;sid:84730445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9e4ac7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867346/; classtype:trojan-activity;sid:84730446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1e87ee"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867347/; classtype:trojan-activity;sid:84730447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d401f7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867348/; classtype:trojan-activity;sid:84730448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dpt"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867349/; classtype:trojan-activity;sid:84730449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oft"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867350/; classtype:trojan-activity;sid:84730450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yj6"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867351/; classtype:trojan-activity;sid:84730451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/un7u"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867352/; classtype:trojan-activity;sid:84730452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d793a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867334/; classtype:trojan-activity;sid:84730434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7e1be0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867335/; classtype:trojan-activity;sid:84730435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fae366"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867336/; classtype:trojan-activity;sid:84730436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f98e9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867337/; classtype:trojan-activity;sid:84730437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9b4ad6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867338/; classtype:trojan-activity;sid:84730438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/377061"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867339/; classtype:trojan-activity;sid:84730439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b724e9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867340/; classtype:trojan-activity;sid:84730440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jwb"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867341/; classtype:trojan-activity;sid:84730441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4433ab"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867330/; classtype:trojan-activity;sid:84730430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdbb4d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867331/; classtype:trojan-activity;sid:84730431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cda55"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867332/; classtype:trojan-activity;sid:84730432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867333/; classtype:trojan-activity;sid:84730433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"149.71.39.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867328/; classtype:trojan-activity;sid:84730428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.60.11"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867329/; classtype:trojan-activity;sid:84730429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.213.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867327/; classtype:trojan-activity;sid:84730427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.38.2"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867326/; classtype:trojan-activity;sid:84730426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.146.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867325/; classtype:trojan-activity;sid:84730425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxleirodcxsg61.bin"; depth:19; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867324/; classtype:trojan-activity;sid:84730424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.247.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867323/; classtype:trojan-activity;sid:84730423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aonkksrm254.bin"; depth:16; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867314/; classtype:trojan-activity;sid:84730414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooqkygfdxl32.bin"; depth:17; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867315/; classtype:trojan-activity;sid:84730415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xywcuhilxzxp140.bin"; depth:20; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867316/; classtype:trojan-activity;sid:84730416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/awwfgyadb30.bin"; depth:16; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867317/; classtype:trojan-activity;sid:84730417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmjvaahyjpd126.bin"; depth:19; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867318/; classtype:trojan-activity;sid:84730418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xnjmiebb10.bin"; depth:15; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867319/; classtype:trojan-activity;sid:84730419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mbjzziu212.bin"; depth:15; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867320/; classtype:trojan-activity;sid:84730420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jqvdbnz176.bin"; depth:15; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867321/; classtype:trojan-activity;sid:84730421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vutkafzor204.bin"; depth:17; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867322/; classtype:trojan-activity;sid:84730422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cltbb236.bin"; depth:13; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867312/; classtype:trojan-activity;sid:84730412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/echupalzjdllbhvcbx194.bin"; depth:26; endswith; nocase; http.host; content:"185.29.9.117"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867313/; classtype:trojan-activity;sid:84730413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.247.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867311/; classtype:trojan-activity;sid:84730411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.180.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867310/; classtype:trojan-activity;sid:84730410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.77.13.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867309/; classtype:trojan-activity;sid:84730409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.71.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867308/; classtype:trojan-activity;sid:84730408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.99.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867307/; classtype:trojan-activity;sid:84730407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.77.13.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867306/; classtype:trojan-activity;sid:84730406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e4737f96f6127894.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867305/; classtype:trojan-activity;sid:84730405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_51e3681c11244730.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867304/; classtype:trojan-activity;sid:84730404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.99.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867303/; classtype:trojan-activity;sid:84730403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b772fa33-4296-4871-a22a-55f6d99203da"; depth:47; endswith; nocase; http.host; content:"dy6t49rl.akhlagvaahkam.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867302/; classtype:trojan-activity;sid:84730402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.142.153.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867301/; classtype:trojan-activity;sid:84730401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=12d5e589-2730-4f99-a61f-2116068a1ada"; depth:47; endswith; nocase; http.host; content:"gitoxy22.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867300/; classtype:trojan-activity;sid:84730400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e7e921ca-49eb-4e09-8114-5250b448040e"; depth:47; endswith; nocase; http.host; content:"lh7umyc5.riyazishahkilid.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867299/; classtype:trojan-activity;sid:84730399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.239.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867298/; classtype:trojan-activity;sid:84730398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.193.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867296/; classtype:trojan-activity;sid:84730396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.251.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867297/; classtype:trojan-activity;sid:84730397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.147.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867295/; classtype:trojan-activity;sid:84730395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.166.107.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867294/; classtype:trojan-activity;sid:84730394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/48/wehavetogivenbestpeoplesaroundtheworld.hta"; depth:46; endswith; nocase; http.host; content:"209.54.103.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867293/; classtype:trojan-activity;sid:84730393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.193.90.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867292/; classtype:trojan-activity;sid:84730392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.190.235.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867291/; classtype:trojan-activity;sid:84730391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.193.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867289/; classtype:trojan-activity;sid:84730389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867290/; classtype:trojan-activity;sid:84730390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.60.142"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867288/; classtype:trojan-activity;sid:84730388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.198.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867287/; classtype:trojan-activity;sid:84730387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stubin.ps1"; depth:11; endswith; nocase; http.host; content:"mail.avicennaalliedhealthinstitute.org"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867286/; classtype:trojan-activity;sid:84730386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dreamchaser.png"; depth:16; endswith; nocase; http.host; content:"23.95.103.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867285/; classtype:trojan-activity;sid:84730385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/djboynew1.png"; depth:19; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867284/; classtype:trojan-activity;sid:84730384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.147.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867283/; classtype:trojan-activity;sid:84730383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wabwl"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867282/; classtype:trojan-activity;sid:84730382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.60.142"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867281/; classtype:trojan-activity;sid:84730381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867275/; classtype:trojan-activity;sid:84730375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867276/; classtype:trojan-activity;sid:84730376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867277/; classtype:trojan-activity;sid:84730377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867278/; classtype:trojan-activity;sid:84730378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867279/; classtype:trojan-activity;sid:84730379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867280/; classtype:trojan-activity;sid:84730380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"209.131.226.113"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867270/; classtype:trojan-activity;sid:84730370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867271/; classtype:trojan-activity;sid:84730371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.219.161.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867272/; classtype:trojan-activity;sid:84730372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.92.225.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867273/; classtype:trojan-activity;sid:84730373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"91.92.42.245"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867274/; classtype:trojan-activity;sid:84730374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.82.165.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867269/; classtype:trojan-activity;sid:84730369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867268/; classtype:trojan-activity;sid:84730368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867267/; classtype:trojan-activity;sid:84730367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.65.192.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867266/; classtype:trojan-activity;sid:84730366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867261/; classtype:trojan-activity;sid:84730361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kla.sh"; depth:12; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867262/; classtype:trojan-activity;sid:84730362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867263/; classtype:trojan-activity;sid:84730363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867264/; classtype:trojan-activity;sid:84730364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.117.68.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867265/; classtype:trojan-activity;sid:84730365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.192.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867260/; classtype:trojan-activity;sid:84730360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.57.233.228"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867256/; classtype:trojan-activity;sid:84730356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.23.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867257/; classtype:trojan-activity;sid:84730357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867258/; classtype:trojan-activity;sid:84730358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.127.248.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867259/; classtype:trojan-activity;sid:84730359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.205.159.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867254/; classtype:trojan-activity;sid:84730354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.236.64.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867255/; classtype:trojan-activity;sid:84730355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"112.255.149.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867253/; classtype:trojan-activity;sid:84730353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.190.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867252/; classtype:trojan-activity;sid:84730352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"79.105.232.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867251/; classtype:trojan-activity;sid:84730351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.130.59.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867248/; classtype:trojan-activity;sid:84730348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.137.25.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867249/; classtype:trojan-activity;sid:84730349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aes.js"; depth:7; endswith; nocase; http.host; content:"ch.10001mb.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867250/; classtype:trojan-activity;sid:84730350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.137.147.29"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867242/; classtype:trojan-activity;sid:84730342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.233.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867243/; classtype:trojan-activity;sid:84730343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.98.68.61"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867244/; classtype:trojan-activity;sid:84730344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"221.13.232.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867245/; classtype:trojan-activity;sid:84730345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.186.81.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867246/; classtype:trojan-activity;sid:84730346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"27.215.143.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867247/; classtype:trojan-activity;sid:84730347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"77.110.122.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867241/; classtype:trojan-activity;sid:84730341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/813154778115997736/1517129331367739495/xeron.zip|3f|ex=6a35284b|7c|26|7c|is=6a33d6cb|7c|26|7c|hm=d57541e9827205add792e9ed914da28f405ddc2dc9b387ca4705d3fb5d4212e5|7c|26|7c|"; depth:184; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867240/; classtype:trojan-activity;sid:84730340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bebra.zip|3f|v=1781808220276|7c|26|7c|r=gxv125"; depth:47; endswith; nocase; http.host; content:"bebra-dev.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867239/; classtype:trojan-activity;sid:84730339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867238/; classtype:trojan-activity;sid:84730338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867235/; classtype:trojan-activity;sid:84730335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867236/; classtype:trojan-activity;sid:84730336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manji.arm4"; depth:11; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867237/; classtype:trojan-activity;sid:84730337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/bootsexec64.zip"; depth:24; endswith; nocase; http.host; content:"roblox-execute.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867234/; classtype:trojan-activity;sid:84730334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/0ws89whdyqvqdvz/mod_pack_x64.zip/file"; depth:43; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867233/; classtype:trojan-activity;sid:84730333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wjx3s12jlgykrl3o"; depth:17; endswith; nocase; http.host; content:"158.94.210.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867232/; classtype:trojan-activity;sid:84730332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"police1806work.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867228/; classtype:trojan-activity;sid:84730328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"doogle-pixel.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867229/; classtype:trojan-activity;sid:84730329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads"; depth:10; endswith; nocase; http.host; content:"gutiput.lol"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867230/; classtype:trojan-activity;sid:84730330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/clt7ps1jf0fdvrx/eclipsev2.1.zip/file"; depth:42; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867226/; classtype:trojan-activity;sid:84730326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/g6gzegiqkdgnyf9/kiddonsmodmenu.rar/file"; depth:45; endswith; nocase; http.host; content:"www.mediafire.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867227/; classtype:trojan-activity;sid:84730327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6d44ed9e866f2f4b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867214/; classtype:trojan-activity;sid:84730314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_768601ddd072e6a1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867215/; classtype:trojan-activity;sid:84730315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_301b2cac623503b0.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867216/; classtype:trojan-activity;sid:84730316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b3f400dc7a2ef2be.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867217/; classtype:trojan-activity;sid:84730317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4b7cf889b2d63efb.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867218/; classtype:trojan-activity;sid:84730318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fivesixone"; depth:11; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867219/; classtype:trojan-activity;sid:84730319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo."; depth:7; endswith; nocase; http.host; content:"45.153.34.153"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867220/; classtype:trojan-activity;sid:84730320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f4c7b9998333ce07.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867221/; classtype:trojan-activity;sid:84730321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_7b683994c41e1ed1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867222/; classtype:trojan-activity;sid:84730322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f3fc09c539d5e2fc.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867223/; classtype:trojan-activity;sid:84730323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b099002ce9eea2f4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867224/; classtype:trojan-activity;sid:84730324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e5e61926ff222dbb.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867225/; classtype:trojan-activity;sid:84730325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"photsjpg-archiv22god.vercel.app"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867213/; classtype:trojan-activity;sid:84730313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl600"; depth:6; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867212/; classtype:trojan-activity;sid:84730312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_78146a795d94b253.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867210/; classtype:trojan-activity;sid:84730310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/download.php"; depth:17; endswith; nocase; http.host; content:"app-cdek-online.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867211/; classtype:trojan-activity;sid:84730311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b36800b0d3cfa189.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867209/; classtype:trojan-activity;sid:84730309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.153.144"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867208/; classtype:trojan-activity;sid:84730308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.198.140.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867207/; classtype:trojan-activity;sid:84730307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.159.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867206/; classtype:trojan-activity;sid:84730306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.154.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867205/; classtype:trojan-activity;sid:84730305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.120.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867204/; classtype:trojan-activity;sid:84730304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.85.61.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867203/; classtype:trojan-activity;sid:84730303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.191.63.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867202/; classtype:trojan-activity;sid:84730302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ae7c9999-ff27-42bb-8720-65085960a798"; depth:47; endswith; nocase; http.host; content:"frptny6s.angizeshfarahani.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867201/; classtype:trojan-activity;sid:84730301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clp8.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867200/; classtype:trojan-activity;sid:84730300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.133.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867199/; classtype:trojan-activity;sid:84730299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.20.91.68"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867198/; classtype:trojan-activity;sid:84730298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.191.63.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867197/; classtype:trojan-activity;sid:84730297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.71.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867196/; classtype:trojan-activity;sid:84730296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.120.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867195/; classtype:trojan-activity;sid:84730295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.140.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867194/; classtype:trojan-activity;sid:84730294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867193/; classtype:trojan-activity;sid:84730293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.205.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867192/; classtype:trojan-activity;sid:84730292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=67689726-ca2d-4126-b5ea-992826c69a3b"; depth:47; endswith; nocase; http.host; content:"9fuqcqf6.ravabetensani.site"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867191/; classtype:trojan-activity;sid:84730291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.236.238.176"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867190/; classtype:trojan-activity;sid:84730290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.99.178.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867189/; classtype:trojan-activity;sid:84730289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.236.238.176"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867188/; classtype:trojan-activity;sid:84730288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.226.176.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867187/; classtype:trojan-activity;sid:84730287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.220.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867186/; classtype:trojan-activity;sid:84730286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.226.176.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867185/; classtype:trojan-activity;sid:84730285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867184/; classtype:trojan-activity;sid:84730284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.140.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867183/; classtype:trojan-activity;sid:84730283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.167.39.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867182/; classtype:trojan-activity;sid:84730282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/descargas/up.exe"; depth:17; endswith; nocase; http.host; content:"biologus.shop"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867181/; classtype:trojan-activity;sid:84730281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.205.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867180/; classtype:trojan-activity;sid:84730280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867179/; classtype:trojan-activity;sid:84730279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron4/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867178/; classtype:trojan-activity;sid:84730278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867177/; classtype:trojan-activity;sid:84730277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867176/; classtype:trojan-activity;sid:84730276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.87.15.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867174/; classtype:trojan-activity;sid:84730274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.220.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867175/; classtype:trojan-activity;sid:84730275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.100.232"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867173/; classtype:trojan-activity;sid:84730273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.87.15.73"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867172/; classtype:trojan-activity;sid:84730272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=14a4ad34-78c1-48a1-b1ad-ed580f6a39bd"; depth:47; endswith; nocase; http.host; content:"aulvud5j.dancebetyek.app"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867171/; classtype:trojan-activity;sid:84730271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.226.209.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867170/; classtype:trojan-activity;sid:84730270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.226.209.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867169/; classtype:trojan-activity;sid:84730269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.61.230.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867168/; classtype:trojan-activity;sid:84730268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.16.164.112"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867167/; classtype:trojan-activity;sid:84730267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867166/; classtype:trojan-activity;sid:84730266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.61.230.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867165/; classtype:trojan-activity;sid:84730265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867164/; classtype:trojan-activity;sid:84730264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.77.63.52"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867163/; classtype:trojan-activity;sid:84730263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867162/; classtype:trojan-activity;sid:84730262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.29.143.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867161/; classtype:trojan-activity;sid:84730261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.118.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867160/; classtype:trojan-activity;sid:84730260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.101.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867159/; classtype:trojan-activity;sid:84730259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.42.117"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867158/; classtype:trojan-activity;sid:84730258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.116.178"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867157/; classtype:trojan-activity;sid:84730257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.68.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867156/; classtype:trojan-activity;sid:84730256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cc93a7aa-e05e-4db3-80c6-4480c673e63a"; depth:47; endswith; nocase; http.host; content:"x69rs3qk.rasmfani.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867155/; classtype:trojan-activity;sid:84730255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.42.117"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867154/; classtype:trojan-activity;sid:84730254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.249.100.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867153/; classtype:trojan-activity;sid:84730253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.77.63.52"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867152/; classtype:trojan-activity;sid:84730252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.243.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867151/; classtype:trojan-activity;sid:84730251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.243.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867150/; classtype:trojan-activity;sid:84730250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867149/; classtype:trojan-activity;sid:84730249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c7740357-9d4a-4959-ac5d-ebbe363f2635"; depth:47; endswith; nocase; http.host; content:"60e6of1k.akhbarsport.info"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867148/; classtype:trojan-activity;sid:84730248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867147/; classtype:trojan-activity;sid:84730247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.24.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867146/; classtype:trojan-activity;sid:84730246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867145/; classtype:trojan-activity;sid:84730245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.150.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867144/; classtype:trojan-activity;sid:84730244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.170.56"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867143/; classtype:trojan-activity;sid:84730243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867142/; classtype:trojan-activity;sid:84730242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e7de44f3-837b-4bff-b1d3-35cf4d2d26d7"; depth:47; endswith; nocase; http.host; content:"w5kaz0nm.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867141/; classtype:trojan-activity;sid:84730241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.121.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867140/; classtype:trojan-activity;sid:84730240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867139/; classtype:trojan-activity;sid:84730239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.25.248"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867137/; classtype:trojan-activity;sid:84730237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.198.140.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867138/; classtype:trojan-activity;sid:84730238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.114.153.144"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867136/; classtype:trojan-activity;sid:84730236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.198.75"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867135/; classtype:trojan-activity;sid:84730235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.93.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867134/; classtype:trojan-activity;sid:84730234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.26.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867133/; classtype:trojan-activity;sid:84730233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.95.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867132/; classtype:trojan-activity;sid:84730232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.153"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867131/; classtype:trojan-activity;sid:84730231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.29.143.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867130/; classtype:trojan-activity;sid:84730230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=865f1e0c-c400-4c11-9720-4228bd4b14ff"; depth:47; endswith; nocase; http.host; content:"v4niq74d.daf.bet"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867129/; classtype:trojan-activity;sid:84730229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.137.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867128/; classtype:trojan-activity;sid:84730228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron6/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867127/; classtype:trojan-activity;sid:84730227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c5beda80-4e0e-40d4-8d6f-b78c3a04ec2b"; depth:47; endswith; nocase; http.host; content:"hf9o1qtn.kir.bet"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867126/; classtype:trojan-activity;sid:84730226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron5/file.exe"; depth:15; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867125/; classtype:trojan-activity;sid:84730225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.186.81.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867123/; classtype:trojan-activity;sid:84730223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.87.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867124/; classtype:trojan-activity;sid:84730224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.243.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867122/; classtype:trojan-activity;sid:84730222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.69.180"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_19; reference:url, urlhaus.abuse.ch/url/3867121/; classtype:trojan-activity;sid:84730221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.17.5"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867120/; classtype:trojan-activity;sid:84730220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.191.193.63"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867119/; classtype:trojan-activity;sid:84730219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.191.193.63"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867118/; classtype:trojan-activity;sid:84730218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.69.180"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867117/; classtype:trojan-activity;sid:84730217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.24.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867116/; classtype:trojan-activity;sid:84730216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"140.237.38.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867115/; classtype:trojan-activity;sid:84730215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.93.78"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867114/; classtype:trojan-activity;sid:84730214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.186.228.189"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867113/; classtype:trojan-activity;sid:84730213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.3"; depth:12; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867112/; classtype:trojan-activity;sid:84730212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b7693c52-3c6d-491f-9e3d-ec9501d1327b"; depth:47; endswith; nocase; http.host; content:"io7yo39n.enfejkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867111/; classtype:trojan-activity;sid:84730211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.13.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867110/; classtype:trojan-activity;sid:84730210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.244.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867109/; classtype:trojan-activity;sid:84730209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867108/; classtype:trojan-activity;sid:84730208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.244.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867107/; classtype:trojan-activity;sid:84730207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867106/; classtype:trojan-activity;sid:84730206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"140.237.38.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867105/; classtype:trojan-activity;sid:84730205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.175.114.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867104/; classtype:trojan-activity;sid:84730204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.186.228.189"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867103/; classtype:trojan-activity;sid:84730203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.95.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867102/; classtype:trojan-activity;sid:84730202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.180.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867101/; classtype:trojan-activity;sid:84730201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.243.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867100/; classtype:trojan-activity;sid:84730200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.13.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867099/; classtype:trojan-activity;sid:84730199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867098/; classtype:trojan-activity;sid:84730198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0f9c8042-5fa4-4b74-ba20-0d3e8f821a6c"; depth:47; endswith; nocase; http.host; content:"lgoanndm.betvarzeshkade.online"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867097/; classtype:trojan-activity;sid:84730197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.229.225.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867096/; classtype:trojan-activity;sid:84730196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dd0b0a39-c5b1-4487-9123-89ca07d321be"; depth:47; endswith; nocase; http.host; content:"5hgxfy2r.pishbinibet.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867095/; classtype:trojan-activity;sid:84730195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.163.52.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867094/; classtype:trojan-activity;sid:84730194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.243.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867093/; classtype:trojan-activity;sid:84730193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.159.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867092/; classtype:trojan-activity;sid:84730192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.159.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867091/; classtype:trojan-activity;sid:84730191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e6bf3d39-7853-48f7-8c61-f140f8bf8b05"; depth:47; endswith; nocase; http.host; content:"conu6dbe.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867090/; classtype:trojan-activity;sid:84730190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9965da49-1775-4125-8384-6f641c2607af"; depth:47; endswith; nocase; http.host; content:"1qmi6vxn.hesabdarinoravesh.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867089/; classtype:trojan-activity;sid:84730189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/49.elf"; depth:7; endswith; nocase; http.host; content:"64.89.163.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867088/; classtype:trojan-activity;sid:84730188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.174.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867087/; classtype:trojan-activity;sid:84730187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=626dd819-6fff-4d9c-86e4-df3c06021934"; depth:47; endswith; nocase; http.host; content:"es23okhi.enfej.win"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867086/; classtype:trojan-activity;sid:84730186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.248.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867085/; classtype:trojan-activity;sid:84730185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867084/; classtype:trojan-activity;sid:84730184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7c6e64a6-a318-466e-8a2f-53b2ef8adad7"; depth:47; endswith; nocase; http.host; content:"ef1q7686.enfej.win"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867083/; classtype:trojan-activity;sid:84730183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.10.132.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867082/; classtype:trojan-activity;sid:84730182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867081/; classtype:trojan-activity;sid:84730181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.206.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867080/; classtype:trojan-activity;sid:84730180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.170.56"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867079/; classtype:trojan-activity;sid:84730179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.96.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867078/; classtype:trojan-activity;sid:84730178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.1.26.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867077/; classtype:trojan-activity;sid:84730177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.206.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867076/; classtype:trojan-activity;sid:84730176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.203.77"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867075/; classtype:trojan-activity;sid:84730175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d20990b3-6eb4-4086-95fc-60db3a52a033"; depth:47; endswith; nocase; http.host; content:"pfoleggz.enfejwin.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867074/; classtype:trojan-activity;sid:84730174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.193.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867073/; classtype:trojan-activity;sid:84730173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.226.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867072/; classtype:trojan-activity;sid:84730172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.1.26.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867071/; classtype:trojan-activity;sid:84730171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.193.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867070/; classtype:trojan-activity;sid:84730170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.203.77"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867069/; classtype:trojan-activity;sid:84730169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.193.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867068/; classtype:trojan-activity;sid:84730168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.186.81.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867067/; classtype:trojan-activity;sid:84730167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.232.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867066/; classtype:trojan-activity;sid:84730166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.193.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867065/; classtype:trojan-activity;sid:84730165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.103.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867064/; classtype:trojan-activity;sid:84730164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dc2ce220-5b5a-45bb-a17e-4b6153606766"; depth:47; endswith; nocase; http.host; content:"inv527xk.testpaye.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867063/; classtype:trojan-activity;sid:84730163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6e0ff5c7-4934-406f-93c6-77da3bf07ca4"; depth:47; endswith; nocase; http.host; content:"2wr0b5x0.jetbetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867062/; classtype:trojan-activity;sid:84730162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.232.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867061/; classtype:trojan-activity;sid:84730161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.195.234.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867060/; classtype:trojan-activity;sid:84730160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.55.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867059/; classtype:trojan-activity;sid:84730159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.202.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867058/; classtype:trojan-activity;sid:84730158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.195.234.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867057/; classtype:trojan-activity;sid:84730157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.31.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867056/; classtype:trojan-activity;sid:84730156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=424a5514-6703-4837-9efc-502cfdde7a12"; depth:47; endswith; nocase; http.host; content:"4hjech32.helabetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867055/; classtype:trojan-activity;sid:84730155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.55.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867054/; classtype:trojan-activity;sid:84730154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.94.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867053/; classtype:trojan-activity;sid:84730153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.31.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867052/; classtype:trojan-activity;sid:84730152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crpo"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867037/; classtype:trojan-activity;sid:84730137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kajq"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867038/; classtype:trojan-activity;sid:84730138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbmd"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867039/; classtype:trojan-activity;sid:84730139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aelo"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867040/; classtype:trojan-activity;sid:84730140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hpab"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867041/; classtype:trojan-activity;sid:84730141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyee"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867042/; classtype:trojan-activity;sid:84730142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drmf"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867043/; classtype:trojan-activity;sid:84730143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yqgs"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867044/; classtype:trojan-activity;sid:84730144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lnru"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867045/; classtype:trojan-activity;sid:84730145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fnmc"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867046/; classtype:trojan-activity;sid:84730146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kcvw"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867047/; classtype:trojan-activity;sid:84730147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tkjd"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867048/; classtype:trojan-activity;sid:84730148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pjku"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867049/; classtype:trojan-activity;sid:84730149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohbe"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867050/; classtype:trojan-activity;sid:84730150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gnyb"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867051/; classtype:trojan-activity;sid:84730151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsym"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867036/; classtype:trojan-activity;sid:84730136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df2f82"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867031/; classtype:trojan-activity;sid:84730131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab0dc5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867032/; classtype:trojan-activity;sid:84730132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x42n"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867033/; classtype:trojan-activity;sid:84730133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7be221"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867034/; classtype:trojan-activity;sid:84730134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/51d33e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867035/; classtype:trojan-activity;sid:84730135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pivb"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867009/; classtype:trojan-activity;sid:84730109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4eb8a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867010/; classtype:trojan-activity;sid:84730110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/990398"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867011/; classtype:trojan-activity;sid:84730111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m4q"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867012/; classtype:trojan-activity;sid:84730112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1l0y"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867013/; classtype:trojan-activity;sid:84730113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd29b1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867014/; classtype:trojan-activity;sid:84730114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/310fe4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867015/; classtype:trojan-activity;sid:84730115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmil"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867016/; classtype:trojan-activity;sid:84730116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5c844"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867017/; classtype:trojan-activity;sid:84730117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52c59c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867018/; classtype:trojan-activity;sid:84730118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zbc"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867019/; classtype:trojan-activity;sid:84730119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a098f9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867020/; classtype:trojan-activity;sid:84730120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f0"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867021/; classtype:trojan-activity;sid:84730121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e30j"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867022/; classtype:trojan-activity;sid:84730122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8df859"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867023/; classtype:trojan-activity;sid:84730123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f514e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867024/; classtype:trojan-activity;sid:84730124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohrk"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867025/; classtype:trojan-activity;sid:84730125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pil"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867026/; classtype:trojan-activity;sid:84730126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f42d9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867027/; classtype:trojan-activity;sid:84730127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ymsr"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867028/; classtype:trojan-activity;sid:84730128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d1781"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867029/; classtype:trojan-activity;sid:84730129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3eca8e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867030/; classtype:trojan-activity;sid:84730130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbko"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867003/; classtype:trojan-activity;sid:84730103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43304b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867004/; classtype:trojan-activity;sid:84730104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83e595"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867005/; classtype:trojan-activity;sid:84730105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08b8a5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867006/; classtype:trojan-activity;sid:84730106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wicks.aarch64"; depth:14; endswith; nocase; http.host; content:"176.65.139.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867007/; classtype:trojan-activity;sid:84730107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wkj"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867008/; classtype:trojan-activity;sid:84730108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72b39d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867002/; classtype:trojan-activity;sid:84730102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fef62b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867000/; classtype:trojan-activity;sid:84730100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3867001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16a440"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3867001/; classtype:trojan-activity;sid:84730101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"static.26.134.83.5.clients.ryzehosting.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866999/; classtype:trojan-activity;sid:84730099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/124ab7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866997/; classtype:trojan-activity;sid:84730097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ae43a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866998/; classtype:trojan-activity;sid:84730098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.248.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866996/; classtype:trojan-activity;sid:84730096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.171.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866995/; classtype:trojan-activity;sid:84730095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.253.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866994/; classtype:trojan-activity;sid:84730094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a5ce5f0e-b320-4959-b8a2-73b47dc421ce"; depth:47; endswith; nocase; http.host; content:"k7mqynmb.hesabdarieskandari.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866993/; classtype:trojan-activity;sid:84730093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.173"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866992/; classtype:trojan-activity;sid:84730092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.122.119.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866991/; classtype:trojan-activity;sid:84730091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.173"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866990/; classtype:trojan-activity;sid:84730090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.5.206"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866988/; classtype:trojan-activity;sid:84730088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.171.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866989/; classtype:trojan-activity;sid:84730089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clp5.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866987/; classtype:trojan-activity;sid:84730087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm"; depth:11; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866986/; classtype:trojan-activity;sid:84730086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm7"; depth:12; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866985/; classtype:trojan-activity;sid:84730085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.5.206"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866984/; classtype:trojan-activity;sid:84730084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1a45c585-4e5d-4690-812c-d91c06142ebb"; depth:47; endswith; nocase; http.host; content:"erby3ts4.pornbet.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866983/; classtype:trojan-activity;sid:84730083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0484f84f-c5dd-47de-a8e3-91e0e616ea5e"; depth:47; endswith; nocase; http.host; content:"jam3b5k6.enfejarland.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866982/; classtype:trojan-activity;sid:84730082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.95.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866981/; classtype:trojan-activity;sid:84730081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.233.57.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866980/; classtype:trojan-activity;sid:84730080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.194.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866979/; classtype:trojan-activity;sid:84730079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.177.247.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866978/; classtype:trojan-activity;sid:84730078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.66.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866977/; classtype:trojan-activity;sid:84730077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5b37fd1e-b2ff-467d-ab24-fd8a402cc0e0"; depth:47; endswith; nocase; http.host; content:"zt7vrheg.bio90.football"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866976/; classtype:trojan-activity;sid:84730076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866975/; classtype:trojan-activity;sid:84730075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866973/; classtype:trojan-activity;sid:84730073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmips"; depth:6; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866974/; classtype:trojan-activity;sid:84730074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.192.106.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866972/; classtype:trojan-activity;sid:84730072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.194.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866971/; classtype:trojan-activity;sid:84730071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.177.247.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866970/; classtype:trojan-activity;sid:84730070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.66.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866969/; classtype:trojan-activity;sid:84730069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.243.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866968/; classtype:trojan-activity;sid:84730068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.243.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866967/; classtype:trojan-activity;sid:84730067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"170.233.57.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866966/; classtype:trojan-activity;sid:84730066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.180.1"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866965/; classtype:trojan-activity;sid:84730065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.238.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866964/; classtype:trojan-activity;sid:84730064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.180.1"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866963/; classtype:trojan-activity;sid:84730063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"176.65.139.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866958/; classtype:trojan-activity;sid:84730058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wicks.mips"; depth:11; endswith; nocase; http.host; content:"176.65.139.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866959/; classtype:trojan-activity;sid:84730059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wicks.armv6l"; depth:13; endswith; nocase; http.host; content:"176.65.139.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866960/; classtype:trojan-activity;sid:84730060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wicks.armv7l"; depth:13; endswith; nocase; http.host; content:"176.65.139.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866961/; classtype:trojan-activity;sid:84730061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wicks.mipsel"; depth:13; endswith; nocase; http.host; content:"176.65.139.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866962/; classtype:trojan-activity;sid:84730062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.59.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866957/; classtype:trojan-activity;sid:84730057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.163.233.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866956/; classtype:trojan-activity;sid:84730056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.152.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866955/; classtype:trojan-activity;sid:84730055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.192.106.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866954/; classtype:trojan-activity;sid:84730054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trievrota/common-ground-world-crypto-game-token-api/zip/refs/heads/main"; depth:72; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866953/; classtype:trojan-activity;sid:84730053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"115.57.80.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866950/; classtype:trojan-activity;sid:84730050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gentledeshut/valorant-external-latest-3-0/zip/refs/tags/valorant-external"; depth:74; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866951/; classtype:trojan-activity;sid:84730051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.23.238.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866952/; classtype:trojan-activity;sid:84730052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_703b8967a7b9069f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866949/; classtype:trojan-activity;sid:84730049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.238.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866948/; classtype:trojan-activity;sid:84730048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4d940804-38f5-4140-87f2-e4b52caeb0a7"; depth:47; endswith; nocase; http.host; content:"8u88xbeq.pinbahiskade.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866947/; classtype:trojan-activity;sid:84730047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.255.195.87"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866946/; classtype:trojan-activity;sid:84730046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.91.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866945/; classtype:trojan-activity;sid:84730045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.163.233.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866944/; classtype:trojan-activity;sid:84730044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.255.195.87"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866943/; classtype:trojan-activity;sid:84730043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.137.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866942/; classtype:trojan-activity;sid:84730042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/download/1542-vortex-valorant"; depth:34; endswith; nocase; http.host; content:"keitarosofts.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866940/; classtype:trojan-activity;sid:84730040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glyreban/mines-predictor-casino-strategies/archive/refs/heads/main.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866941/; classtype:trojan-activity;sid:84730041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.254.100.216"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866938/; classtype:trojan-activity;sid:84730038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/draxatihm/ethercrash.io-casino-predictor-strategies/zip/refs/heads/main"; depth:72; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866939/; classtype:trojan-activity;sid:84730039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866936/; classtype:trojan-activity;sid:84730036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"219.68.168.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866937/; classtype:trojan-activity;sid:84730037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866935/; classtype:trojan-activity;sid:84730035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.91.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866934/; classtype:trojan-activity;sid:84730034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.137.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866933/; classtype:trojan-activity;sid:84730033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=034cc23a-1f89-4f26-afdf-22448512a3e6"; depth:47; endswith; nocase; http.host; content:"5zn1z0hp.dancebetyek.app"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866932/; classtype:trojan-activity;sid:84730032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.251.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866931/; classtype:trojan-activity;sid:84730031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.244.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866929/; classtype:trojan-activity;sid:84730029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.244.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866930/; classtype:trojan-activity;sid:84730030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.36.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866928/; classtype:trojan-activity;sid:84730028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ugscx3c83agbgdnortfner-hv852ff5ngxai68s75cywwz9dhqgvpq8kupi3ygydoa9v-0u4qag_7e3qhw_uqwlho15lobd00ffeqzpzmv9o3x7n6fj1b08znopqrx0fkwmxedxxpbndl05drbcbkqzsjusdftglunfodhmi9qc/pxcq0m6o5gcbwh9/%d0%92%d0%be%d0%best%d0%b0%d1%80%d1%80%d0%b5%d0%b3_%5b8.1.3%5d_%5bupd%5d_%d1%8564.zip"; depth:275; endswith; nocase; http.host; content:"download2349.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866927/; classtype:trojan-activity;sid:84730027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7adcf1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866920/; classtype:trojan-activity;sid:84730020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/873a79"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866921/; classtype:trojan-activity;sid:84730021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4df5fe"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866922/; classtype:trojan-activity;sid:84730022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7cccd1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866923/; classtype:trojan-activity;sid:84730023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81d124"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866924/; classtype:trojan-activity;sid:84730024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3db386"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866925/; classtype:trojan-activity;sid:84730025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a06bbb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866926/; classtype:trojan-activity;sid:84730026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3355b8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866910/; classtype:trojan-activity;sid:84730010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a41a5a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866911/; classtype:trojan-activity;sid:84730011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45720d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866912/; classtype:trojan-activity;sid:84730012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5d4d91"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866913/; classtype:trojan-activity;sid:84730013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf835c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866914/; classtype:trojan-activity;sid:84730014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7382e4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866915/; classtype:trojan-activity;sid:84730015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2603c9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866916/; classtype:trojan-activity;sid:84730016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/571a19"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866917/; classtype:trojan-activity;sid:84730017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0fea12"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866918/; classtype:trojan-activity;sid:84730018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/parm7"; depth:9; endswith; nocase; http.host; content:"162.248.101.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866919/; classtype:trojan-activity;sid:84730019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c64fb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866902/; classtype:trojan-activity;sid:84730002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e7cbc2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866903/; classtype:trojan-activity;sid:84730003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/792899"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866904/; classtype:trojan-activity;sid:84730004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a38664"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866905/; classtype:trojan-activity;sid:84730005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6dc28"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866906/; classtype:trojan-activity;sid:84730006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca36ac"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866907/; classtype:trojan-activity;sid:84730007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fee87f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866908/; classtype:trojan-activity;sid:84730008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9b8a04"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866909/; classtype:trojan-activity;sid:84730009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g01q2agx8ydghfptvosvhu7vlve1oa1e-tc3wxchgyb9bgdzhihs1zhvn6-dtcimpbzhi3bwz2kytkqqwgx9hllp8bytls6qt5eygrfz1idzq_n0lq0br0qt0p6ajffcc1xpmonwe9bwaro0nfqkj0309rl6go9rkjunaxid94eh/0ws89whdyqvqdvz/mod_pack_x64.zip"; depth:206; endswith; nocase; http.host; content:"download2281.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866901/; classtype:trojan-activity;sid:84730001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_861cc2bd1b250648.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866900/; classtype:trojan-activity;sid:84730000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.141.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866899/; classtype:trojan-activity;sid:84729999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gb3n"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866897/; classtype:trojan-activity;sid:84729997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xz68"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866898/; classtype:trojan-activity;sid:84729998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bad254"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866885/; classtype:trojan-activity;sid:84729985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7aa159"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866886/; classtype:trojan-activity;sid:84729986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77f8d7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866887/; classtype:trojan-activity;sid:84729987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9fd15c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866888/; classtype:trojan-activity;sid:84729988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/314e0c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866889/; classtype:trojan-activity;sid:84729989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19aaf8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866890/; classtype:trojan-activity;sid:84729990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/71f048"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866891/; classtype:trojan-activity;sid:84729991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/033c83"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866892/; classtype:trojan-activity;sid:84729992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.arm6"; depth:24; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866893/; classtype:trojan-activity;sid:84729993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.arm"; depth:23; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866894/; classtype:trojan-activity;sid:84729994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bee8c3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866895/; classtype:trojan-activity;sid:84729995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.ppc"; depth:23; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866896/; classtype:trojan-activity;sid:84729996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/028bc9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866882/; classtype:trojan-activity;sid:84729982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d3cdea"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866883/; classtype:trojan-activity;sid:84729983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e94217"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866884/; classtype:trojan-activity;sid:84729984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enzd"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866867/; classtype:trojan-activity;sid:84729967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/378006"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866868/; classtype:trojan-activity;sid:84729968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31d38d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866869/; classtype:trojan-activity;sid:84729969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f46ae"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866870/; classtype:trojan-activity;sid:84729970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bedade"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866871/; classtype:trojan-activity;sid:84729971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.m68k"; depth:24; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866872/; classtype:trojan-activity;sid:84729972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dba395"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866873/; classtype:trojan-activity;sid:84729973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7c1260"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866874/; classtype:trojan-activity;sid:84729974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.spc"; depth:23; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866875/; classtype:trojan-activity;sid:84729975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k3u"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866876/; classtype:trojan-activity;sid:84729976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f778bb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866877/; classtype:trojan-activity;sid:84729977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/959e1c"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866878/; classtype:trojan-activity;sid:84729978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad252a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866879/; classtype:trojan-activity;sid:84729979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.mpsl"; depth:24; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866880/; classtype:trojan-activity;sid:84729980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a4e6c4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866881/; classtype:trojan-activity;sid:84729981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc20e7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866840/; classtype:trojan-activity;sid:84729940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e14bbd"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866841/; classtype:trojan-activity;sid:84729941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00ba7a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866842/; classtype:trojan-activity;sid:84729942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tak"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866843/; classtype:trojan-activity;sid:84729943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxxi"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866844/; classtype:trojan-activity;sid:84729944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ddd733"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866845/; classtype:trojan-activity;sid:84729945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.arm5"; depth:24; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866846/; classtype:trojan-activity;sid:84729946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.mips"; depth:24; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866847/; classtype:trojan-activity;sid:84729947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c6d6e9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866848/; classtype:trojan-activity;sid:84729948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aaa35"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866849/; classtype:trojan-activity;sid:84729949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f78083"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866850/; classtype:trojan-activity;sid:84729950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66f22d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866851/; classtype:trojan-activity;sid:84729951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.x86"; depth:23; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866852/; classtype:trojan-activity;sid:84729952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b847e9"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866853/; classtype:trojan-activity;sid:84729953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.sh4"; depth:23; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866854/; classtype:trojan-activity;sid:84729954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d59d7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866855/; classtype:trojan-activity;sid:84729955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c39530"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866856/; classtype:trojan-activity;sid:84729956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ec9f4"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866857/; classtype:trojan-activity;sid:84729957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2231c7"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866858/; classtype:trojan-activity;sid:84729958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d9q"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866859/; classtype:trojan-activity;sid:84729959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45cc57"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866860/; classtype:trojan-activity;sid:84729960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.x86_64"; depth:26; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866861/; classtype:trojan-activity;sid:84729961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/60706e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866862/; classtype:trojan-activity;sid:84729962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmzm"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866863/; classtype:trojan-activity;sid:84729963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/568fca"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866864/; classtype:trojan-activity;sid:84729964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f60bf"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866865/; classtype:trojan-activity;sid:84729965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexygirl99/spectra.arm7"; depth:24; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866866/; classtype:trojan-activity;sid:84729966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8b2638"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866837/; classtype:trojan-activity;sid:84729937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ac73ae"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866838/; classtype:trojan-activity;sid:84729938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_spc"; depth:9; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866839/; classtype:trojan-activity;sid:84729939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pio"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866827/; classtype:trojan-activity;sid:84729927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jmw"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866828/; classtype:trojan-activity;sid:84729928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a7b9a5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866829/; classtype:trojan-activity;sid:84729929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3479c6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866830/; classtype:trojan-activity;sid:84729930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9e847d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866831/; classtype:trojan-activity;sid:84729931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dae017"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866832/; classtype:trojan-activity;sid:84729932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca66b5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866833/; classtype:trojan-activity;sid:84729933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tlde"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866834/; classtype:trojan-activity;sid:84729934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlv"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866835/; classtype:trojan-activity;sid:84729935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0tf"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866836/; classtype:trojan-activity;sid:84729936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wtx1"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866818/; classtype:trojan-activity;sid:84729918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khk4"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866819/; classtype:trojan-activity;sid:84729919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/638056"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866820/; classtype:trojan-activity;sid:84729920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vhwk"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866821/; classtype:trojan-activity;sid:84729921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jbw"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866822/; classtype:trojan-activity;sid:84729922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k78"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866823/; classtype:trojan-activity;sid:84729923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p1q"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866824/; classtype:trojan-activity;sid:84729924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vgm"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866825/; classtype:trojan-activity;sid:84729925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b8c6cb"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866826/; classtype:trojan-activity;sid:84729926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ylpalos90o1g7vvkwd57jgc4nd5xusrhjqzs-lltlxy7wdyffk65envz-5f-y4hcietmlpmogfyp9cexrmai_andxyut23zegs3qt8aojrcuhcxpzjguokwocdsfuyfs8pfg96okj5zutiv6vzs3oamfxjy3gzcnjavmzzr-vnsd/ayqvje6l31xl87o/cs2hack.rar"; depth:201; endswith; nocase; http.host; content:"download2281.mediafire.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866817/; classtype:trojan-activity;sid:84729917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.36.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866816/; classtype:trojan-activity;sid:84729916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.61.141.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866814/; classtype:trojan-activity;sid:84729914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.34.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866815/; classtype:trojan-activity;sid:84729915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.36.28.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866810/; classtype:trojan-activity;sid:84729910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm"; depth:5; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866811/; classtype:trojan-activity;sid:84729911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm5"; depth:6; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866812/; classtype:trojan-activity;sid:84729912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm6"; depth:6; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866813/; classtype:trojan-activity;sid:84729913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/s/c66ae1c001c64d8a93574503077403cf/pdf"; depth:43; endswith; nocase; http.host; content:"larpers.eu"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866809/; classtype:trojan-activity;sid:84729909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4f0318dd7e433851.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866808/; classtype:trojan-activity;sid:84729908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.143.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866807/; classtype:trojan-activity;sid:84729907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j0yh-keux-j9id-2i7m/img_8omacp.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866806/; classtype:trojan-activity;sid:84729906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.20.0/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"gitea.nightcord.st"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866804/; classtype:trojan-activity;sid:84729904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/xeno-v1.3.55.zip"; depth:26; endswith; nocase; http.host; content:"xeno.lat"; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866805/; classtype:trojan-activity;sid:84729905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.19.9/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"gitea.nightcord.st"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866803/; classtype:trojan-activity;sid:84729903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.95.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866802/; classtype:trojan-activity;sid:84729902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866800/; classtype:trojan-activity;sid:84729900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"5.231.70.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866801/; classtype:trojan-activity;sid:84729901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866796/; classtype:trojan-activity;sid:84729896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866797/; classtype:trojan-activity;sid:84729897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866798/; classtype:trojan-activity;sid:84729898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866799/; classtype:trojan-activity;sid:84729899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866793/; classtype:trojan-activity;sid:84729893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866794/; classtype:trojan-activity;sid:84729894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866795/; classtype:trojan-activity;sid:84729895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"railmesenpai.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866792/; classtype:trojan-activity;sid:84729892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdek.apk"; depth:9; endswith; nocase; http.host; content:"app-cdek-online.ru"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866791/; classtype:trojan-activity;sid:84729891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.53.22.239"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866789/; classtype:trojan-activity;sid:84729889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.224.145.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866790/; classtype:trojan-activity;sid:84729890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"83.233.104.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866786/; classtype:trojan-activity;sid:84729886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866787/; classtype:trojan-activity;sid:84729887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cermetts/fluxus-roblox-executor/refs/heads/main/fluxus%20v7.exe"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866788/; classtype:trojan-activity;sid:84729888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c38e94bf2a380a37.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866781/; classtype:trojan-activity;sid:84729881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3ea6cd94-8c02-42e1-8ac1-c3e5fc1867ae"; depth:47; endswith; nocase; http.host; content:"l6k9xubq.oxidbetkade.online"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866780/; classtype:trojan-activity;sid:84729880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.60.255"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866779/; classtype:trojan-activity;sid:84729879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866778/; classtype:trojan-activity;sid:84729878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a03c56f3-7531-4717-8683-7a307aacc136"; depth:47; endswith; nocase; http.host; content:"lnc1c2cf.anodaz.vip"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866777/; classtype:trojan-activity;sid:84729877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.143.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866776/; classtype:trojan-activity;sid:84729876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866775/; classtype:trojan-activity;sid:84729875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.60.255"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866774/; classtype:trojan-activity;sid:84729874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.214.103.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866773/; classtype:trojan-activity;sid:84729873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.140.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866772/; classtype:trojan-activity;sid:84729872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.113.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866771/; classtype:trojan-activity;sid:84729871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866770/; classtype:trojan-activity;sid:84729870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e92f0ae0-916d-4a28-910f-3041ca56ef32"; depth:47; endswith; nocase; http.host; content:"022iqw23.bet303.download"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866769/; classtype:trojan-activity;sid:84729869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.96.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866768/; classtype:trojan-activity;sid:84729868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.93.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866767/; classtype:trojan-activity;sid:84729867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.101.27.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866766/; classtype:trojan-activity;sid:84729866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.140.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866765/; classtype:trojan-activity;sid:84729865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.243.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866764/; classtype:trojan-activity;sid:84729864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.39.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866763/; classtype:trojan-activity;sid:84729863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.250"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866762/; classtype:trojan-activity;sid:84729862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"84.214.103.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866761/; classtype:trojan-activity;sid:84729861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uxr"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866760/; classtype:trojan-activity;sid:84729860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwm"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866758/; classtype:trojan-activity;sid:84729858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loq"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866759/; classtype:trojan-activity;sid:84729859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e483"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866757/; classtype:trojan-activity;sid:84729857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.39.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866756/; classtype:trojan-activity;sid:84729856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lil"; depth:4; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866754/; classtype:trojan-activity;sid:84729854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866755/; classtype:trojan-activity;sid:84729855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.98.225.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866753/; classtype:trojan-activity;sid:84729853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866752/; classtype:trojan-activity;sid:84729852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.238.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866751/; classtype:trojan-activity;sid:84729851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.176.84.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866750/; classtype:trojan-activity;sid:84729850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bebra.zip|3f|v=1781776309044|7c|26|7c|r=adrvod"; depth:47; endswith; nocase; http.host; content:"bebra-dev.pro"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866749/; classtype:trojan-activity;sid:84729849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads"; depth:10; endswith; nocase; http.host; content:"domokitw.lol"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866748/; classtype:trojan-activity;sid:84729848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/voltix.zip"; depth:15; endswith; nocase; http.host; content:"voltix.gd"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866747/; classtype:trojan-activity;sid:84729847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e9ff"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866746/; classtype:trojan-activity;sid:84729846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vfct"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866744/; classtype:trojan-activity;sid:84729844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xof5"; depth:5; endswith; nocase; http.host; content:"176.65.139.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866745/; classtype:trojan-activity;sid:84729845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arc"; depth:40; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866743/; classtype:trojan-activity;sid:84729843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.107.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866742/; classtype:trojan-activity;sid:84729842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm"; depth:11; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866737/; classtype:trojan-activity;sid:84729837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mipsel"; depth:14; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866738/; classtype:trojan-activity;sid:84729838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86"; depth:11; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866739/; classtype:trojan-activity;sid:84729839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.mips"; depth:12; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866740/; classtype:trojan-activity;sid:84729840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.m68k"; depth:12; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866741/; classtype:trojan-activity;sid:84729841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.sparc"; depth:13; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866732/; classtype:trojan-activity;sid:84729832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm7"; depth:12; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866733/; classtype:trojan-activity;sid:84729833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.ppc"; depth:11; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866734/; classtype:trojan-activity;sid:84729834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.x86_64"; depth:14; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866735/; classtype:trojan-activity;sid:84729835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm8"; depth:12; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866736/; classtype:trojan-activity;sid:84729836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.sh4"; depth:11; endswith; nocase; http.host; content:"31.56.209.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866731/; classtype:trojan-activity;sid:84729831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866730/; classtype:trojan-activity;sid:84729830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"64.89.161.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866729/; classtype:trojan-activity;sid:84729829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"64.89.161.150"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866728/; classtype:trojan-activity;sid:84729828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866723/; classtype:trojan-activity;sid:84729823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866724/; classtype:trojan-activity;sid:84729824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866725/; classtype:trojan-activity;sid:84729825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866726/; classtype:trojan-activity;sid:84729826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866727/; classtype:trojan-activity;sid:84729827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866719/; classtype:trojan-activity;sid:84729819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866720/; classtype:trojan-activity;sid:84729820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866721/; classtype:trojan-activity;sid:84729821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"64.89.161.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866722/; classtype:trojan-activity;sid:84729822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"64.89.160.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866718/; classtype:trojan-activity;sid:84729818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"64.89.160.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866717/; classtype:trojan-activity;sid:84729817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.113.51.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866716/; classtype:trojan-activity;sid:84729816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d7936d18-9227-46af-a44b-ecffed7327e8"; depth:47; endswith; nocase; http.host; content:"8apvykue.daf.bet"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866715/; classtype:trojan-activity;sid:84729815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.78"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866714/; classtype:trojan-activity;sid:84729814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.182.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866713/; classtype:trojan-activity;sid:84729813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/werwte.exe"; depth:16; endswith; nocase; http.host; content:"5.252.155.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866711/; classtype:trojan-activity;sid:84729811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/iuyuh.exe"; depth:15; endswith; nocase; http.host; content:"5.252.155.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866712/; classtype:trojan-activity;sid:84729812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/l99.exe"; depth:13; endswith; nocase; http.host; content:"5.252.155.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866710/; classtype:trojan-activity;sid:84729810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stubcc.ps1"; depth:11; endswith; nocase; http.host; content:"mail.avicennaalliedhealthinstitute.org"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866709/; classtype:trojan-activity;sid:84729809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.110.15.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866708/; classtype:trojan-activity;sid:84729808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thornflash3client.exe"; depth:22; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866707/; classtype:trojan-activity;sid:84729807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.154.135"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866706/; classtype:trojan-activity;sid:84729806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.98.225.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866705/; classtype:trojan-activity;sid:84729805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866701/; classtype:trojan-activity;sid:84729801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm7"; depth:6; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866702/; classtype:trojan-activity;sid:84729802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm7"; depth:9; endswith; nocase; http.host; content:"91.92.42.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866703/; classtype:trojan-activity;sid:84729803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866704/; classtype:trojan-activity;sid:84729804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.78"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866700/; classtype:trojan-activity;sid:84729800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=256fba31-cada-43d7-8e45-6f3abfcf3ee4"; depth:47; endswith; nocase; http.host; content:"9jdr35y2.kir.bet"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866699/; classtype:trojan-activity;sid:84729799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.107.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866698/; classtype:trojan-activity;sid:84729798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.17.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866697/; classtype:trojan-activity;sid:84729797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866696/; classtype:trojan-activity;sid:84729796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.113.51.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866695/; classtype:trojan-activity;sid:84729795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.249.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866694/; classtype:trojan-activity;sid:84729794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.28.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866693/; classtype:trojan-activity;sid:84729793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.166.134.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866692/; classtype:trojan-activity;sid:84729792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.50.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866691/; classtype:trojan-activity;sid:84729791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.154.135"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866690/; classtype:trojan-activity;sid:84729790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.249.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866689/; classtype:trojan-activity;sid:84729789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.226.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866688/; classtype:trojan-activity;sid:84729788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.50.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866687/; classtype:trojan-activity;sid:84729787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/0m8mxuh181ska4zxthp9f/de0039-029302-r-img0029002.iso|3f|rlkey=jri4w2xcq3y5kgve3ij6vu8b0|7c|26|7c|dl=1"; depth:109; endswith; nocase; http.host; content:"dl.dropboxusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866686/; classtype:trojan-activity;sid:84729786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j0yh-keux-j9id-2i7m/img_90oqpz.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866685/; classtype:trojan-activity;sid:84729785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a0d49e48d1be96a6.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866684/; classtype:trojan-activity;sid:84729784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.249.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866683/; classtype:trojan-activity;sid:84729783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.249.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866682/; classtype:trojan-activity;sid:84729782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.17.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866681/; classtype:trojan-activity;sid:84729781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.254.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866679/; classtype:trojan-activity;sid:84729779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.18.181.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866680/; classtype:trojan-activity;sid:84729780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.124.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866678/; classtype:trojan-activity;sid:84729778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.14.239"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866677/; classtype:trojan-activity;sid:84729777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.184.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866676/; classtype:trojan-activity;sid:84729776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.254.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866675/; classtype:trojan-activity;sid:84729775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.arm6_srv"; depth:23; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866674/; classtype:trojan-activity;sid:84729774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.arm5_srv"; depth:23; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866669/; classtype:trojan-activity;sid:84729769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.arm64_srv"; depth:24; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866670/; classtype:trojan-activity;sid:84729770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.ppc_srv"; depth:22; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866671/; classtype:trojan-activity;sid:84729771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.arm_srv"; depth:22; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866672/; classtype:trojan-activity;sid:84729772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.sh4_srv"; depth:22; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866673/; classtype:trojan-activity;sid:84729773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.mips_srv"; depth:23; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866667/; classtype:trojan-activity;sid:84729767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.m68k_srv"; depth:23; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866668/; classtype:trojan-activity;sid:84729768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.x86_64_srv"; depth:25; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866663/; classtype:trojan-activity;sid:84729763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.mpsl_srv"; depth:23; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866664/; classtype:trojan-activity;sid:84729764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.arm7_srv"; depth:23; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866665/; classtype:trojan-activity;sid:84729765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.mips64_srv"; depth:25; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866666/; classtype:trojan-activity;sid:84729766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install_iot443.sh"; depth:18; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866662/; classtype:trojan-activity;sid:84729762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.233.94.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866661/; classtype:trojan-activity;sid:84729761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a661fc37-516b-4998-a1b6-c179af4e3eeb"; depth:47; endswith; nocase; http.host; content:"6wplx51t.azmoonhayeravani.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866660/; classtype:trojan-activity;sid:84729760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=68c341b3-b1d2-4e33-9870-09eee924ea62"; depth:47; endswith; nocase; http.host; content:"fs2m9wxw.khalsebet.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866659/; classtype:trojan-activity;sid:84729759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.14.239"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866658/; classtype:trojan-activity;sid:84729758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm7"; depth:10; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866657/; classtype:trojan-activity;sid:84729757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mipsel"; depth:12; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866655/; classtype:trojan-activity;sid:84729755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.86.251.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866656/; classtype:trojan-activity;sid:84729756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm4"; depth:10; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866650/; classtype:trojan-activity;sid:84729750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/womp"; depth:5; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866651/; classtype:trojan-activity;sid:84729751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips-uclibc"; depth:17; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866652/; classtype:trojan-activity;sid:84729752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_powerpc"; depth:13; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866653/; classtype:trojan-activity;sid:84729753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_x86_64"; depth:12; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866654/; classtype:trojan-activity;sid:84729754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mipsel-uclibc"; depth:19; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866644/; classtype:trojan-activity;sid:84729744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm6"; depth:10; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866645/; classtype:trojan-activity;sid:84729745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_aarch64"; depth:13; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866646/; classtype:trojan-activity;sid:84729746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips"; depth:10; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866647/; classtype:trojan-activity;sid:84729747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm5"; depth:10; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866648/; classtype:trojan-activity;sid:84729748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_x86"; depth:9; endswith; nocase; http.host; content:"static.249.223.175.5.nextregister.eu"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866649/; classtype:trojan-activity;sid:84729749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm7"; depth:41; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866643/; classtype:trojan-activity;sid:84729743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/xeno-v1.3.55.exe"; depth:26; endswith; nocase; http.host; content:"xeno.lat"; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866641/; classtype:trojan-activity;sid:84729741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"priem-pixart.life"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866642/; classtype:trojan-activity;sid:84729742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.202.101.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866635/; classtype:trojan-activity;sid:84729735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"220.202.88.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866636/; classtype:trojan-activity;sid:84729736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.230.27.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866637/; classtype:trojan-activity;sid:84729737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.80.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866638/; classtype:trojan-activity;sid:84729738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.232.142.200"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866639/; classtype:trojan-activity;sid:84729739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"kornikook12.icu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866640/; classtype:trojan-activity;sid:84729740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/kryptonite-fabric-1.21.11.jar"; depth:40; endswith; nocase; http.host; content:"donuthacks.online"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866633/; classtype:trojan-activity;sid:84729733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/asteria-fabric-1.21.1.jar"; depth:36; endswith; nocase; http.host; content:"donuthacks.online"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866634/; classtype:trojan-activity;sid:84729734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gh/vitiapig/lang-28/robot"; depth:26; endswith; nocase; http.host; content:"cdn.jsdelivr.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866630/; classtype:trojan-activity;sid:84729730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.m68k"; depth:41; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866631/; classtype:trojan-activity;sid:84729731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55f52bfb-8834-49c5-b16b-df97efaf75fd/pf.ch"; depth:43; endswith; nocase; http.host; content:"web.karbordriyaziyat.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866632/; classtype:trojan-activity;sid:84729732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/gypsyy-fabric-1.21.jar"; depth:33; endswith; nocase; http.host; content:"donuthacks.online"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866629/; classtype:trojan-activity;sid:84729729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"pixxarting24141.icu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866621/; classtype:trojan-activity;sid:84729721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/mist-fabric-1.21.1.jar"; depth:33; endswith; nocase; http.host; content:"donuthacks.online"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866622/; classtype:trojan-activity;sid:84729722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm"; depth:40; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866623/; classtype:trojan-activity;sid:84729723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"hainzpixx241.digital"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866624/; classtype:trojan-activity;sid:84729724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm5"; depth:41; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866625/; classtype:trojan-activity;sid:84729725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.133.65.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866626/; classtype:trojan-activity;sid:84729726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/nyrex-fabric-1.21.1.jar"; depth:34; endswith; nocase; http.host; content:"donuthacks.online"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866627/; classtype:trojan-activity;sid:84729727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/breeze-fabric-1.21.11.jar"; depth:36; endswith; nocase; http.host; content:"donuthacks.online"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866628/; classtype:trojan-activity;sid:84729728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.spc"; depth:40; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866615/; classtype:trojan-activity;sid:84729715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiroz3x.sh"; depth:11; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866616/; classtype:trojan-activity;sid:84729716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.sh4"; depth:40; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866617/; classtype:trojan-activity;sid:84729717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.mips"; depth:41; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866618/; classtype:trojan-activity;sid:84729718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"send-preobi.life"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866619/; classtype:trojan-activity;sid:84729719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.ppc"; depth:40; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866620/; classtype:trojan-activity;sid:84729720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.36.72.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866610/; classtype:trojan-activity;sid:84729710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.x86"; depth:40; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866611/; classtype:trojan-activity;sid:84729711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.i686"; depth:41; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866612/; classtype:trojan-activity;sid:84729712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.mpsl"; depth:41; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866613/; classtype:trojan-activity;sid:84729713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm6"; depth:41; endswith; nocase; http.host; content:"185.193.67.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866614/; classtype:trojan-activity;sid:84729714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.39.227.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866602/; classtype:trojan-activity;sid:84729702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"gpixx.xyz"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866603/; classtype:trojan-activity;sid:84729703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"maybe-sincetomorrow.buzz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866604/; classtype:trojan-activity;sid:84729704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"tobascopixxx24.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866605/; classtype:trojan-activity;sid:84729705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"usual-pixx12.digital"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866606/; classtype:trojan-activity;sid:84729706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"nickylody124.life"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866607/; classtype:trojan-activity;sid:84729707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"nickkpixx123.world"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866608/; classtype:trojan-activity;sid:84729708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"workworm1412.buzz"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866609/; classtype:trojan-activity;sid:84729709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"ohlly-mohly.world"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866600/; classtype:trojan-activity;sid:84729700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.js|3f|site=8877e14b1cd4aa573aea550c2ae9c73d"; depth:46; endswith; nocase; http.host; content:"pixxarting21.life"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866601/; classtype:trojan-activity;sid:84729701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_9baded2dd13b1073.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866597/; classtype:trojan-activity;sid:84729697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b231a467b58438dc.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866598/; classtype:trojan-activity;sid:84729698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"196.135.205.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866599/; classtype:trojan-activity;sid:84729699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_729aaaf7ce76a4d4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866593/; classtype:trojan-activity;sid:84729693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3d6f265ae4f77890.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866594/; classtype:trojan-activity;sid:84729694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1d09f8a88fb14d77.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866595/; classtype:trojan-activity;sid:84729695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.38.221.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866596/; classtype:trojan-activity;sid:84729696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/547c583f-542c-4374-a052-318589ca426d/goog.ct"; depth:45; endswith; nocase; http.host; content:"pub-f3382215b.1x1.cash"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866592/; classtype:trojan-activity;sid:84729692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_9c15ff0857b30ee9.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866591/; classtype:trojan-activity;sid:84729691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eccsd"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866587/; classtype:trojan-activity;sid:84729687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyeql/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866588/; classtype:trojan-activity;sid:84729688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.235.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866589/; classtype:trojan-activity;sid:84729689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/optimized_msi.png"; depth:23; endswith; nocase; http.host; content:"hostphpwindowsnuevas.ydns.eu"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866590/; classtype:trojan-activity;sid:84729690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cqehd/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866582/; classtype:trojan-activity;sid:84729682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desej/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866583/; classtype:trojan-activity;sid:84729683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyalcp"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866584/; classtype:trojan-activity;sid:84729684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odalc"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866585/; classtype:trojan-activity;sid:84729685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ygpsp"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866586/; classtype:trojan-activity;sid:84729686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyalc"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866573/; classtype:trojan-activity;sid:84729673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"117.193.109.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866574/; classtype:trojan-activity;sid:84729674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulucj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866575/; classtype:trojan-activity;sid:84729675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wixpl/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866576/; classtype:trojan-activity;sid:84729676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpeqt"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866577/; classtype:trojan-activity;sid:84729677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxybf/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866578/; classtype:trojan-activity;sid:84729678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vzjbj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866579/; classtype:trojan-activity;sid:84729679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggldg/"; depth:7; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866580/; classtype:trojan-activity;sid:84729680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mqerj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866581/; classtype:trojan-activity;sid:84729681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ekkrr/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866571/; classtype:trojan-activity;sid:84729671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vyvzu/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866572/; classtype:trojan-activity;sid:84729672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxgqj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866563/; classtype:trojan-activity;sid:84729663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tperm/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866564/; classtype:trojan-activity;sid:84729664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwqxl"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866565/; classtype:trojan-activity;sid:84729665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi.png"; depth:8; endswith; nocase; http.host; content:"archivoscrosoft.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866566/; classtype:trojan-activity;sid:84729666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxilw/"; depth:7; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866567/; classtype:trojan-activity;sid:84729667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egycw/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866568/; classtype:trojan-activity;sid:84729668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/optimized_msijune.png"; depth:27; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866569/; classtype:trojan-activity;sid:84729669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anwad/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866570/; classtype:trojan-activity;sid:84729670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wuswb/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866559/; classtype:trojan-activity;sid:84729659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.165.83.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866560/; classtype:trojan-activity;sid:84729660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qvtmd"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866561/; classtype:trojan-activity;sid:84729661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_012115.png"; depth:15; endswith; nocase; http.host; content:"maradona.gt.tc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866562/; classtype:trojan-activity;sid:84729662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yhcda/"; depth:7; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866557/; classtype:trojan-activity;sid:84729657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n64y-jvb2-wt8x-cri7/img_dbtvfp.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866558/; classtype:trojan-activity;sid:84729658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eyifg/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866555/; classtype:trojan-activity;sid:84729655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kugef/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866556/; classtype:trojan-activity;sid:84729656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/x6porqlk.png"; depth:20; endswith; nocase; http.host; content:"cdn.imgtree.co"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866553/; classtype:trojan-activity;sid:84729653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wqaccess/optimized_msi.png"; depth:27; endswith; nocase; http.host; content:"nickart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866554/; classtype:trojan-activity;sid:84729654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.148.226.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866551/; classtype:trojan-activity;sid:84729651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"160.250.51.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866552/; classtype:trojan-activity;sid:84729652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/genomecrawler"; depth:14; endswith; nocase; http.host; content:"www.nokia.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866549/; classtype:trojan-activity;sid:84729649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_8fa5750dede69f55.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866550/; classtype:trojan-activity;sid:84729650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_56aab055de93e952.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866544/; classtype:trojan-activity;sid:84729644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_41079e218ec44085.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866545/; classtype:trojan-activity;sid:84729645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_db88ace16bc95861.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866546/; classtype:trojan-activity;sid:84729646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cde10ebfe6976055.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866547/; classtype:trojan-activity;sid:84729647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/1urakt/"; depth:13; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866548/; classtype:trojan-activity;sid:84729648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.235.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866543/; classtype:trojan-activity;sid:84729643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unmlo/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866538/; classtype:trojan-activity;sid:84729638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vemrp/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866539/; classtype:trojan-activity;sid:84729639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kovha"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866540/; classtype:trojan-activity;sid:84729640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggwgp"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866541/; classtype:trojan-activity;sid:84729641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n64y-jvb2-wt8x-cri7/img_ibay0l.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866542/; classtype:trojan-activity;sid:84729642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n64y-jvb2-wt8x-cri7/img_885dva.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866535/; classtype:trojan-activity;sid:84729635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ptazf"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866536/; classtype:trojan-activity;sid:84729636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdeaa/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866537/; classtype:trojan-activity;sid:84729637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qxijp"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866526/; classtype:trojan-activity;sid:84729626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glass.png"; depth:10; endswith; nocase; http.host; content:"gaiadeqi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866527/; classtype:trojan-activity;sid:84729627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/git/"; depth:5; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866528/; classtype:trojan-activity;sid:84729628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pijol/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866529/; classtype:trojan-activity;sid:84729629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/33f0jjvckfmm.png"; depth:24; endswith; nocase; http.host; content:"gcdnb.pbrd.co"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866530/; classtype:trojan-activity;sid:84729630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kovhap"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866531/; classtype:trojan-activity;sid:84729631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxdpx/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866532/; classtype:trojan-activity;sid:84729632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lnnph"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866533/; classtype:trojan-activity;sid:84729633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etivi/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866534/; classtype:trojan-activity;sid:84729634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft.png"; depth:9; endswith; nocase; http.host; content:"gaiadeqi.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866524/; classtype:trojan-activity;sid:84729624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bacup_msi.png"; depth:14; endswith; nocase; http.host; content:"94.156.152.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866525/; classtype:trojan-activity;sid:84729625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upwork/odours.prx"; depth:18; endswith; nocase; http.host; content:"purmed.ro"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866523/; classtype:trojan-activity;sid:84729623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.111.130.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866521/; classtype:trojan-activity;sid:84729621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.165.83.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866522/; classtype:trojan-activity;sid:84729622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.225.199"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866519/; classtype:trojan-activity;sid:84729619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"94.156.152.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866520/; classtype:trojan-activity;sid:84729620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/loader.sh|3f|build=4255a2023db4a285d45efb4aeedd4897"; depth:58; endswith; nocase; http.host; content:"rcqwr12c541wa421q.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866518/; classtype:trojan-activity;sid:84729618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/payload.applescript|3f|build=4255a2023db4a285d45efb4aeedd4897"; depth:68; endswith; nocase; http.host; content:"rcqwr12c541wa421q.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866517/; classtype:trojan-activity;sid:84729617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.189.111"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866516/; classtype:trojan-activity;sid:84729616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/heromc.sh"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866505/; classtype:trojan-activity;sid:84729605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tranphuonglinh.sh"; depth:18; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866506/; classtype:trojan-activity;sid:84729606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viet69.sh"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866507/; classtype:trojan-activity;sid:84729607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_arm5"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866508/; classtype:trojan-activity;sid:84729608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_x86"; depth:9; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866509/; classtype:trojan-activity;sid:84729609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_arm6"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866510/; classtype:trojan-activity;sid:84729610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_mips"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866511/; classtype:trojan-activity;sid:84729611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_arm"; depth:9; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866512/; classtype:trojan-activity;sid:84729612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_mpsl"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866513/; classtype:trojan-activity;sid:84729613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_x86_64"; depth:12; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866514/; classtype:trojan-activity;sid:84729614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_ppc"; depth:9; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866515/; classtype:trojan-activity;sid:84729615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_arm7"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866503/; classtype:trojan-activity;sid:84729603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onie_m68k"; depth:10; endswith; nocase; http.host; content:"103.226.250.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866504/; classtype:trojan-activity;sid:84729604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.233.94.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866502/; classtype:trojan-activity;sid:84729602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.164.201.9"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866501/; classtype:trojan-activity;sid:84729601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.86.251.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866500/; classtype:trojan-activity;sid:84729600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.sh4"; depth:14; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866499/; classtype:trojan-activity;sid:84729599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.20.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866498/; classtype:trojan-activity;sid:84729598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.i586"; depth:15; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866488/; classtype:trojan-activity;sid:84729588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.x86_64"; depth:17; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866489/; classtype:trojan-activity;sid:84729589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv7l"; depth:17; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866490/; classtype:trojan-activity;sid:84729590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv6l"; depth:17; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866491/; classtype:trojan-activity;sid:84729591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.mips"; depth:15; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866492/; classtype:trojan-activity;sid:84729592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.powerpc"; depth:18; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866493/; classtype:trojan-activity;sid:84729593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.mipsel"; depth:17; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866494/; classtype:trojan-activity;sid:84729594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv4l"; depth:17; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866495/; classtype:trojan-activity;sid:84729595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.i686"; depth:15; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866496/; classtype:trojan-activity;sid:84729596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv5l"; depth:17; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866497/; classtype:trojan-activity;sid:84729597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.79.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866487/; classtype:trojan-activity;sid:84729587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7fcbbe22-df66-4c6d-9f9e-c440a659db33"; depth:47; endswith; nocase; http.host; content:"fg7za1dh.casinobet.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866486/; classtype:trojan-activity;sid:84729586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866485/; classtype:trojan-activity;sid:84729585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/icy.sh"; depth:7; endswith; nocase; http.host; content:"109.104.153.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866482/; classtype:trojan-activity;sid:84729582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"91.92.4.28"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866483/; classtype:trojan-activity;sid:84729583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"139.135.59.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866484/; classtype:trojan-activity;sid:84729584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.x86"; depth:18; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866478/; classtype:trojan-activity;sid:84729578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yui/wtmp"; depth:9; endswith; nocase; http.host; content:"95.214.53.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866479/; classtype:trojan-activity;sid:84729579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"163.61.39.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866480/; classtype:trojan-activity;sid:84729580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ipmiv2.xml-p"; depth:18; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866481/; classtype:trojan-activity;sid:84729581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.141.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866477/; classtype:trojan-activity;sid:84729577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f70151a5-1bfb-4d40-a11d-348a475828aa"; depth:47; endswith; nocase; http.host; content:"eozmzva6.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866476/; classtype:trojan-activity;sid:84729576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.89.249.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866475/; classtype:trojan-activity;sid:84729575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"109.104.153.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866474/; classtype:trojan-activity;sid:84729574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.242.14.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866473/; classtype:trojan-activity;sid:84729573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.200.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866472/; classtype:trojan-activity;sid:84729572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.178"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866471/; classtype:trojan-activity;sid:84729571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"154.242.14.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866470/; classtype:trojan-activity;sid:84729570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866469/; classtype:trojan-activity;sid:84729569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.10.155.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866468/; classtype:trojan-activity;sid:84729568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.141.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866467/; classtype:trojan-activity;sid:84729567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866466/; classtype:trojan-activity;sid:84729566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.155.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866465/; classtype:trojan-activity;sid:84729565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866464/; classtype:trojan-activity;sid:84729564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866463/; classtype:trojan-activity;sid:84729563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.200.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866462/; classtype:trojan-activity;sid:84729562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.124.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866461/; classtype:trojan-activity;sid:84729561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.155.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866460/; classtype:trojan-activity;sid:84729560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f1f9a803-eca2-4d05-ab18-9af325c11ea8"; depth:47; endswith; nocase; http.host; content:"acu1ajv0.irxbetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866459/; classtype:trojan-activity;sid:84729559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.101.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866458/; classtype:trojan-activity;sid:84729558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.73.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866457/; classtype:trojan-activity;sid:84729557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.215.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866456/; classtype:trojan-activity;sid:84729556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866455/; classtype:trojan-activity;sid:84729555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.8.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866454/; classtype:trojan-activity;sid:84729554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.199.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866453/; classtype:trojan-activity;sid:84729553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.73.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866452/; classtype:trojan-activity;sid:84729552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866451/; classtype:trojan-activity;sid:84729551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.199.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866450/; classtype:trojan-activity;sid:84729550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.173.56.78"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866449/; classtype:trojan-activity;sid:84729549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.115.223.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866448/; classtype:trojan-activity;sid:84729548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f228735b-394c-416a-86b5-29af43fab12b"; depth:47; endswith; nocase; http.host; content:"f8zkjy83.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866447/; classtype:trojan-activity;sid:84729547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.100.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866446/; classtype:trojan-activity;sid:84729546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.138.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866445/; classtype:trojan-activity;sid:84729545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.251.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866444/; classtype:trojan-activity;sid:84729544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=64f394ae-a1be-42ec-8aca-04656494d2d9"; depth:47; endswith; nocase; http.host; content:"l7r6eyvg.biagameskade.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866443/; classtype:trojan-activity;sid:84729543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.115.223.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866442/; classtype:trojan-activity;sid:84729542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a6f963ce-6d90-4e30-967e-016d49f66c65"; depth:47; endswith; nocase; http.host; content:"qpz5krrv.hokm.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866441/; classtype:trojan-activity;sid:84729541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.100.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866440/; classtype:trojan-activity;sid:84729540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.138.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866439/; classtype:trojan-activity;sid:84729539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.184.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866438/; classtype:trojan-activity;sid:84729538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.22.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866437/; classtype:trojan-activity;sid:84729537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.107.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866436/; classtype:trojan-activity;sid:84729536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866435/; classtype:trojan-activity;sid:84729535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.238.39"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866434/; classtype:trojan-activity;sid:84729534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.242.28.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866433/; classtype:trojan-activity;sid:84729533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.22.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866432/; classtype:trojan-activity;sid:84729532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"108.168.0.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866431/; classtype:trojan-activity;sid:84729531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.107.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866430/; classtype:trojan-activity;sid:84729530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.146.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866429/; classtype:trojan-activity;sid:84729529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.131.33"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866428/; classtype:trojan-activity;sid:84729528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.51"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866427/; classtype:trojan-activity;sid:84729527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.251.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866426/; classtype:trojan-activity;sid:84729526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.120.250"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866425/; classtype:trojan-activity;sid:84729525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.189.232.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866424/; classtype:trojan-activity;sid:84729524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.51"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866423/; classtype:trojan-activity;sid:84729523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.239.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866422/; classtype:trojan-activity;sid:84729522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e2ac80ae-e886-4756-b601-165557f1c358"; depth:47; endswith; nocase; http.host; content:"59k3ql4x.akhlagvaahkam.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866421/; classtype:trojan-activity;sid:84729521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.189.232.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866420/; classtype:trojan-activity;sid:84729520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9d60d128-28de-4bb9-8ef0-6916a5c279a1"; depth:47; endswith; nocase; http.host; content:"ddbk25ms.helabetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866419/; classtype:trojan-activity;sid:84729519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.51.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866418/; classtype:trojan-activity;sid:84729518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.51.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866417/; classtype:trojan-activity;sid:84729517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.123.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866416/; classtype:trojan-activity;sid:84729516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.183.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866415/; classtype:trojan-activity;sid:84729515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.12.25"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866414/; classtype:trojan-activity;sid:84729514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5edcbc9c-29dd-44a1-a11c-53a593161934"; depth:47; endswith; nocase; http.host; content:"phwy7fn6.betvarzeshkade.online"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866413/; classtype:trojan-activity;sid:84729513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.238.217"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866412/; classtype:trojan-activity;sid:84729512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.104.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866411/; classtype:trojan-activity;sid:84729511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3d88d2b3-8114-4e2f-bc04-492fb314b672"; depth:47; endswith; nocase; http.host; content:"p7266yt8.asibshenasiyahya.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866410/; classtype:trojan-activity;sid:84729510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.14.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866409/; classtype:trojan-activity;sid:84729509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.104.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866408/; classtype:trojan-activity;sid:84729508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.14.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866407/; classtype:trojan-activity;sid:84729507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b3ec35af-9290-4f4a-9c05-7d0ed0e5d779"; depth:47; endswith; nocase; http.host; content:"p57bz239.gorgbetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866406/; classtype:trojan-activity;sid:84729506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.250.51.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866405/; classtype:trojan-activity;sid:84729505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.15.242.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866404/; classtype:trojan-activity;sid:84729504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866403/; classtype:trojan-activity;sid:84729503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.250.51.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866402/; classtype:trojan-activity;sid:84729502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.206.84"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866401/; classtype:trojan-activity;sid:84729501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.196.29.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866400/; classtype:trojan-activity;sid:84729500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.15.242.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866399/; classtype:trojan-activity;sid:84729499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.196.29.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866398/; classtype:trojan-activity;sid:84729498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866397/; classtype:trojan-activity;sid:84729497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866396/; classtype:trojan-activity;sid:84729496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.75.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866395/; classtype:trojan-activity;sid:84729495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.83.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866394/; classtype:trojan-activity;sid:84729494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.75.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866393/; classtype:trojan-activity;sid:84729493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.102.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866392/; classtype:trojan-activity;sid:84729492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.83.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866391/; classtype:trojan-activity;sid:84729491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.90.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866390/; classtype:trojan-activity;sid:84729490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=238927cf-27b8-4b24-b82e-5ed0222fdade"; depth:47; endswith; nocase; http.host; content:"h0cbv92p.golfbetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866389/; classtype:trojan-activity;sid:84729489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.20.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866388/; classtype:trojan-activity;sid:84729488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.236.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866387/; classtype:trojan-activity;sid:84729487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.236.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866386/; classtype:trojan-activity;sid:84729486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.166.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866385/; classtype:trojan-activity;sid:84729485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6f4c3559-b657-4844-ba58-a18fd58c2a98"; depth:47; endswith; nocase; http.host; content:"n30b0xx5.megaparikade.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866384/; classtype:trojan-activity;sid:84729484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866383/; classtype:trojan-activity;sid:84729483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866382/; classtype:trojan-activity;sid:84729482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866381/; classtype:trojan-activity;sid:84729481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=39d78721-7bb0-4538-ac2e-93420490df7e"; depth:47; endswith; nocase; http.host; content:"h2vkq89b.angizeshfarahani.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866380/; classtype:trojan-activity;sid:84729480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=74aac300-d1f2-489e-b4f0-b0d37c75b09a"; depth:47; endswith; nocase; http.host; content:"bbztdp6a.akhbarsport.info"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866379/; classtype:trojan-activity;sid:84729479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.166.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866378/; classtype:trojan-activity;sid:84729478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866377/; classtype:trojan-activity;sid:84729477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866376/; classtype:trojan-activity;sid:84729476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e8c98881-fd1f-4101-a0b6-6bac53f2aa03"; depth:47; endswith; nocase; http.host; content:"p4h5mnln.fazbetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866375/; classtype:trojan-activity;sid:84729475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.105.50.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866374/; classtype:trojan-activity;sid:84729474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866369/; classtype:trojan-activity;sid:84729469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aul"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866370/; classtype:trojan-activity;sid:84729470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ogt"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866371/; classtype:trojan-activity;sid:84729471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbj"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866372/; classtype:trojan-activity;sid:84729472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jfc"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866373/; classtype:trojan-activity;sid:84729473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.87.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866368/; classtype:trojan-activity;sid:84729468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.105.50.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866367/; classtype:trojan-activity;sid:84729467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zkr"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866366/; classtype:trojan-activity;sid:84729466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hss3"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866363/; classtype:trojan-activity;sid:84729463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dtf"; depth:4; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866364/; classtype:trojan-activity;sid:84729464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab1h"; depth:5; endswith; nocase; http.host; content:"129.121.114.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866365/; classtype:trojan-activity;sid:84729465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866362/; classtype:trojan-activity;sid:84729462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.75.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866361/; classtype:trojan-activity;sid:84729461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866360/; classtype:trojan-activity;sid:84729460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=64c9da85-2ede-4432-9eaa-83553b084903"; depth:47; endswith; nocase; http.host; content:"1ycpksxw.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866359/; classtype:trojan-activity;sid:84729459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866358/; classtype:trojan-activity;sid:84729458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.255.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866357/; classtype:trojan-activity;sid:84729457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866356/; classtype:trojan-activity;sid:84729456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"103.73.162.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866354/; classtype:trojan-activity;sid:84729454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"103.73.162.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866355/; classtype:trojan-activity;sid:84729455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.x86_64"; depth:21; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866353/; classtype:trojan-activity;sid:84729453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.87.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866352/; classtype:trojan-activity;sid:84729452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e3232276-5463-4435-8523-3537efac99ab"; depth:47; endswith; nocase; http.host; content:"j7n7i2dx.enfej.win"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866351/; classtype:trojan-activity;sid:84729451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.91.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866350/; classtype:trojan-activity;sid:84729450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"5.8.18.62"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866349/; classtype:trojan-activity;sid:84729449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"5.8.18.62"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866348/; classtype:trojan-activity;sid:84729448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.169.189"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866347/; classtype:trojan-activity;sid:84729447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig"; depth:6; endswith; nocase; http.host; content:"67.220.73.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866346/; classtype:trojan-activity;sid:84729446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s.exe"; depth:6; endswith; nocase; http.host; content:"103.226.124.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866345/; classtype:trojan-activity;sid:84729445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.60.224"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866344/; classtype:trojan-activity;sid:84729444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.214.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866343/; classtype:trojan-activity;sid:84729443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.169.189"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866342/; classtype:trojan-activity;sid:84729442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.91.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866341/; classtype:trojan-activity;sid:84729441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866340/; classtype:trojan-activity;sid:84729440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=382b9b61-cd89-4b7d-a5c7-c5c43ba119fc"; depth:47; endswith; nocase; http.host; content:"zt67g44l.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866339/; classtype:trojan-activity;sid:84729439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35/bestwishesforbestideascomingformebetter.hta"; depth:47; endswith; nocase; http.host; content:"104.168.70.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866338/; classtype:trojan-activity;sid:84729438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/suelarweek.exe"; depth:15; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866337/; classtype:trojan-activity;sid:84729437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vitiapig/11f027bd-2c86-4b00-bf82-f21228d2f096/refs/heads/main/scr"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866333/; classtype:trojan-activity;sid:84729433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ef443ad-1d5b-4172-8c90-2e7439c9bda5/pf.ch"; depth:43; endswith; nocase; http.host; content:"epgggtee.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866334/; classtype:trojan-activity;sid:84729434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52ba152a-5d46-4906-af2c-13ffd80a76bb/we.ch"; depth:43; endswith; nocase; http.host; content:"host.zaminshenasi.shop"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866335/; classtype:trojan-activity;sid:84729435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vitiapig/api-bd7dff3f-84b7-4bbb-a8e1-7be98555d879/refs/heads/main/threat"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866336/; classtype:trojan-activity;sid:84729436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kjfr7eubgod_jwbjcdoiu_udkor_undy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866332/; classtype:trojan-activity;sid:84729432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jjmj9e7at1kw7ejqelx-abyb2095jsve"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866331/; classtype:trojan-activity;sid:84729431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stego_payload1.png"; depth:19; endswith; nocase; http.host; content:"semencepourlavie.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866330/; classtype:trojan-activity;sid:84729430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wtfueaikzcgpasnybyogk74.bin"; depth:28; endswith; nocase; http.host; content:"192.3.136.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866329/; classtype:trojan-activity;sid:84729429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soffymot.fla"; depth:13; endswith; nocase; http.host; content:"192.3.136.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866328/; classtype:trojan-activity;sid:84729428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.225"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866327/; classtype:trojan-activity;sid:84729427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/1.jpg"; depth:10; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866326/; classtype:trojan-activity;sid:84729426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.37.101.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866325/; classtype:trojan-activity;sid:84729425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/hnjdmhc.txt"; depth:14; endswith; nocase; http.host; content:"216.9.224.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866323/; classtype:trojan-activity;sid:84729423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.162.36.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866324/; classtype:trojan-activity;sid:84729424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/prestige-1.21.jar"; depth:28; endswith; nocase; http.host; content:"prestige-mc.lovable.app"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866322/; classtype:trojan-activity;sid:84729422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.mips"; depth:17; endswith; nocase; http.host; content:"109.104.153.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866319/; classtype:trojan-activity;sid:84729419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4478bd6aec9ae601.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866320/; classtype:trojan-activity;sid:84729420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d8ac19371aa6c0b2.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866321/; classtype:trojan-activity;sid:84729421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beta/voltrix.zip"; depth:17; endswith; nocase; http.host; content:"voltrix.lol"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866317/; classtype:trojan-activity;sid:84729417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"182.121.155.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866318/; classtype:trojan-activity;sid:84729418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaevuhuj/1.jpg"; depth:15; endswith; nocase; http.host; content:"payables-deposit.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866316/; classtype:trojan-activity;sid:84729416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_83ad5a7d1356ac7e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866314/; classtype:trojan-activity;sid:84729414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_63fd82abe8bb1c1a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866315/; classtype:trojan-activity;sid:84729415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.242.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866313/; classtype:trojan-activity;sid:84729413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"193.187.101.68"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866312/; classtype:trojan-activity;sid:84729412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.38.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866311/; classtype:trojan-activity;sid:84729411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.123.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866310/; classtype:trojan-activity;sid:84729410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.84.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866309/; classtype:trojan-activity;sid:84729409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.84.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866308/; classtype:trojan-activity;sid:84729408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.60.224"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866307/; classtype:trojan-activity;sid:84729407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.90.189"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866306/; classtype:trojan-activity;sid:84729406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.39.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866305/; classtype:trojan-activity;sid:84729405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.69.200.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866304/; classtype:trojan-activity;sid:84729404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.36.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866303/; classtype:trojan-activity;sid:84729403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f9b7e304-aa30-437d-97c2-7ea59c4e0c08"; depth:47; endswith; nocase; http.host; content:"429jq7cf.ravanshenasi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866302/; classtype:trojan-activity;sid:84729402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3c4c17ce-4ba1-4af9-870b-60e8c6a80dfd"; depth:47; endswith; nocase; http.host; content:"s5kubntg.enfejkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866301/; classtype:trojan-activity;sid:84729401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.105.38"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866300/; classtype:trojan-activity;sid:84729400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/92/img_054606.png"; depth:18; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866299/; classtype:trojan-activity;sid:84729399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.38.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866298/; classtype:trojan-activity;sid:84729398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.36.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866297/; classtype:trojan-activity;sid:84729397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.105.38"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866296/; classtype:trojan-activity;sid:84729396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=27d6a1e2-0639-4792-b167-3400a29adbac"; depth:47; endswith; nocase; http.host; content:"c9w3m5jq.usoleamoozesh.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866295/; classtype:trojan-activity;sid:84729395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.7.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866294/; classtype:trojan-activity;sid:84729394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.7.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866293/; classtype:trojan-activity;sid:84729393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.168.0.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866292/; classtype:trojan-activity;sid:84729392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.225.189.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866291/; classtype:trojan-activity;sid:84729391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec51e19c-5592-4e8b-a2a3-ec2e651c02a3"; depth:37; endswith; nocase; http.host; content:"bqmrthe.bankefiile.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866290/; classtype:trojan-activity;sid:84729390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6da998d5-6e13-4c29-bc1a-b5098960f9e6"; depth:37; endswith; nocase; http.host; content:"bvsfuyvu.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866289/; classtype:trojan-activity;sid:84729389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.225.189.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866288/; classtype:trojan-activity;sid:84729388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1616c6f-858f-4cc0-8f35-38379352b3df"; depth:37; endswith; nocase; http.host; content:"ugygn.shartmag.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866287/; classtype:trojan-activity;sid:84729387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.250.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866286/; classtype:trojan-activity;sid:84729386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.170.226"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866285/; classtype:trojan-activity;sid:84729385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.156.186"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866284/; classtype:trojan-activity;sid:84729384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=594cffaa-9b60-4d3a-a49c-6f209794d577"; depth:47; endswith; nocase; http.host; content:"uwso33yr.riyazinikokar.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866283/; classtype:trojan-activity;sid:84729383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d44189ed-c138-4551-90a7-065fc817d993"; depth:37; endswith; nocase; http.host; content:"cjbbdtba.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866282/; classtype:trojan-activity;sid:84729382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.45.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866281/; classtype:trojan-activity;sid:84729381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866280/; classtype:trojan-activity;sid:84729380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.237.143"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866278/; classtype:trojan-activity;sid:84729378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.45.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866279/; classtype:trojan-activity;sid:84729379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866277/; classtype:trojan-activity;sid:84729377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.170.226"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866276/; classtype:trojan-activity;sid:84729376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/27cf5719-9c1a-43bc-ad79-cf99ff63d5d4"; depth:37; endswith; nocase; http.host; content:"vprhcxyu.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866275/; classtype:trojan-activity;sid:84729375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.118.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866274/; classtype:trojan-activity;sid:84729374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.167.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866273/; classtype:trojan-activity;sid:84729373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0c09af33-a857-4324-8242-a0b29d0c5940"; depth:37; endswith; nocase; http.host; content:"qgkzqew.azmoonzare.online"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866272/; classtype:trojan-activity;sid:84729372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5d025454-aaa1-4694-8e70-d0c2546a6188"; depth:37; endswith; nocase; http.host; content:"zyiirlrr.tarikhravannovin.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866271/; classtype:trojan-activity;sid:84729371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.87.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866270/; classtype:trojan-activity;sid:84729370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.167.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866269/; classtype:trojan-activity;sid:84729369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.3.130"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866268/; classtype:trojan-activity;sid:84729368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=987db032-119f-4333-8d00-3c1c41c4efd6"; depth:47; endswith; nocase; http.host; content:"nc45aae1.tractor11.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866267/; classtype:trojan-activity;sid:84729367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a7d484fb-340b-4356-a80e-020d0e5b78be"; depth:37; endswith; nocase; http.host; content:"ysulmnsc.sanjeshravani.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866266/; classtype:trojan-activity;sid:84729366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.31.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866265/; classtype:trojan-activity;sid:84729365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.3.130"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866264/; classtype:trojan-activity;sid:84729364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.228.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866263/; classtype:trojan-activity;sid:84729363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d907e2df-b265-45c5-8d06-6cf9edf2bb94"; depth:47; endswith; nocase; http.host; content:"1z2x5bu4.modiriyatnikbakht.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866262/; classtype:trojan-activity;sid:84729362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.63.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866261/; classtype:trojan-activity;sid:84729361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3dca007-3ee3-458e-8c10-476918b8a0c8"; depth:37; endswith; nocase; http.host; content:"jwouoops.sakhtemandade.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866260/; classtype:trojan-activity;sid:84729360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.63.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866259/; classtype:trojan-activity;sid:84729359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.31.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866258/; classtype:trojan-activity;sid:84729358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.157.129"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866257/; classtype:trojan-activity;sid:84729357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866256/; classtype:trojan-activity;sid:84729356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"223.221.79.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866255/; classtype:trojan-activity;sid:84729355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.157.129"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866254/; classtype:trojan-activity;sid:84729354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"223.221.79.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866253/; classtype:trojan-activity;sid:84729353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.225.199"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866252/; classtype:trojan-activity;sid:84729352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.225.199"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866251/; classtype:trojan-activity;sid:84729351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/189f2bc8-128c-435a-b6d7-2cf9fc473141"; depth:37; endswith; nocase; http.host; content:"wwocqmw.motorbook.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866250/; classtype:trojan-activity;sid:84729350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf8daa18-1a3f-4c08-86a0-1d6c3949ace9"; depth:37; endswith; nocase; http.host; content:"pvxvwrfu.sadreislam.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866248/; classtype:trojan-activity;sid:84729348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a98cc107-c233-4f25-86ce-6ea557d44131"; depth:37; endswith; nocase; http.host; content:"hzvho.shartbandifootballkade.online"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866249/; classtype:trojan-activity;sid:84729349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.239.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866247/; classtype:trojan-activity;sid:84729347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b5d03285-0a24-47e8-addd-9a9cd0a30c2a"; depth:47; endswith; nocase; http.host; content:"ym88gu70.nazariyeyadgiri.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866246/; classtype:trojan-activity;sid:84729346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.239.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866245/; classtype:trojan-activity;sid:84729345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.7.87"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866244/; classtype:trojan-activity;sid:84729344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81/img_085818.png"; depth:18; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866243/; classtype:trojan-activity;sid:84729343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vxtewp"; depth:7; endswith; nocase; http.host; content:"lemon-kutt.lemon.cchan.tv"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866241/; classtype:trojan-activity;sid:84729341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wuswb"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866242/; classtype:trojan-activity;sid:84729342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yeqafn"; depth:7; endswith; nocase; http.host; content:"cuth.me"; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866240/; classtype:trojan-activity;sid:84729340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpsexpertinsights.comdata-security-and-privacytop-secure-file-sharing-storage-services-need.php"; depth:98; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866234/; classtype:trojan-activity;sid:84729334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.digitaltrends.comcomputingai-browsers-are-here-and-you-need-to-learn-how-to-use-the-web-properly.php"; depth:110; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866235/; classtype:trojan-activity;sid:84729335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81/kingsibacktoruletheworld.hta"; depth:32; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866236/; classtype:trojan-activity;sid:84729336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/301/weneedbetterplacewithbestfeature.hta"; depth:41; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866237/; classtype:trojan-activity;sid:84729337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/301/img_044239.png"; depth:19; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866238/; classtype:trojan-activity;sid:84729338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eugfh3"; depth:7; endswith; nocase; http.host; content:"masuk.to"; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866239/; classtype:trojan-activity;sid:84729339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yhcda"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866233/; classtype:trojan-activity;sid:84729333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dopkb"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866225/; classtype:trojan-activity;sid:84729325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pijol"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866226/; classtype:trojan-activity;sid:84729326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggldg"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866227/; classtype:trojan-activity;sid:84729327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eapfp"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866228/; classtype:trojan-activity;sid:84729328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etivi"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866229/; classtype:trojan-activity;sid:84729329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkgaa"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866230/; classtype:trojan-activity;sid:84729330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kugef"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866231/; classtype:trojan-activity;sid:84729331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ulucj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866232/; classtype:trojan-activity;sid:84729332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ekkrr"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866221/; classtype:trojan-activity;sid:84729321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bvxma"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866222/; classtype:trojan-activity;sid:84729322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wixpl"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866223/; classtype:trojan-activity;sid:84729323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slive.png"; depth:10; endswith; nocase; http.host; content:"pub-ce54f1982e42425c94a1dd345decfbb9.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866224/; classtype:trojan-activity;sid:84729324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vplaqn.png"; depth:11; endswith; nocase; http.host; content:"pub-14b7818eeed2473fb453a2385620ceb9.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866220/; classtype:trojan-activity;sid:84729320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxilw"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866218/; classtype:trojan-activity;sid:84729318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vzjbj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866219/; classtype:trojan-activity;sid:84729319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vemrp"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866214/; classtype:trojan-activity;sid:84729314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ncaey"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866215/; classtype:trojan-activity;sid:84729315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vyvzu"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866216/; classtype:trojan-activity;sid:84729316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"acmgrupo.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866217/; classtype:trojan-activity;sid:84729317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6ns9-9zty-n247-ux3j/img_wp6sn7.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866207/; classtype:trojan-activity;sid:84729307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_x231jh.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866208/; classtype:trojan-activity;sid:84729308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/ugjg0s"; depth:12; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866209/; classtype:trojan-activity;sid:84729309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/egycw"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866210/; classtype:trojan-activity;sid:84729310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anwad"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866211/; classtype:trojan-activity;sid:84729311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxybf"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866212/; classtype:trojan-activity;sid:84729312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxgqj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866213/; classtype:trojan-activity;sid:84729313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nyeql"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866206/; classtype:trojan-activity;sid:84729306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhh545578-lab/asasasas/refs/heads/main/kalel123.png"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866205/; classtype:trojan-activity;sid:84729305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_id20y0.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866203/; classtype:trojan-activity;sid:84729303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jungle.png"; depth:11; endswith; nocase; http.host; content:"filesco.lovestoblog.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866204/; classtype:trojan-activity;sid:84729304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/azkztt"; depth:12; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866202/; classtype:trojan-activity;sid:84729302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/2026-06-03/f2760afb-0bc2-4ad4-9a54-c3a9079de4ff/7896789678jkljmnijnm.png"; depth:80; endswith; nocase; http.host; content:"d7.tfdl.net"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866201/; classtype:trojan-activity;sid:84729301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/common/caches/optimized.png"; depth:28; endswith; nocase; http.host; content:"kpmmg.org"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866199/; classtype:trojan-activity;sid:84729299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/2026-06-03/f2760afb-0bc2-4ad4-9a54-c3a9079de4ff/7896789678jkljmnijnm.png"; depth:80; endswith; nocase; http.host; content:"d7.tfdl.net"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866200/; classtype:trojan-activity;sid:84729300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7867ebc-0feb-4857-8a84-46f85540c05a"; depth:37; endswith; nocase; http.host; content:"bchvsotq.questionsmotor.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866198/; classtype:trojan-activity;sid:84729298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8fcd7bde-bdbc-4758-bd07-758eee56888d"; depth:37; endswith; nocase; http.host; content:"brsppaxh.psgnewsiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866197/; classtype:trojan-activity;sid:84729297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.223.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866196/; classtype:trojan-activity;sid:84729296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cb0ac5a3-510f-4f2a-877f-be287da5ff0b"; depth:47; endswith; nocase; http.host; content:"9y6ugqql.zabanenglishanari.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866195/; classtype:trojan-activity;sid:84729295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"powershell-storage.vg"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866194/; classtype:trojan-activity;sid:84729294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.27.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866193/; classtype:trojan-activity;sid:84729293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866192/; classtype:trojan-activity;sid:84729292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4414c4c6-b5b9-4919-b252-65dc2d132daf"; depth:37; endswith; nocase; http.host; content:"okuiwrsf.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866191/; classtype:trojan-activity;sid:84729291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bd92e7bb-088d-4b15-8863-4f2aa46e4dc1"; depth:37; endswith; nocase; http.host; content:"hxelbvz.moshavereravan.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866190/; classtype:trojan-activity;sid:84729290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f4cd3e5e-18c2-44b0-a114-b912960c0933"; depth:47; endswith; nocase; http.host; content:"iayeu5kp.testranandegi.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866189/; classtype:trojan-activity;sid:84729289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.214.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866188/; classtype:trojan-activity;sid:84729288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6c05a5217493f0e7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866187/; classtype:trojan-activity;sid:84729287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbba1493-fee8-491e-9841-fb8e8272ab33"; depth:37; endswith; nocase; http.host; content:"zffeyivj.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866186/; classtype:trojan-activity;sid:84729286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.94.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866185/; classtype:trojan-activity;sid:84729285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.224"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866184/; classtype:trojan-activity;sid:84729284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/kythy.exe"; depth:15; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866183/; classtype:trojan-activity;sid:84729283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/jhgkuyyg.exe"; depth:18; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866178/; classtype:trojan-activity;sid:84729278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/hnmh.exe"; depth:14; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866179/; classtype:trojan-activity;sid:84729279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/iuyuh.exe"; depth:15; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866180/; classtype:trojan-activity;sid:84729280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/hjbk.exe"; depth:14; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866181/; classtype:trojan-activity;sid:84729281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/bjbh.exe"; depth:14; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866182/; classtype:trojan-activity;sid:84729282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/werwte.exe"; depth:16; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866176/; classtype:trojan-activity;sid:84729276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/ojujn.exe"; depth:15; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866177/; classtype:trojan-activity;sid:84729277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/kliulij.exe"; depth:17; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866175/; classtype:trojan-activity;sid:84729275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/t5.exe"; depth:16; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866174/; classtype:trojan-activity;sid:84729274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/kugdq.exe"; depth:19; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866172/; classtype:trojan-activity;sid:84729272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/greatcherry.exe"; depth:25; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866173/; classtype:trojan-activity;sid:84729273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/u1.exe"; depth:16; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866170/; classtype:trojan-activity;sid:84729270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/crz.exe"; depth:17; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866171/; classtype:trojan-activity;sid:84729271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/cry.exe"; depth:17; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866168/; classtype:trojan-activity;sid:84729268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/qwe.exe"; depth:17; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866169/; classtype:trojan-activity;sid:84729269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/beb.exe"; depth:17; endswith; nocase; http.host; content:"dfgjhkllkhuuk.info"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866167/; classtype:trojan-activity;sid:84729267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/701b2e4d-52e7-430f-a821-038fd55563ec"; depth:37; endswith; nocase; http.host; content:"useeuclu.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866166/; classtype:trojan-activity;sid:84729266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc5646"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866157/; classtype:trojan-activity;sid:84729257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f77596"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866158/; classtype:trojan-activity;sid:84729258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/057349"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866159/; classtype:trojan-activity;sid:84729259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62ae5d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866160/; classtype:trojan-activity;sid:84729260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/402e0d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866161/; classtype:trojan-activity;sid:84729261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f96ad3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866162/; classtype:trojan-activity;sid:84729262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76a86d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866163/; classtype:trojan-activity;sid:84729263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dded6f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866164/; classtype:trojan-activity;sid:84729264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c57301"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866165/; classtype:trojan-activity;sid:84729265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4aa3e0"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866156/; classtype:trojan-activity;sid:84729256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbf80d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866155/; classtype:trojan-activity;sid:84729255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e78f55"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866136/; classtype:trojan-activity;sid:84729236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/893d1b"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866137/; classtype:trojan-activity;sid:84729237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/492c83"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866138/; classtype:trojan-activity;sid:84729238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/af9940"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866139/; classtype:trojan-activity;sid:84729239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1e5164"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866140/; classtype:trojan-activity;sid:84729240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bd448f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866141/; classtype:trojan-activity;sid:84729241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0b9e47"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866142/; classtype:trojan-activity;sid:84729242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5c77b8"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866143/; classtype:trojan-activity;sid:84729243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0ad76"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866144/; classtype:trojan-activity;sid:84729244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3a1cb2"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866145/; classtype:trojan-activity;sid:84729245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7d81c1"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866146/; classtype:trojan-activity;sid:84729246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e33912"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866147/; classtype:trojan-activity;sid:84729247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c8a68a"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866148/; classtype:trojan-activity;sid:84729248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ccecea"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866149/; classtype:trojan-activity;sid:84729249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea3ced"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866150/; classtype:trojan-activity;sid:84729250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad0585"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866151/; classtype:trojan-activity;sid:84729251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a09043"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866152/; classtype:trojan-activity;sid:84729252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/58f304"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866153/; classtype:trojan-activity;sid:84729253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bae5fa"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866154/; classtype:trojan-activity;sid:84729254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866129/; classtype:trojan-activity;sid:84729229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3a0e5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866130/; classtype:trojan-activity;sid:84729230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866131/; classtype:trojan-activity;sid:84729231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866132/; classtype:trojan-activity;sid:84729232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45fb47"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866133/; classtype:trojan-activity;sid:84729233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm_soft"; depth:9; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866134/; classtype:trojan-activity;sid:84729234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boss"; depth:5; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866135/; classtype:trojan-activity;sid:84729235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866114/; classtype:trojan-activity;sid:84729214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/px86"; depth:5; endswith; nocase; http.host; content:"176.100.36.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866115/; classtype:trojan-activity;sid:84729215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm_soft2"; depth:10; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866116/; classtype:trojan-activity;sid:84729216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm"; depth:5; endswith; nocase; http.host; content:"176.100.36.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866117/; classtype:trojan-activity;sid:84729217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel2"; depth:8; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866118/; classtype:trojan-activity;sid:84729218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/traffaarch"; depth:11; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866119/; classtype:trojan-activity;sid:84729219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866120/; classtype:trojan-activity;sid:84729220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm_soft3"; depth:10; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866121/; classtype:trojan-activity;sid:84729221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866122/; classtype:trojan-activity;sid:84729222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm5"; depth:6; endswith; nocase; http.host; content:"176.100.36.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866123/; classtype:trojan-activity;sid:84729223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm7"; depth:6; endswith; nocase; http.host; content:"176.100.36.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866124/; classtype:trojan-activity;sid:84729224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc2"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866125/; classtype:trojan-activity;sid:84729225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parm6"; depth:6; endswith; nocase; http.host; content:"176.100.36.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866126/; classtype:trojan-activity;sid:84729226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k2"; depth:6; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866127/; classtype:trojan-activity;sid:84729227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866128/; classtype:trojan-activity;sid:84729228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a79e1e"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866111/; classtype:trojan-activity;sid:84729211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6c85f6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866112/; classtype:trojan-activity;sid:84729212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/px86_64"; depth:8; endswith; nocase; http.host; content:"176.100.36.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866113/; classtype:trojan-activity;sid:84729213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26ad7d"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866109/; classtype:trojan-activity;sid:84729209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ade2c6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866110/; classtype:trojan-activity;sid:84729210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.188.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866108/; classtype:trojan-activity;sid:84729208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5eu2m.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866107/; classtype:trojan-activity;sid:84729207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bassetscontents/dhxdaeufkcfxdtfkhlfgckfxkfxjdzhszeffxesezdhdzsdsdhhzszsdhdxxz/gyvuder.exe"; depth:90; endswith; nocase; http.host; content:"bagsrad.work"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866105/; classtype:trojan-activity;sid:84729205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.188.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866104/; classtype:trojan-activity;sid:84729204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.249.32"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866103/; classtype:trojan-activity;sid:84729203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.198.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866100/; classtype:trojan-activity;sid:84729200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.223.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866101/; classtype:trojan-activity;sid:84729201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.73.191"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866102/; classtype:trojan-activity;sid:84729202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxsrm/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866097/; classtype:trojan-activity;sid:84729197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fmjidmb.txt"; depth:12; endswith; nocase; http.host; content:"216.250.248.162"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866098/; classtype:trojan-activity;sid:84729198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovogenetic.smi"; depth:15; endswith; nocase; http.host; content:"tu.feyhaum.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866099/; classtype:trojan-activity;sid:84729199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdtrm181.bin"; depth:13; endswith; nocase; http.host; content:"192.3.136.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866096/; classtype:trojan-activity;sid:84729196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/persona.snp"; depth:12; endswith; nocase; http.host; content:"192.3.136.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866095/; classtype:trojan-activity;sid:84729195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/displaytracing"; depth:15; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866094/; classtype:trojan-activity;sid:84729194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23e56000-c578-4482-9e4a-3eccf1e9465f"; depth:37; endswith; nocase; http.host; content:"xmyzx.shansline.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866093/; classtype:trojan-activity;sid:84729193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgkcx/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866090/; classtype:trojan-activity;sid:84729190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjjag/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866091/; classtype:trojan-activity;sid:84729191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxzkk/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866092/; classtype:trojan-activity;sid:84729192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrrtu/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866079/; classtype:trojan-activity;sid:84729179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cqehd"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866080/; classtype:trojan-activity;sid:84729180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n64y-jvb2-wt8x-cri7/img_ghgl33.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866081/; classtype:trojan-activity;sid:84729181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.bitcoin/wallet.dat/"; depth:21; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866082/; classtype:trojan-activity;sid:84729182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovrtw2c20https3a/anyioba.lovestoblog.com/"; depth:42; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866083/; classtype:trojan-activity;sid:84729183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tblpv/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866084/; classtype:trojan-activity;sid:84729184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zdpmn/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866085/; classtype:trojan-activity;sid:84729185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdeaa"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866086/; classtype:trojan-activity;sid:84729186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zpehh/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866087/; classtype:trojan-activity;sid:84729187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media:80"; depth:9; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866088/; classtype:trojan-activity;sid:84729188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovrtw/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866089/; classtype:trojan-activity;sid:84729189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obhny/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866071/; classtype:trojan-activity;sid:84729171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exixj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866072/; classtype:trojan-activity;sid:84729172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxpkj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866073/; classtype:trojan-activity;sid:84729173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tperm"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866074/; classtype:trojan-activity;sid:84729174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2019:80"; depth:27; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866075/; classtype:trojan-activity;sid:84729175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ymxmd/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866076/; classtype:trojan-activity;sid:84729176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvmru/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866077/; classtype:trojan-activity;sid:84729177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ydmdx/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866078/; classtype:trojan-activity;sid:84729178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrvnd/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866067/; classtype:trojan-activity;sid:84729167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmvaz/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866068/; classtype:trojan-activity;sid:84729168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dncrp/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866069/; classtype:trojan-activity;sid:84729169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/git:80"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866070/; classtype:trojan-activity;sid:84729170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eyifg"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866058/; classtype:trojan-activity;sid:84729158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866059/; classtype:trojan-activity;sid:84729159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uawix/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866060/; classtype:trojan-activity;sid:84729160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unmlo"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866061/; classtype:trojan-activity;sid:84729161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rmuga/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866062/; classtype:trojan-activity;sid:84729162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cajkj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866063/; classtype:trojan-activity;sid:84729163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ydbbt/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866064/; classtype:trojan-activity;sid:84729164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oslap/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866065/; classtype:trojan-activity;sid:84729165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_jp7b12.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866066/; classtype:trojan-activity;sid:84729166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/1urakt/"; depth:13; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866057/; classtype:trojan-activity;sid:84729157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/"; depth:20; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866056/; classtype:trojan-activity;sid:84729156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zacaj/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866055/; classtype:trojan-activity;sid:84729155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxdpx"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866054/; classtype:trojan-activity;sid:84729154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/govwh/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866053/; classtype:trojan-activity;sid:84729153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deikautoc.png"; depth:14; endswith; nocase; http.host; content:"pub-fb3a8d5dd3364b508bead702996a325c.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866052/; classtype:trojan-activity;sid:84729152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay.sh"; depth:7; endswith; nocase; http.host; content:"176.100.36.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866051/; classtype:trojan-activity;sid:84729151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/imgg.png"; depth:13; endswith; nocase; http.host; content:"increvalor.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866050/; classtype:trojan-activity;sid:84729150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/desej"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866048/; classtype:trojan-activity;sid:84729148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pomcp/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866049/; classtype:trojan-activity;sid:84729149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"kaza.com.hk"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866047/; classtype:trojan-activity;sid:84729147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/709f0199-d574-4004-ba16-4b25c241c5cb"; depth:37; endswith; nocase; http.host; content:"ydgnpzbc.mechanicsayalat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866046/; classtype:trojan-activity;sid:84729146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.223.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866045/; classtype:trojan-activity;sid:84729145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.198.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866044/; classtype:trojan-activity;sid:84729144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=41da8f99-7a82-4c34-961f-d77b7b44e2cc"; depth:47; endswith; nocase; http.host; content:"zmnrfyvt.vanatarsim.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866043/; classtype:trojan-activity;sid:84729143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.211.209"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866042/; classtype:trojan-activity;sid:84729142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.204.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866041/; classtype:trojan-activity;sid:84729141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.73.191"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866040/; classtype:trojan-activity;sid:84729140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb6cf4c4-cc1b-4f54-a500-6d46f41b11d6"; depth:37; endswith; nocase; http.host; content:"posnxub.mabaninazaridelavar.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866039/; classtype:trojan-activity;sid:84729139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.254.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866038/; classtype:trojan-activity;sid:84729138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.113.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866037/; classtype:trojan-activity;sid:84729137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7b20024-4a99-404a-8420-e3dc9e0f4594"; depth:37; endswith; nocase; http.host; content:"uuoecnbs.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866036/; classtype:trojan-activity;sid:84729136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.240.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866035/; classtype:trojan-activity;sid:84729135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.5.92"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866034/; classtype:trojan-activity;sid:84729134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.113.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866033/; classtype:trojan-activity;sid:84729133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.238.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866031/; classtype:trojan-activity;sid:84729131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.204.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866032/; classtype:trojan-activity;sid:84729132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866028/; classtype:trojan-activity;sid:84729128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866029/; classtype:trojan-activity;sid:84729129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866030/; classtype:trojan-activity;sid:84729130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866026/; classtype:trojan-activity;sid:84729126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866027/; classtype:trojan-activity;sid:84729127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866021/; classtype:trojan-activity;sid:84729121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866022/; classtype:trojan-activity;sid:84729122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/floyyd.sh"; depth:15; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866023/; classtype:trojan-activity;sid:84729123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866024/; classtype:trojan-activity;sid:84729124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866025/; classtype:trojan-activity;sid:84729125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866016/; classtype:trojan-activity;sid:84729116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866017/; classtype:trojan-activity;sid:84729117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866018/; classtype:trojan-activity;sid:84729118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866019/; classtype:trojan-activity;sid:84729119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"91.92.42.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866020/; classtype:trojan-activity;sid:84729120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.5.92"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866015/; classtype:trojan-activity;sid:84729115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.113.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866014/; classtype:trojan-activity;sid:84729114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.254.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866013/; classtype:trojan-activity;sid:84729113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.238.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866012/; classtype:trojan-activity;sid:84729112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/017e7c95-0403-4b73-aac4-6bc4f5530957"; depth:37; endswith; nocase; http.host; content:"xcioxhpp.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866011/; classtype:trojan-activity;sid:84729111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.99.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866010/; classtype:trojan-activity;sid:84729110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/frosty.mips"; depth:17; endswith; nocase; http.host; content:"86.54.82.179"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866008/; classtype:trojan-activity;sid:84729108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.99.31.131"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866009/; classtype:trojan-activity;sid:84729109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.95.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866006/; classtype:trojan-activity;sid:84729106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.30.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866007/; classtype:trojan-activity;sid:84729107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/superplayer.cmd"; depth:16; endswith; nocase; http.host; content:"tube-18.xyz"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866005/; classtype:trojan-activity;sid:84729105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"vid-16-07.vercel.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866001/; classtype:trojan-activity;sid:84729101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.245.204.42"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866002/; classtype:trojan-activity;sid:84729102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"policework1606.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866003/; classtype:trojan-activity;sid:84729103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"police1606real.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866004/; classtype:trojan-activity;sid:84729104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/memory_bin_dir/memory_load.mips"; depth:32; endswith; nocase; http.host; content:"31.56.39.60"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866000/; classtype:trojan-activity;sid:84729100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.36.20.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865999/; classtype:trojan-activity;sid:84729099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1aa54dbfab99756a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865991/; classtype:trojan-activity;sid:84729091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3e952b2ae3899c34.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865992/; classtype:trojan-activity;sid:84729092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ea56972b95adac82.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865993/; classtype:trojan-activity;sid:84729093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_81337d63d9d5c258.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865994/; classtype:trojan-activity;sid:84729094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e5f0e058762035a4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865995/; classtype:trojan-activity;sid:84729095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_298a62ccdd240062.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865996/; classtype:trojan-activity;sid:84729096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_20f0cbfc975b37a7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865997/; classtype:trojan-activity;sid:84729097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_feba8078a56702f7.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865998/; classtype:trojan-activity;sid:84729098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5838417cf4675a38.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865989/; classtype:trojan-activity;sid:84729089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6e653d7c095f5305.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865990/; classtype:trojan-activity;sid:84729090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865988/; classtype:trojan-activity;sid:84729088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bacup_190755.png"; depth:17; endswith; nocase; http.host; content:"94.156.152.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865987/; classtype:trojan-activity;sid:84729087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bea511af-e36d-4120-b2bb-9c681814aa8e"; depth:37; endswith; nocase; http.host; content:"wrlunpmj.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865986/; classtype:trojan-activity;sid:84729086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=30380a55-e0c8-4d7d-89e2-5364e20a7d3f"; depth:47; endswith; nocase; http.host; content:"ab950zja.testpaye.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865985/; classtype:trojan-activity;sid:84729085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d8880e94-75a3-434d-9719-0d55074a7200"; depth:37; endswith; nocase; http.host; content:"brcorni.mabaninazari.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865984/; classtype:trojan-activity;sid:84729084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865983/; classtype:trojan-activity;sid:84729083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.189.222.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865982/; classtype:trojan-activity;sid:84729082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d5ecbaca-6280-4331-bfab-91b43ba495cf"; depth:47; endswith; nocase; http.host; content:"xlyvz7lr.motuntakhasosi.store"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865981/; classtype:trojan-activity;sid:84729081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=718f69e6-23c8-47f1-aef5-281a72c0dc3b"; depth:47; endswith; nocase; http.host; content:"m7nohnc7.modiriyatnikbakht.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865980/; classtype:trojan-activity;sid:84729080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a730ed8-2e27-4c0d-aba7-93f3a2d57b74"; depth:37; endswith; nocase; http.host; content:"jfxdrqqn.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865979/; classtype:trojan-activity;sid:84729079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.1.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865978/; classtype:trojan-activity;sid:84729078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.189.222.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865977/; classtype:trojan-activity;sid:84729077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86f5272c-e2f3-438d-b180-3e10fec5cf4d"; depth:37; endswith; nocase; http.host; content:"gzipfktz.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865976/; classtype:trojan-activity;sid:84729076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30b88fcd-dc1e-4c77-a746-6a7107feded7"; depth:37; endswith; nocase; http.host; content:"vslaa.melbetkade.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865975/; classtype:trojan-activity;sid:84729075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.1.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865974/; classtype:trojan-activity;sid:84729074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.7.53"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865973/; classtype:trojan-activity;sid:84729073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.192.229.9"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865972/; classtype:trojan-activity;sid:84729072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"141.140.0.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865970/; classtype:trojan-activity;sid:84729070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"141.140.0.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865971/; classtype:trojan-activity;sid:84729071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"141.140.0.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865969/; classtype:trojan-activity;sid:84729069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"162.251.60.214"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865968/; classtype:trojan-activity;sid:84729068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"141.140.0.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865965/; classtype:trojan-activity;sid:84729065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"141.140.0.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865966/; classtype:trojan-activity;sid:84729066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"141.140.0.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865967/; classtype:trojan-activity;sid:84729067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quasar.exe"; depth:11; endswith; nocase; http.host; content:"170.168.103.160"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865964/; classtype:trojan-activity;sid:84729064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.5.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865963/; classtype:trojan-activity;sid:84729063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d135dbc-8846-4dfd-b811-5f4d61e3ab20"; depth:37; endswith; nocase; http.host; content:"jgyqxldn.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865962/; classtype:trojan-activity;sid:84729062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.140.109"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865961/; classtype:trojan-activity;sid:84729061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d87051e-41da-4d16-8997-4f55413fca44"; depth:37; endswith; nocase; http.host; content:"cztsqzd.livefootba11.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865960/; classtype:trojan-activity;sid:84729060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80e2ea8a-1ae5-4d69-ae20-0a9e47a5d808"; depth:37; endswith; nocase; http.host; content:"pjzhlamo.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865959/; classtype:trojan-activity;sid:84729059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.5.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865958/; classtype:trojan-activity;sid:84729058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d873ff52-ec2a-4584-99d4-66f7c631fa20"; depth:47; endswith; nocase; http.host; content:"t4axvjhb.riyazinikokar.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865957/; classtype:trojan-activity;sid:84729057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/782ec283-5284-4c9a-8839-1572641e74ce"; depth:37; endswith; nocase; http.host; content:"oucgpofp.karafarini.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865956/; classtype:trojan-activity;sid:84729056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865955/; classtype:trojan-activity;sid:84729055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.202.101.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865954/; classtype:trojan-activity;sid:84729054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.120.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865953/; classtype:trojan-activity;sid:84729053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865952/; classtype:trojan-activity;sid:84729052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8906e97f-033e-4732-84e4-08c485bead59"; depth:47; endswith; nocase; http.host; content:"idb05olx.testdrivepaye3.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865951/; classtype:trojan-activity;sid:84729051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.100.232"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865950/; classtype:trojan-activity;sid:84729050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.28.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865949/; classtype:trojan-activity;sid:84729049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.120.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865948/; classtype:trojan-activity;sid:84729048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d3b8bd8-7be0-4015-9eba-b4203504451f"; depth:37; endswith; nocase; http.host; content:"emjkevxm.jam-jahani.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865947/; classtype:trojan-activity;sid:84729047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntpd"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865946/; classtype:trojan-activity;sid:84729046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865945/; classtype:trojan-activity;sid:84729045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865943/; classtype:trojan-activity;sid:84729043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865944/; classtype:trojan-activity;sid:84729044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"104.251.181.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865942/; classtype:trojan-activity;sid:84729042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ee94683-d3c7-4e89-a7b4-65448d9b4401"; depth:37; endswith; nocase; http.host; content:"emuerrz.ecologyardakani.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865941/; classtype:trojan-activity;sid:84729041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.apk"; depth:20; endswith; nocase; http.host; content:"64.89.163.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865940/; classtype:trojan-activity;sid:84729040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865939/; classtype:trojan-activity;sid:84729039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865930/; classtype:trojan-activity;sid:84729030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865931/; classtype:trojan-activity;sid:84729031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865932/; classtype:trojan-activity;sid:84729032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865933/; classtype:trojan-activity;sid:84729033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865934/; classtype:trojan-activity;sid:84729034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865935/; classtype:trojan-activity;sid:84729035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865936/; classtype:trojan-activity;sid:84729036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865937/; classtype:trojan-activity;sid:84729037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865938/; classtype:trojan-activity;sid:84729038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adbpersist.arm7"; depth:16; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865929/; classtype:trojan-activity;sid:84729029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865928/; classtype:trojan-activity;sid:84729028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.apk"; depth:11; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865927/; classtype:trojan-activity;sid:84729027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865921/; classtype:trojan-activity;sid:84729021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865922/; classtype:trojan-activity;sid:84729022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865923/; classtype:trojan-activity;sid:84729023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865924/; classtype:trojan-activity;sid:84729024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865925/; classtype:trojan-activity;sid:84729025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"209.99.184.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865926/; classtype:trojan-activity;sid:84729026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.52.70"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865920/; classtype:trojan-activity;sid:84729020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865919/; classtype:trojan-activity;sid:84729019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/60d0535e-a6e0-45a9-8bb0-07d44427cfb3"; depth:37; endswith; nocase; http.host; content:"fqgadjsy.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865918/; classtype:trojan-activity;sid:84729018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865917/; classtype:trojan-activity;sid:84729017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865913/; classtype:trojan-activity;sid:84729013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865914/; classtype:trojan-activity;sid:84729014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865915/; classtype:trojan-activity;sid:84729015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865916/; classtype:trojan-activity;sid:84729016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.52.70"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865912/; classtype:trojan-activity;sid:84729012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865907/; classtype:trojan-activity;sid:84729007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865908/; classtype:trojan-activity;sid:84729008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865909/; classtype:trojan-activity;sid:84729009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865910/; classtype:trojan-activity;sid:84729010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"217.60.195.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865911/; classtype:trojan-activity;sid:84729011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865903/; classtype:trojan-activity;sid:84729003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865904/; classtype:trojan-activity;sid:84729004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barm7_x86"; depth:10; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865905/; classtype:trojan-activity;sid:84729005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barm7_mips"; depth:11; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865906/; classtype:trojan-activity;sid:84729006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barm7_sp"; depth:9; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865900/; classtype:trojan-activity;sid:84729000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barm7"; depth:6; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865901/; classtype:trojan-activity;sid:84729001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barm7_mpsl"; depth:11; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865902/; classtype:trojan-activity;sid:84729002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865899/; classtype:trojan-activity;sid:84728999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barm7.gz"; depth:9; endswith; nocase; http.host; content:"45.198.224.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865898/; classtype:trojan-activity;sid:84728998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.32.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865897/; classtype:trojan-activity;sid:84728997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.32.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865896/; classtype:trojan-activity;sid:84728996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.206.38"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865895/; classtype:trojan-activity;sid:84728995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865894/; classtype:trojan-activity;sid:84728994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865890/; classtype:trojan-activity;sid:84728990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865891/; classtype:trojan-activity;sid:84728991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865892/; classtype:trojan-activity;sid:84728992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865893/; classtype:trojan-activity;sid:84728993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865885/; classtype:trojan-activity;sid:84728985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865886/; classtype:trojan-activity;sid:84728986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865887/; classtype:trojan-activity;sid:84728987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865888/; classtype:trojan-activity;sid:84728988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865889/; classtype:trojan-activity;sid:84728989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"62.60.156.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865884/; classtype:trojan-activity;sid:84728984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kla.sh"; depth:12; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865883/; classtype:trojan-activity;sid:84728983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865876/; classtype:trojan-activity;sid:84728976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865877/; classtype:trojan-activity;sid:84728977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pppc"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865878/; classtype:trojan-activity;sid:84728978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865879/; classtype:trojan-activity;sid:84728979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865880/; classtype:trojan-activity;sid:84728980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/psh4"; depth:10; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865881/; classtype:trojan-activity;sid:84728981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865882/; classtype:trojan-activity;sid:84728982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865875/; classtype:trojan-activity;sid:84728975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"62.60.159.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865874/; classtype:trojan-activity;sid:84728974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"46.226.166.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865873/; classtype:trojan-activity;sid:84728973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3c4ed76-14cc-45ec-962f-6447ed31689d"; depth:37; endswith; nocase; http.host; content:"slceo.rocketbet.pro"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865872/; classtype:trojan-activity;sid:84728972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1421e2c3-fac9-4edb-a398-c46ccd382c19"; depth:37; endswith; nocase; http.host; content:"lkkcicvs.tasisathosseini.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865871/; classtype:trojan-activity;sid:84728971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.43.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865870/; classtype:trojan-activity;sid:84728970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=28c94613-a0b2-4b34-9ad5-d57900189d09"; depth:47; endswith; nocase; http.host; content:"xsr8ggtp.riyaziatumumi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865869/; classtype:trojan-activity;sid:84728969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.220.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865868/; classtype:trojan-activity;sid:84728968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.43.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865867/; classtype:trojan-activity;sid:84728967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.111.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865866/; classtype:trojan-activity;sid:84728966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e236dff7-a32c-46ff-9add-710a6145a6fd"; depth:37; endswith; nocase; http.host; content:"gidptxnf.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865865/; classtype:trojan-activity;sid:84728965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.78.78"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865864/; classtype:trojan-activity;sid:84728964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.78.78"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865863/; classtype:trojan-activity;sid:84728963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.151.169.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865862/; classtype:trojan-activity;sid:84728962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.220.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865861/; classtype:trojan-activity;sid:84728961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.197.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865860/; classtype:trojan-activity;sid:84728960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1449047-9b8c-4274-b5d2-afc315aaaa63"; depth:37; endswith; nocase; http.host; content:"scuxihr.downloadquran.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865859/; classtype:trojan-activity;sid:84728959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.251.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865858/; classtype:trojan-activity;sid:84728958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.197.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865857/; classtype:trojan-activity;sid:84728957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/73b2df1f-fcbf-4e2e-80e3-bd934452045e"; depth:37; endswith; nocase; http.host; content:"mbcmhapi.sazebetonarme.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865856/; classtype:trojan-activity;sid:84728956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=24486f41-0c2e-4dfd-981c-eb0fa49009d3"; depth:47; endswith; nocase; http.host; content:"ls574ky6.anodaz.tv"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865855/; classtype:trojan-activity;sid:84728955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865854/; classtype:trojan-activity;sid:84728954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e5ae42027ee57bae.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865853/; classtype:trojan-activity;sid:84728953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rsw0"; depth:5; endswith; nocase; http.host; content:"202.155.8.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865851/; classtype:trojan-activity;sid:84728951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rbw0"; depth:5; endswith; nocase; http.host; content:"202.155.8.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865852/; classtype:trojan-activity;sid:84728952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.14.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865850/; classtype:trojan-activity;sid:84728950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.65.23"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865849/; classtype:trojan-activity;sid:84728949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.252.234.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865848/; classtype:trojan-activity;sid:84728948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/04d21f7c-6bab-4629-9dce-897f574949d8"; depth:37; endswith; nocase; http.host; content:"ghcruhhs.sanjeshvaandazegiri.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865847/; classtype:trojan-activity;sid:84728947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c16e7b9b-71ba-4f77-8c6a-f87544bc30f4"; depth:47; endswith; nocase; http.host; content:"ia9opth7.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865846/; classtype:trojan-activity;sid:84728946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.14.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865845/; classtype:trojan-activity;sid:84728945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.67.216.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865844/; classtype:trojan-activity;sid:84728944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.252.234.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865843/; classtype:trojan-activity;sid:84728943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.18.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865842/; classtype:trojan-activity;sid:84728942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.140.231.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865841/; classtype:trojan-activity;sid:84728941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=881d30d3-eeb7-409e-a483-8b4152f3fe35"; depth:47; endswith; nocase; http.host; content:"b6ddznvo.reyhanebeheshti.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865840/; classtype:trojan-activity;sid:84728940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4bb7cd20-4326-4642-b37c-86b2de8bcb1a"; depth:37; endswith; nocase; http.host; content:"trzyilzj.sanjeshravani.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865839/; classtype:trojan-activity;sid:84728939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"186.67.216.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865838/; classtype:trojan-activity;sid:84728938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.20.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865837/; classtype:trojan-activity;sid:84728937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.151.169.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865836/; classtype:trojan-activity;sid:84728936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.140.231.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865835/; classtype:trojan-activity;sid:84728935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea1d6d5b-993a-45d3-a133-ea71d8beef3e"; depth:37; endswith; nocase; http.host; content:"xvjjvja.differentialmamuli.store"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865834/; classtype:trojan-activity;sid:84728934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865833/; classtype:trojan-activity;sid:84728933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da0e361c-8930-4bad-961f-c0b430fc28e4"; depth:37; endswith; nocase; http.host; content:"bmsmzuxa.sakhtemandade.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865832/; classtype:trojan-activity;sid:84728932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1c0afc1-a3b4-493b-8ac4-4239e0fe996c"; depth:37; endswith; nocase; http.host; content:"pqjqu.shansbartar.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865831/; classtype:trojan-activity;sid:84728931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_272a328ef7c4afe3.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865830/; classtype:trojan-activity;sid:84728930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.18.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865829/; classtype:trojan-activity;sid:84728929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.233.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865827/; classtype:trojan-activity;sid:84728927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.75.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865828/; classtype:trojan-activity;sid:84728928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_93aa7618a8e9169e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865826/; classtype:trojan-activity;sid:84728926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9139d630-78db-4224-bb67-aed2adc41375"; depth:37; endswith; nocase; http.host; content:"lueplxze.sadreislam.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865825/; classtype:trojan-activity;sid:84728925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.20.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865824/; classtype:trojan-activity;sid:84728924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.20.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865823/; classtype:trojan-activity;sid:84728923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.181.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865822/; classtype:trojan-activity;sid:84728922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.66.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865821/; classtype:trojan-activity;sid:84728921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865820/; classtype:trojan-activity;sid:84728920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5160bce5-7a5d-4aa7-8b55-edd663674ba9"; depth:37; endswith; nocase; http.host; content:"jwzyamqu.questionsmotor.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865819/; classtype:trojan-activity;sid:84728919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.181.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865818/; classtype:trojan-activity;sid:84728918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.95.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865817/; classtype:trojan-activity;sid:84728917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=16c403df-ee33-4931-b155-78217da1b47e"; depth:47; endswith; nocase; http.host; content:"zqxhkfn1.mohasebatadadi.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865816/; classtype:trojan-activity;sid:84728916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8b1959a2-b037-4683-a826-3cafda615f12"; depth:37; endswith; nocase; http.host; content:"eoubkysl.psgnewsiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865814/; classtype:trojan-activity;sid:84728914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8cb2d0c4-8217-4bff-8d7f-5e21562371ec"; depth:37; endswith; nocase; http.host; content:"opvqf.differentialkerayechiyan.store"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865815/; classtype:trojan-activity;sid:84728915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.84.241"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865813/; classtype:trojan-activity;sid:84728913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.87.204"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865812/; classtype:trojan-activity;sid:84728912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.95.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865811/; classtype:trojan-activity;sid:84728911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.172.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865810/; classtype:trojan-activity;sid:84728910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.172.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865809/; classtype:trojan-activity;sid:84728909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7852450268/qztruwz.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865808/; classtype:trojan-activity;sid:84728908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.250"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865807/; classtype:trojan-activity;sid:84728907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b7046ea7-b88e-4c4a-a54b-ccc39c3372f7"; depth:47; endswith; nocase; http.host; content:"mof95byi.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865806/; classtype:trojan-activity;sid:84728906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65a91675-f652-4d7f-8943-4974fa980b0f"; depth:37; endswith; nocase; http.host; content:"poxcezrq.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865805/; classtype:trojan-activity;sid:84728905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.87.204"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865804/; classtype:trojan-activity;sid:84728904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e7a3201-ffec-4dce-8b20-65f7fdb239b2"; depth:37; endswith; nocase; http.host; content:"nebxkrhy.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865803/; classtype:trojan-activity;sid:84728903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865802/; classtype:trojan-activity;sid:84728902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.103.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865801/; classtype:trojan-activity;sid:84728901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865800/; classtype:trojan-activity;sid:84728900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0321fdcd-8312-4219-99b1-4bc6bfcf9164"; depth:37; endswith; nocase; http.host; content:"cpysndcd.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865799/; classtype:trojan-activity;sid:84728899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.33.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865798/; classtype:trojan-activity;sid:84728898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yui/wtmp1"; depth:10; endswith; nocase; http.host; content:"95.214.53.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865797/; classtype:trojan-activity;sid:84728897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865796/; classtype:trojan-activity;sid:84728896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/img_045800.png"; depth:18; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865795/; classtype:trojan-activity;sid:84728895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90/givenrestthignsaregoodformebest.hta"; depth:39; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865794/; classtype:trojan-activity;sid:84728894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.gartner.comennewsroompress-releases2025-05-13-gartner-identifies-top-trends-shaping-the-future-of-cloud.php"; depth:117; endswith; nocase; http.host; content:"66.63.170.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865793/; classtype:trojan-activity;sid:84728893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/775007a3-5703-46ae-bcd6-68f8ebc0f2f2"; depth:37; endswith; nocase; http.host; content:"niowimq.shansline.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865792/; classtype:trojan-activity;sid:84728892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec53b7c4-4b0f-4b43-b6f2-ff9d5d17c6fc"; depth:37; endswith; nocase; http.host; content:"zvday.defamogadas.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865791/; classtype:trojan-activity;sid:84728891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.42.11.67"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865790/; classtype:trojan-activity;sid:84728890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/112bd0e1-f743-47b3-8b36-0b7b2c0c2410"; depth:37; endswith; nocase; http.host; content:"hxfvuhay.mechanicsayalat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865789/; classtype:trojan-activity;sid:84728889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.42.130.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865787/; classtype:trojan-activity;sid:84728887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.146.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865788/; classtype:trojan-activity;sid:84728888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a3e71569-2d9c-4933-a167-87b0ced7e399"; depth:47; endswith; nocase; http.host; content:"ro68mi4f.hesabdari2.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865786/; classtype:trojan-activity;sid:84728886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.100.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865785/; classtype:trojan-activity;sid:84728885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3a7857ad-893b-421f-a98a-4d2c7abc2c7e"; depth:47; endswith; nocase; http.host; content:"w7nr7blr.mohandesitraffic.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865784/; classtype:trojan-activity;sid:84728884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.33.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865783/; classtype:trojan-activity;sid:84728883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.42.130.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865782/; classtype:trojan-activity;sid:84728882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865781/; classtype:trojan-activity;sid:84728881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6dd71a0b-77ae-45c3-94e6-1d9e3f7e6376"; depth:37; endswith; nocase; http.host; content:"llmpgrax.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865780/; classtype:trojan-activity;sid:84728880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.180.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865779/; classtype:trojan-activity;sid:84728879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.68.242"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865778/; classtype:trojan-activity;sid:84728878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crypted_build.exe"; depth:18; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865777/; classtype:trojan-activity;sid:84728877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.229.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865776/; classtype:trojan-activity;sid:84728876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865775/; classtype:trojan-activity;sid:84728875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5858b5b4-61e6-4bf4-a4b6-7de0d782e6f3"; depth:37; endswith; nocase; http.host; content:"moqlgtez.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865774/; classtype:trojan-activity;sid:84728874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.48.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865773/; classtype:trojan-activity;sid:84728873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.48.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865772/; classtype:trojan-activity;sid:84728872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.55.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865771/; classtype:trojan-activity;sid:84728871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/199b2997-34db-4ece-b589-e514b6ef0f0f"; depth:37; endswith; nocase; http.host; content:"hwott.darsnamejame.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865770/; classtype:trojan-activity;sid:84728870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/972eb227-6bff-41ff-b30f-28ca8bf45083"; depth:37; endswith; nocase; http.host; content:"spnzuoez.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865769/; classtype:trojan-activity;sid:84728869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.150.202"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865768/; classtype:trojan-activity;sid:84728868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5683a175-17eb-4c47-8094-c67d5b34861b"; depth:47; endswith; nocase; http.host; content:"03mnh00l.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865767/; classtype:trojan-activity;sid:84728867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865766/; classtype:trojan-activity;sid:84728866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865765/; classtype:trojan-activity;sid:84728865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.165.244"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865764/; classtype:trojan-activity;sid:84728864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.181.15"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865763/; classtype:trojan-activity;sid:84728863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.199.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865762/; classtype:trojan-activity;sid:84728862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c74d3cd-53bd-40ea-9d79-055b55acf633"; depth:37; endswith; nocase; http.host; content:"oyqqqexh.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865761/; classtype:trojan-activity;sid:84728861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=596a9e65-c881-430a-9f38-66ef64e5b90a"; depth:47; endswith; nocase; http.host; content:"rb907ecj.modiriyatnikbakht.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865760/; classtype:trojan-activity;sid:84728860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.99.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865759/; classtype:trojan-activity;sid:84728859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.251.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865758/; classtype:trojan-activity;sid:84728858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.181.15"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865757/; classtype:trojan-activity;sid:84728857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05636f68-41b9-4b31-a0c4-5085db658f4f"; depth:37; endswith; nocase; http.host; content:"mvipnisr.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865756/; classtype:trojan-activity;sid:84728856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.92.220"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865755/; classtype:trojan-activity;sid:84728855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.156.186"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865754/; classtype:trojan-activity;sid:84728854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24902507-7b12-4819-ad2e-8ee2cf66941f"; depth:37; endswith; nocase; http.host; content:"ojrxidv.shartbandifootballkade.online"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865753/; classtype:trojan-activity;sid:84728853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.251.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865752/; classtype:trojan-activity;sid:84728852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.3.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865751/; classtype:trojan-activity;sid:84728851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.109.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865750/; classtype:trojan-activity;sid:84728850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865749/; classtype:trojan-activity;sid:84728849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.3.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865748/; classtype:trojan-activity;sid:84728848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0b0cf4d6-8549-4a6b-9e8c-e846e616c36e"; depth:37; endswith; nocase; http.host; content:"bqtnx.danestanihavarzeshi.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865747/; classtype:trojan-activity;sid:84728847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea076450-4cbc-4cd0-917d-39b190ea2fdb"; depth:37; endswith; nocase; http.host; content:"zvwkvpww.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865746/; classtype:trojan-activity;sid:84728846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.111.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865745/; classtype:trojan-activity;sid:84728845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eac594"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865744/; classtype:trojan-activity;sid:84728844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ac03c5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865740/; classtype:trojan-activity;sid:84728840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca382f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865741/; classtype:trojan-activity;sid:84728841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8636e6"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865742/; classtype:trojan-activity;sid:84728842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb2c1f"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865743/; classtype:trojan-activity;sid:84728843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f0ed5"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865735/; classtype:trojan-activity;sid:84728835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aba2dd"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865736/; classtype:trojan-activity;sid:84728836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a802ee"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865737/; classtype:trojan-activity;sid:84728837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2fb9dc"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865738/; classtype:trojan-activity;sid:84728838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/44a752"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865739/; classtype:trojan-activity;sid:84728839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b30ea3"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865733/; classtype:trojan-activity;sid:84728833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d0e001"; depth:7; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865734/; classtype:trojan-activity;sid:84728834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.17.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865732/; classtype:trojan-activity;sid:84728832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.159.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865731/; classtype:trojan-activity;sid:84728831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.165.244"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865730/; classtype:trojan-activity;sid:84728830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.17.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865729/; classtype:trojan-activity;sid:84728829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.109.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865728/; classtype:trojan-activity;sid:84728828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.111.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865727/; classtype:trojan-activity;sid:84728827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/130d5a84-ddc1-4366-9519-eb0ed56d78c2"; depth:37; endswith; nocase; http.host; content:"fvnxmnaz.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865726/; classtype:trojan-activity;sid:84728826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865725/; classtype:trojan-activity;sid:84728825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865722/; classtype:trojan-activity;sid:84728822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865723/; classtype:trojan-activity;sid:84728823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865724/; classtype:trojan-activity;sid:84728824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check.sh"; depth:9; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865719/; classtype:trojan-activity;sid:84728819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865720/; classtype:trojan-activity;sid:84728820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865721/; classtype:trojan-activity;sid:84728821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syst3md"; depth:8; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865717/; classtype:trojan-activity;sid:84728817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"94.26.106.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865718/; classtype:trojan-activity;sid:84728818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865708/; classtype:trojan-activity;sid:84728808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865709/; classtype:trojan-activity;sid:84728809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865710/; classtype:trojan-activity;sid:84728810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865711/; classtype:trojan-activity;sid:84728811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865712/; classtype:trojan-activity;sid:84728812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check1.sh"; depth:10; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865713/; classtype:trojan-activity;sid:84728813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865714/; classtype:trojan-activity;sid:84728814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/checkmacos.sh"; depth:14; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865715/; classtype:trojan-activity;sid:84728815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865716/; classtype:trojan-activity;sid:84728816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/log"; depth:4; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865707/; classtype:trojan-activity;sid:84728807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865697/; classtype:trojan-activity;sid:84728797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865698/; classtype:trojan-activity;sid:84728798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/error84"; depth:8; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865699/; classtype:trojan-activity;sid:84728799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865700/; classtype:trojan-activity;sid:84728800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865701/; classtype:trojan-activity;sid:84728801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.i686"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865702/; classtype:trojan-activity;sid:84728802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865703/; classtype:trojan-activity;sid:84728803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865704/; classtype:trojan-activity;sid:84728804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865705/; classtype:trojan-activity;sid:84728805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865706/; classtype:trojan-activity;sid:84728806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auto"; depth:5; endswith; nocase; http.host; content:"94.26.106.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865696/; classtype:trojan-activity;sid:84728796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_i686"; depth:10; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865693/; classtype:trojan-activity;sid:84728793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865694/; classtype:trojan-activity;sid:84728794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"192.109.200.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865695/; classtype:trojan-activity;sid:84728795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865692/; classtype:trojan-activity;sid:84728792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.94.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865691/; classtype:trojan-activity;sid:84728791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.253.140"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865690/; classtype:trojan-activity;sid:84728790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865689/; classtype:trojan-activity;sid:84728789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.82.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865688/; classtype:trojan-activity;sid:84728788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1b34a5e0-51af-48de-b806-3a7bf499e14a"; depth:47; endswith; nocase; http.host; content:"r2ozzh0s.modiriyatbehrangi.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865687/; classtype:trojan-activity;sid:84728787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865686/; classtype:trojan-activity;sid:84728786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.174.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865685/; classtype:trojan-activity;sid:84728785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1c1ecdd3b3271647.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865684/; classtype:trojan-activity;sid:84728784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865683/; classtype:trojan-activity;sid:84728783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865679/; classtype:trojan-activity;sid:84728779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink.sh"; depth:10; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865680/; classtype:trojan-activity;sid:84728780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips2"; depth:6; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865681/; classtype:trojan-activity;sid:84728781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865682/; classtype:trojan-activity;sid:84728782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3050b5b0-7397-469f-99b0-17e975d7821a"; depth:37; endswith; nocase; http.host; content:"gzljyxqt.jam-jahani.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865678/; classtype:trojan-activity;sid:84728778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865677/; classtype:trojan-activity;sid:84728777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.174.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865676/; classtype:trojan-activity;sid:84728776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f0cc3964-ca1b-4923-9b02-ca8a996c38ef"; depth:47; endswith; nocase; http.host; content:"v8il4b7i.megaparikade.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865675/; classtype:trojan-activity;sid:84728775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865674/; classtype:trojan-activity;sid:84728774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.188.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865673/; classtype:trojan-activity;sid:84728773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.30.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865672/; classtype:trojan-activity;sid:84728772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.68.242"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865671/; classtype:trojan-activity;sid:84728771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865669/; classtype:trojan-activity;sid:84728769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giga.sh"; depth:8; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865670/; classtype:trojan-activity;sid:84728770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865665/; classtype:trojan-activity;sid:84728765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865666/; classtype:trojan-activity;sid:84728766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865667/; classtype:trojan-activity;sid:84728767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"217.60.195.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865668/; classtype:trojan-activity;sid:84728768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.202.28.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865664/; classtype:trojan-activity;sid:84728764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1239b7b-f498-489f-8cb1-5e59cb73b97e"; depth:37; endswith; nocase; http.host; content:"xupga.daneshkhanevade.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865663/; classtype:trojan-activity;sid:84728763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6aeb3b92-1c8f-47cf-a06f-0dcd8a3ee4fa"; depth:37; endswith; nocase; http.host; content:"olttywek.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865662/; classtype:trojan-activity;sid:84728762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ebf243bc-c2a1-42c7-91cc-858466a1b7f9"; depth:47; endswith; nocase; http.host; content:"vn3oxoji.readthisintro.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865661/; classtype:trojan-activity;sid:84728761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.168.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865660/; classtype:trojan-activity;sid:84728760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2727.exe"; depth:9; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865659/; classtype:trojan-activity;sid:84728759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865658/; classtype:trojan-activity;sid:84728758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j0yh-keux-j9id-2i7m/img_g0awhq.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865657/; classtype:trojan-activity;sid:84728757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ydbbt"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865656/; classtype:trojan-activity;sid:84728756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.38.222.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865655/; classtype:trojan-activity;sid:84728755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.11.74.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865654/; classtype:trojan-activity;sid:84728754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.57.31.47"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865652/; classtype:trojan-activity;sid:84728752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/csic_resolucion_2026.iso"; depth:25; endswith; nocase; http.host; content:"csic-gob-es.netlify.app"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865653/; classtype:trojan-activity;sid:84728753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.87.254"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865651/; classtype:trojan-activity;sid:84728751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.246.97.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865650/; classtype:trojan-activity;sid:84728750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.147.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865649/; classtype:trojan-activity;sid:84728749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb025328-390c-4526-b012-e87f234003c7"; depth:37; endswith; nocase; http.host; content:"uaxjdnjn.tarikhravannovin.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865648/; classtype:trojan-activity;sid:84728748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b5bfb97-ed26-4f7e-af8a-6bdba045405f"; depth:37; endswith; nocase; http.host; content:"anxjzoez.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865647/; classtype:trojan-activity;sid:84728747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.10.132.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865646/; classtype:trojan-activity;sid:84728746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.80.239.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865645/; classtype:trojan-activity;sid:84728745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"23.92.130.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865644/; classtype:trojan-activity;sid:84728744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.87.254"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865643/; classtype:trojan-activity;sid:84728743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865642/; classtype:trojan-activity;sid:84728742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ec13303-f558-4347-9375-8e01aea8e332"; depth:37; endswith; nocase; http.host; content:"vwdpxdo.shartmag.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865641/; classtype:trojan-activity;sid:84728741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.223.140.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865640/; classtype:trojan-activity;sid:84728740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.147.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865639/; classtype:trojan-activity;sid:84728739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_aed6ea95133acdd2.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865638/; classtype:trojan-activity;sid:84728738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.65.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865637/; classtype:trojan-activity;sid:84728737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.80.239.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865636/; classtype:trojan-activity;sid:84728736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7e4daaae-e247-4ab2-b275-bbf6754737d8"; depth:37; endswith; nocase; http.host; content:"wlqmmlhp.sazebetonarme.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865635/; classtype:trojan-activity;sid:84728735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.52.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865634/; classtype:trojan-activity;sid:84728734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2eadd596-2f96-4901-a064-a1425d678beb"; depth:47; endswith; nocase; http.host; content:"vue0sabv.vanatarsim.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865633/; classtype:trojan-activity;sid:84728733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.31.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865632/; classtype:trojan-activity;sid:84728732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.52.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865631/; classtype:trojan-activity;sid:84728731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.246.97.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865630/; classtype:trojan-activity;sid:84728730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.14.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865629/; classtype:trojan-activity;sid:84728729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e6b90f30-596d-461e-9392-eb4c8ece8a1e"; depth:47; endswith; nocase; http.host; content:"3hjfke61.usoleamoozesh.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865628/; classtype:trojan-activity;sid:84728728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/385fed85-99a7-48c6-acd2-73f6c92c60ae"; depth:37; endswith; nocase; http.host; content:"pgfor.bookdrive.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865627/; classtype:trojan-activity;sid:84728727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f22f8de-61de-421c-8bb2-2567f1bb2278"; depth:37; endswith; nocase; http.host; content:"bzdujmed.sazebetonarme.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865626/; classtype:trojan-activity;sid:84728726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aes.js"; depth:7; endswith; nocase; http.host; content:"atom.freehosting.dev"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865625/; classtype:trojan-activity;sid:84728725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/payload.txt"; depth:20; endswith; nocase; http.host; content:"inini.kesug.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865623/; classtype:trojan-activity;sid:84728723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mort.php"; depth:9; endswith; nocase; http.host; content:"atom.freehosting.dev"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865624/; classtype:trojan-activity;sid:84728724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryo.txt"; depth:8; endswith; nocase; http.host; content:"ryo.gamer.free"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865622/; classtype:trojan-activity;sid:84728722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aes.js"; depth:7; endswith; nocase; http.host; content:"ryo.gamer.free"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865621/; classtype:trojan-activity;sid:84728721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mort.php"; depth:9; endswith; nocase; http.host; content:"ryo.gamer.free"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865620/; classtype:trojan-activity;sid:84728720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.198.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865619/; classtype:trojan-activity;sid:84728719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/188/verygoodprojectwithbestpersonforme.hta"; depth:43; endswith; nocase; http.host; content:"185.239.237.95"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865618/; classtype:trojan-activity;sid:84728718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123/weneedbestdevilsystemforbettertogetback.js"; depth:47; endswith; nocase; http.host; content:"172.245.195.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865617/; classtype:trojan-activity;sid:84728717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123/dc/bestwishesfromthebetterplacescomingforme.hta"; depth:52; endswith; nocase; http.host; content:"172.245.195.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865616/; classtype:trojan-activity;sid:84728716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_20260125201218.txt"; depth:27; endswith; nocase; http.host; content:"ohii.42web.io"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865615/; classtype:trojan-activity;sid:84728715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_20260119201656.txt"; depth:27; endswith; nocase; http.host; content:"ohii.42web.io"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865614/; classtype:trojan-activity;sid:84728714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_20260121203056.txt"; depth:27; endswith; nocase; http.host; content:"ohii.42web.io"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865613/; classtype:trojan-activity;sid:84728713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_20260121231222.txt"; depth:27; endswith; nocase; http.host; content:"ohii.42web.io"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865612/; classtype:trojan-activity;sid:84728712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_20260121203031.txt"; depth:27; endswith; nocase; http.host; content:"ohii.42web.io"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865607/; classtype:trojan-activity;sid:84728707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_20260119201625.txt"; depth:27; endswith; nocase; http.host; content:"ohii.42web.io"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865608/; classtype:trojan-activity;sid:84728708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arquivo_20260120171855.txt"; depth:27; endswith; nocase; http.host; content:"ohii.42web.io"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865609/; classtype:trojan-activity;sid:84728709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/ce/givemebestthingsforbetterplaceigiven.hta"; depth:47; endswith; nocase; http.host; content:"192.227.135.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865610/; classtype:trojan-activity;sid:84728710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/bestangelkindsbreakbackmebestformebetter.js"; depth:47; endswith; nocase; http.host; content:"192.227.135.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865611/; classtype:trojan-activity;sid:84728711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aes.js"; depth:7; endswith; nocase; http.host; content:"uni.site.je"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865606/; classtype:trojan-activity;sid:84728706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mort.php"; depth:9; endswith; nocase; http.host; content:"uni.site.je"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865605/; classtype:trojan-activity;sid:84728705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.88.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865604/; classtype:trojan-activity;sid:84728704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"96.44.167.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865603/; classtype:trojan-activity;sid:84728703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img_000258.png"; depth:19; endswith; nocase; http.host; content:"144.172.100.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865602/; classtype:trojan-activity;sid:84728702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/158/img_202926.png"; depth:19; endswith; nocase; http.host; content:"23.95.103.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865598/; classtype:trojan-activity;sid:84728698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/160/img_205651.png"; depth:19; endswith; nocase; http.host; content:"172.245.209.169"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865599/; classtype:trojan-activity;sid:84728699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/92/img_054420.png"; depth:18; endswith; nocase; http.host; content:"209.54.103.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865600/; classtype:trojan-activity;sid:84728700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45/img_211613.png"; depth:18; endswith; nocase; http.host; content:"192.3.140.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865601/; classtype:trojan-activity;sid:84728701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img_194403.png"; depth:19; endswith; nocase; http.host; content:"82.223.139.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865597/; classtype:trojan-activity;sid:84728697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/222/mastermindworkingforbestskilldevelopments.hta"; depth:50; endswith; nocase; http.host; content:"82.223.139.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865591/; classtype:trojan-activity;sid:84728691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30/verygreatchanceforbetterperformancecomingtoa.hta"; depth:52; endswith; nocase; http.host; content:"144.172.100.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865592/; classtype:trojan-activity;sid:84728692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/158/goodtingswithbeststylingevermadefor.hta"; depth:44; endswith; nocase; http.host; content:"23.95.103.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865593/; classtype:trojan-activity;sid:84728693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45/greatthingsfromthebestfeeelingscomingthrough.hta"; depth:52; endswith; nocase; http.host; content:"192.3.140.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865594/; classtype:trojan-activity;sid:84728694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/160/goodpeoplesaroundonmewhobestfor.hta"; depth:40; endswith; nocase; http.host; content:"172.245.209.169"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865595/; classtype:trojan-activity;sid:84728695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/92/wegivebestchoiceformebetterwaysgoodforme.hta"; depth:48; endswith; nocase; http.host; content:"209.54.103.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865596/; classtype:trojan-activity;sid:84728696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.88.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865590/; classtype:trojan-activity;sid:84728690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.198.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865589/; classtype:trojan-activity;sid:84728689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bost.php"; depth:9; endswith; nocase; http.host; content:"oamorprevalece.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865588/; classtype:trojan-activity;sid:84728688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.122.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865587/; classtype:trojan-activity;sid:84728687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/48c3b267-7aad-47d7-ac1c-caefafa092c3"; depth:37; endswith; nocase; http.host; content:"oisapmtg.sanjeshvaandazegiri.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865586/; classtype:trojan-activity;sid:84728686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/homeplus/rmmclient.zip"; depth:23; endswith; nocase; http.host; content:"11032026sver.blob.core.windows.net"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865585/; classtype:trojan-activity;sid:84728685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865584/; classtype:trojan-activity;sid:84728684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.201.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865583/; classtype:trojan-activity;sid:84728683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865582/; classtype:trojan-activity;sid:84728682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.122.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865581/; classtype:trojan-activity;sid:84728681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/54cc503e-1015-4e29-b3ce-a7f4325c6a3e"; depth:37; endswith; nocase; http.host; content:"vodzlbpi.sanjeshravani.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865580/; classtype:trojan-activity;sid:84728680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865578/; classtype:trojan-activity;sid:84728678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865579/; classtype:trojan-activity;sid:84728679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865577/; classtype:trojan-activity;sid:84728677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865576/; classtype:trojan-activity;sid:84728676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865573/; classtype:trojan-activity;sid:84728673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc_eb"; depth:7; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865574/; classtype:trojan-activity;sid:84728674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865575/; classtype:trojan-activity;sid:84728675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865571/; classtype:trojan-activity;sid:84728671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865572/; classtype:trojan-activity;sid:84728672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865568/; classtype:trojan-activity;sid:84728668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865569/; classtype:trojan-activity;sid:84728669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"dnsduc1k.duckdns.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865570/; classtype:trojan-activity;sid:84728670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865565/; classtype:trojan-activity;sid:84728665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865566/; classtype:trojan-activity;sid:84728666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865567/; classtype:trojan-activity;sid:84728667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865561/; classtype:trojan-activity;sid:84728661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865562/; classtype:trojan-activity;sid:84728662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865563/; classtype:trojan-activity;sid:84728663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865564/; classtype:trojan-activity;sid:84728664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tracesphere"; depth:12; endswith; nocase; http.host; content:"hitechbars.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865560/; classtype:trojan-activity;sid:84728660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/store/details/apps/app-id%3f=live.chat.android/"; depth:48; endswith; nocase; http.host; content:"freeapphub.tech"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865559/; classtype:trojan-activity;sid:84728659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img_192010.png"; depth:19; endswith; nocase; http.host; content:"144.172.100.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865558/; classtype:trojan-activity;sid:84728658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865557/; classtype:trojan-activity;sid:84728657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865556/; classtype:trojan-activity;sid:84728656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865552/; classtype:trojan-activity;sid:84728652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865553/; classtype:trojan-activity;sid:84728653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865554/; classtype:trojan-activity;sid:84728654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865555/; classtype:trojan-activity;sid:84728655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/painbins.sh"; depth:12; endswith; nocase; http.host; content:"christophercheung.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865551/; classtype:trojan-activity;sid:84728651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.53.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865550/; classtype:trojan-activity;sid:84728650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demobilis.qxd"; depth:14; endswith; nocase; http.host; content:"s-medicus.si"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865548/; classtype:trojan-activity;sid:84728648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwkkpyxidpluydrzcfiy215.bin"; depth:28; endswith; nocase; http.host; content:"s-medicus.si"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865549/; classtype:trojan-activity;sid:84728649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.55.114.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865547/; classtype:trojan-activity;sid:84728647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/painbins.sh"; depth:12; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865539/; classtype:trojan-activity;sid:84728639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865540/; classtype:trojan-activity;sid:84728640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865541/; classtype:trojan-activity;sid:84728641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865542/; classtype:trojan-activity;sid:84728642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865543/; classtype:trojan-activity;sid:84728643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc-440fp"; depth:14; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865544/; classtype:trojan-activity;sid:84728644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865545/; classtype:trojan-activity;sid:84728645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865546/; classtype:trojan-activity;sid:84728646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l458qw.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865538/; classtype:trojan-activity;sid:84728638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865537/; classtype:trojan-activity;sid:84728637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865530/; classtype:trojan-activity;sid:84728630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865531/; classtype:trojan-activity;sid:84728631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865532/; classtype:trojan-activity;sid:84728632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865533/; classtype:trojan-activity;sid:84728633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865534/; classtype:trojan-activity;sid:84728634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865535/; classtype:trojan-activity;sid:84728635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"89.33.192.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865536/; classtype:trojan-activity;sid:84728636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50dd4b25-5ef5-4369-9b29-3d1834ed2528"; depth:37; endswith; nocase; http.host; content:"mxmzjcfl.sakhtemandade.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865529/; classtype:trojan-activity;sid:84728629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865528/; classtype:trojan-activity;sid:84728628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=53550459-f8d6-4b71-9d7e-707e380e1080"; depth:47; endswith; nocase; http.host; content:"247x0t94.vajename.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865527/; classtype:trojan-activity;sid:84728627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0cb7604-5541-4381-b3a1-8c0e45f41f8c"; depth:37; endswith; nocase; http.host; content:"kxgzi.barnamenevisi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865526/; classtype:trojan-activity;sid:84728626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865525/; classtype:trojan-activity;sid:84728625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865524/; classtype:trojan-activity;sid:84728624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.237.45"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865523/; classtype:trojan-activity;sid:84728623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.130.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865522/; classtype:trojan-activity;sid:84728622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/318ee567-fca7-4260-a70b-18d35b6301b3"; depth:37; endswith; nocase; http.host; content:"trwqprv.shartmag.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865521/; classtype:trojan-activity;sid:84728621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.79.160.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865520/; classtype:trojan-activity;sid:84728620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8ed8c90-1451-4ea4-830b-22deb6af25bf"; depth:37; endswith; nocase; http.host; content:"zgdpxwcq.sadreislam.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865519/; classtype:trojan-activity;sid:84728619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.233.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865518/; classtype:trojan-activity;sid:84728618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.225.189.31"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865517/; classtype:trojan-activity;sid:84728617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865514/; classtype:trojan-activity;sid:84728614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc_eb"; depth:7; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865515/; classtype:trojan-activity;sid:84728615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865516/; classtype:trojan-activity;sid:84728616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865513/; classtype:trojan-activity;sid:84728613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865512/; classtype:trojan-activity;sid:84728612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.18.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865511/; classtype:trojan-activity;sid:84728611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865506/; classtype:trojan-activity;sid:84728606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865507/; classtype:trojan-activity;sid:84728607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865508/; classtype:trojan-activity;sid:84728608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865509/; classtype:trojan-activity;sid:84728609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865510/; classtype:trojan-activity;sid:84728610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865505/; classtype:trojan-activity;sid:84728605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.39.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865504/; classtype:trojan-activity;sid:84728604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.15.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865503/; classtype:trojan-activity;sid:84728603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865502/; classtype:trojan-activity;sid:84728602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.130.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865501/; classtype:trojan-activity;sid:84728601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865500/; classtype:trojan-activity;sid:84728600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.237.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865499/; classtype:trojan-activity;sid:84728599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.237.45"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865498/; classtype:trojan-activity;sid:84728598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.39.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865497/; classtype:trojan-activity;sid:84728597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.106.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865496/; classtype:trojan-activity;sid:84728596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.225.189.31"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865495/; classtype:trojan-activity;sid:84728595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.190.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865494/; classtype:trojan-activity;sid:84728594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6eb0bf85-222e-4464-89eb-488b829e0b31"; depth:37; endswith; nocase; http.host; content:"jyheezbl.questionsmotor.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865493/; classtype:trojan-activity;sid:84728593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.190.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865492/; classtype:trojan-activity;sid:84728592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"104.251.180.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865491/; classtype:trojan-activity;sid:84728591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"23.172.112.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865489/; classtype:trojan-activity;sid:84728589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"23.172.112.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865490/; classtype:trojan-activity;sid:84728590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"104.251.180.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865488/; classtype:trojan-activity;sid:84728588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"104.251.180.176"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865487/; classtype:trojan-activity;sid:84728587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.252.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865486/; classtype:trojan-activity;sid:84728586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=45e4c940-0c1d-402d-8842-219679c54bbc"; depth:47; endswith; nocase; http.host; content:"ofe3x2gn.tractor11.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865485/; classtype:trojan-activity;sid:84728585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.18.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865484/; classtype:trojan-activity;sid:84728584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.178.234.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865483/; classtype:trojan-activity;sid:84728583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.99.249.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865482/; classtype:trojan-activity;sid:84728582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dfdfe7b0-e47b-4c8a-aee4-1a7903e88a85"; depth:37; endswith; nocase; http.host; content:"xoqlqpdb.psgnewsiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865481/; classtype:trojan-activity;sid:84728581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865480/; classtype:trojan-activity;sid:84728580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.184.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865479/; classtype:trojan-activity;sid:84728579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.223.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865478/; classtype:trojan-activity;sid:84728578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.233.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865477/; classtype:trojan-activity;sid:84728577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26f9cf78-585c-4738-b063-61e73d0ff2aa"; depth:37; endswith; nocase; http.host; content:"cnuwz.bankefile.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865476/; classtype:trojan-activity;sid:84728576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.238.22.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865475/; classtype:trojan-activity;sid:84728575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public_files/ljigvpa.txt"; depth:25; endswith; nocase; http.host; content:"62.60.226.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865473/; classtype:trojan-activity;sid:84728573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public_files/98r4axa.txt"; depth:25; endswith; nocase; http.host; content:"62.60.226.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865474/; classtype:trojan-activity;sid:84728574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public_files/16sas.jpg"; depth:23; endswith; nocase; http.host; content:"62.60.226.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865472/; classtype:trojan-activity;sid:84728572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9af44f52-4726-4795-a74d-97e4e3e9097d"; depth:47; endswith; nocase; http.host; content:"tuwlc2yd.hesabdarinoravesh.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865471/; classtype:trojan-activity;sid:84728571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865470/; classtype:trojan-activity;sid:84728570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.178.234.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865469/; classtype:trojan-activity;sid:84728569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4c8aa62c-e6c9-49db-8398-0e21b418b607"; depth:47; endswith; nocase; http.host; content:"3kh6tu2u.shimiumumi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865468/; classtype:trojan-activity;sid:84728568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.148.221.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865466/; classtype:trojan-activity;sid:84728566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/31399b99-f7ac-4828-9965-1997e3c2b497"; depth:37; endswith; nocase; http.host; content:"nglrdgbx.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865467/; classtype:trojan-activity;sid:84728567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.223.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865465/; classtype:trojan-activity;sid:84728565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865464/; classtype:trojan-activity;sid:84728564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.186.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865463/; classtype:trojan-activity;sid:84728563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.172.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865462/; classtype:trojan-activity;sid:84728562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.233.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865461/; classtype:trojan-activity;sid:84728561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.106.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865460/; classtype:trojan-activity;sid:84728560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.184.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865459/; classtype:trojan-activity;sid:84728559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"23.92.130.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865458/; classtype:trojan-activity;sid:84728558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.187.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865457/; classtype:trojan-activity;sid:84728557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865456/; classtype:trojan-activity;sid:84728556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.187.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865454/; classtype:trojan-activity;sid:84728554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865455/; classtype:trojan-activity;sid:84728555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/190f9728-a029-4f9c-bb9e-b12763537313"; depth:37; endswith; nocase; http.host; content:"nnozsfst.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865453/; classtype:trojan-activity;sid:84728553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.63.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865452/; classtype:trojan-activity;sid:84728552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.92.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865451/; classtype:trojan-activity;sid:84728551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.83.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865450/; classtype:trojan-activity;sid:84728550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.216.226.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865449/; classtype:trojan-activity;sid:84728549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"104.195.238.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865448/; classtype:trojan-activity;sid:84728548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.208.211"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865447/; classtype:trojan-activity;sid:84728547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bac56586-74a4-48ba-ba3f-87363c5ca447"; depth:37; endswith; nocase; http.host; content:"ckvcsacd.mechanicsayalat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865446/; classtype:trojan-activity;sid:84728546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.188.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865445/; classtype:trojan-activity;sid:84728545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.140.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865444/; classtype:trojan-activity;sid:84728544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.228.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865443/; classtype:trojan-activity;sid:84728543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.161.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865442/; classtype:trojan-activity;sid:84728542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2362c405-bafa-4d38-9fd0-d12e00701dae"; depth:37; endswith; nocase; http.host; content:"atsvv.bankefiile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865441/; classtype:trojan-activity;sid:84728541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adminme.png"; depth:12; endswith; nocase; http.host; content:"baileyemas.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865440/; classtype:trojan-activity;sid:84728540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xw/phan.dat"; depth:12; endswith; nocase; http.host; content:"project-vendors.icu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865439/; classtype:trojan-activity;sid:84728539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kononiazclient.exe"; depth:19; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865438/; classtype:trojan-activity;sid:84728538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.120.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865437/; classtype:trojan-activity;sid:84728537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"kaza.com.hk"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865436/; classtype:trojan-activity;sid:84728536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi.png"; depth:8; endswith; nocase; http.host; content:"141.11.17.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865432/; classtype:trojan-activity;sid:84728532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"hispergen7.vercel.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865433/; classtype:trojan-activity;sid:84728533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_erqr2x.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865434/; classtype:trojan-activity;sid:84728534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_59g3bb.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865435/; classtype:trojan-activity;sid:84728535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6gwe-ua1t-tl5x-34yn/img_9b7fhy.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865427/; classtype:trojan-activity;sid:84728527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/2026-06-12/2f91377d-496a-4fe6-afee-5db4c42f0e79/3rrrrrcsd443r4r.png"; depth:75; endswith; nocase; http.host; content:"d4.tfdl.net"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865428/; classtype:trojan-activity;sid:84728528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"pub-3c115a3c8fe545f6b4433ab278003674.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865429/; classtype:trojan-activity;sid:84728529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/1urakt"; depth:12; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865430/; classtype:trojan-activity;sid:84728530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/2026-06-12/2f91377d-496a-4fe6-afee-5db4c42f0e79/3rrrrrcsd443r4r.png"; depth:75; endswith; nocase; http.host; content:"d4.tfdl.net"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865431/; classtype:trojan-activity;sid:84728531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yxzkk"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865422/; classtype:trojan-activity;sid:84728522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_w4spnf.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865423/; classtype:trojan-activity;sid:84728523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uawix"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865424/; classtype:trojan-activity;sid:84728524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bybts"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865425/; classtype:trojan-activity;sid:84728525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ydmdx"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865426/; classtype:trojan-activity;sid:84728526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n64y-jvb2-wt8x-cri7/img_0wdo83.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865419/; classtype:trojan-activity;sid:84728519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsptg"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865420/; classtype:trojan-activity;sid:84728520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/kbn1rc/"; depth:13; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865421/; classtype:trojan-activity;sid:84728521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hcofi"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865418/; classtype:trojan-activity;sid:84728518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjjag"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865414/; classtype:trojan-activity;sid:84728514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pomcp"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865415/; classtype:trojan-activity;sid:84728515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nvmru"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865416/; classtype:trojan-activity;sid:84728516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ysxpq/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865417/; classtype:trojan-activity;sid:84728517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exixj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865410/; classtype:trojan-activity;sid:84728510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gphrw/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865411/; classtype:trojan-activity;sid:84728511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ysxpq"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865412/; classtype:trojan-activity;sid:84728512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n64y-jvb2-wt8x-cri7/img_k3ilz3.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865413/; classtype:trojan-activity;sid:84728513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/govwh"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865408/; classtype:trojan-activity;sid:84728508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/2026-06-10/cbabda62-8ec8-468c-8988-c6c2f89233f4/5666666444444444444.png"; depth:79; endswith; nocase; http.host; content:"d7.tfdl.net"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865409/; classtype:trojan-activity;sid:84728509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgkcx"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865406/; classtype:trojan-activity;sid:84728506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msinew.png"; depth:21; endswith; nocase; http.host; content:"pub-3c115a3c8fe545f6b4433ab278003674.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865407/; classtype:trojan-activity;sid:84728507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyimg/m4vmowx7.png"; depth:19; endswith; nocase; http.host; content:"r2.image-upload.app"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865405/; classtype:trojan-activity;sid:84728505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads:80"; depth:22; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865404/; classtype:trojan-activity;sid:84728504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_224605.png"; depth:15; endswith; nocase; http.host; content:"start.billy-surveys.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865402/; classtype:trojan-activity;sid:84728502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jahaha.png"; depth:11; endswith; nocase; http.host; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865403/; classtype:trojan-activity;sid:84728503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opti12_msi.png"; depth:15; endswith; nocase; http.host; content:"canigrup.top"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865401/; classtype:trojan-activity;sid:84728501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/1.jpg"; depth:10; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865400/; classtype:trojan-activity;sid:84728500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svdsdadsad/vcxv/raw/0878bd481def8e71bb56b5f565d625a755d00281/1.jpg/"; depth:68; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865399/; classtype:trojan-activity;sid:84728499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ovrtw"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865398/; classtype:trojan-activity;sid:84728498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.9.96.108"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865394/; classtype:trojan-activity;sid:84728494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaevuhuj/1.jpg"; depth:15; endswith; nocase; http.host; content:"payables-deposit.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865395/; classtype:trojan-activity;sid:84728495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"161.8.192.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865396/; classtype:trojan-activity;sid:84728496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqxoi"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865397/; classtype:trojan-activity;sid:84728497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipfs/qmnaxfqzwk4xa3p94a8ug5gte97bqr8uua87jedapkvcdk"; depth:52; endswith; nocase; http.host; content:"basic-blue-shrew.myfilebase.com"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865392/; classtype:trojan-activity;sid:84728492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipfs/qmnaxfqzwk4xa3p94a8ug5gte97bqr8uua87jedapkvcdk"; depth:52; endswith; nocase; http.host; content:"arbitrary-chocolate-tiglon.myfilebase.com"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865393/; classtype:trojan-activity;sid:84728493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svdsdadsad/vcxv/raw/0878bd481def8e71bb56b5f565d625a755d00281/1.jpg"; depth:67; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865387/; classtype:trojan-activity;sid:84728487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svdsdadsad/vcxv/raw/0878bd481def8e71bb56b5f565d625a755d00281/1.jpg/"; depth:68; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865388/; classtype:trojan-activity;sid:84728488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghkjkghlkgl/ghf/downloads/2.jpg"; depth:32; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865389/; classtype:trojan-activity;sid:84728489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/kbn1rc"; depth:12; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865390/; classtype:trojan-activity;sid:84728490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mywtestwusbect/hfghfgdfgdfg/downloads/3.jpg"; depth:44; endswith; nocase; http.host; content:"bitbucket.org"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865391/; classtype:trojan-activity;sid:84728491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.jpg"; depth:6; endswith; nocase; http.host; content:"nanshiin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865386/; classtype:trojan-activity;sid:84728486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-x86_64-static"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865384/; classtype:trojan-activity;sid:84728484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-i686-static"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865385/; classtype:trojan-activity;sid:84728485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-armv7-static"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865383/; classtype:trojan-activity;sid:84728483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-aarch64-static"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865382/; classtype:trojan-activity;sid:84728482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/04124a0d-a580-4e77-8f5f-78c763c8e626"; depth:37; endswith; nocase; http.host; content:"gafaiyfx.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865381/; classtype:trojan-activity;sid:84728481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.188.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865380/; classtype:trojan-activity;sid:84728480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/takvwrbg/60qyhhndgneaj0t.ps1"; depth:29; endswith; nocase; http.host; content:"panel.contactstellarsteel.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865379/; classtype:trojan-activity;sid:84728479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.192.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865377/; classtype:trojan-activity;sid:84728477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.34.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865378/; classtype:trojan-activity;sid:84728478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5cd4b8e1-1b5d-4b82-8b29-7e64acbfbbcf"; depth:47; endswith; nocase; http.host; content:"p75su278.shimiskoog.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865376/; classtype:trojan-activity;sid:84728476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.142.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865375/; classtype:trojan-activity;sid:84728475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.192.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865374/; classtype:trojan-activity;sid:84728474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.208.211"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865373/; classtype:trojan-activity;sid:84728473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.34.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865372/; classtype:trojan-activity;sid:84728472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=21629b65-d49b-45f9-bc6c-b6b33d74caaa"; depth:47; endswith; nocase; http.host; content:"4nhtw4lz.testranandegi.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865371/; classtype:trojan-activity;sid:84728471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/330a83b6-8afb-4c61-8fde-2d69a5401530"; depth:37; endswith; nocase; http.host; content:"zsmhobv.shartmag.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865370/; classtype:trojan-activity;sid:84728470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8808fdaa-ebe6-43d7-b7b6-f01f4d0d1f00"; depth:37; endswith; nocase; http.host; content:"qvwjatwu.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865369/; classtype:trojan-activity;sid:84728469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.167.224.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865368/; classtype:trojan-activity;sid:84728468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.118.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865367/; classtype:trojan-activity;sid:84728467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.252.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865366/; classtype:trojan-activity;sid:84728466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.28.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865365/; classtype:trojan-activity;sid:84728465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/theme-compat/nvfexht/uandeso/plftkrv/stuba.ps1"; depth:59; endswith; nocase; http.host; content:"hikmah69.net"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865364/; classtype:trojan-activity;sid:84728464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.114.181"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865362/; classtype:trojan-activity;sid:84728462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.198.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865363/; classtype:trojan-activity;sid:84728463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.225"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865360/; classtype:trojan-activity;sid:84728460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.123.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865361/; classtype:trojan-activity;sid:84728461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1vf9glqftpdx5fvmlq2tkcuqqcabgtrip"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865359/; classtype:trojan-activity;sid:84728459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/202/goodthingsarebestbetterwayscomingforu.vbs"; depth:46; endswith; nocase; http.host; content:"172.245.209.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865353/; classtype:trojan-activity;sid:84728453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865354/; classtype:trojan-activity;sid:84728454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rmuga"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865355/; classtype:trojan-activity;sid:84728455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxsrm"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865356/; classtype:trojan-activity;sid:84728456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zacaj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865357/; classtype:trojan-activity;sid:84728457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obhny"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865358/; classtype:trojan-activity;sid:84728458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1w662dmwoiyoqus7xyz20uxmcq6qxmu2a"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865351/; classtype:trojan-activity;sid:84728451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cajkj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865352/; classtype:trojan-activity;sid:84728452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dwqmnwqgr/image/upload/v1781492836/img_200538_ves2mj.jpg"; depth:57; endswith; nocase; http.host; content:"res.cloudinary.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865350/; classtype:trojan-activity;sid:84728450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebzwgqky/pk.ps1"; depth:16; endswith; nocase; http.host; content:"miki-visitasia.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865349/; classtype:trojan-activity;sid:84728449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42046ea3-82a0-40c9-b998-a24e3a24bece"; depth:37; endswith; nocase; http.host; content:"naqsigxg.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865348/; classtype:trojan-activity;sid:84728448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.252.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865347/; classtype:trojan-activity;sid:84728447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gphrw"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865341/; classtype:trojan-activity;sid:84728441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zpehh"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865342/; classtype:trojan-activity;sid:84728442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwdra"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865343/; classtype:trojan-activity;sid:84728443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ymxmd"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865344/; classtype:trojan-activity;sid:84728444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.bitcoin/wallet.dat"; depth:20; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865345/; classtype:trojan-activity;sid:84728445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrrtu"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865346/; classtype:trojan-activity;sid:84728446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2019/05/simple.php"; depth:38; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865337/; classtype:trojan-activity;sid:84728437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tblpv"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865338/; classtype:trojan-activity;sid:84728438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ioacm"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865339/; classtype:trojan-activity;sid:84728439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zdpmn"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865340/; classtype:trojan-activity;sid:84728440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dncrp"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865336/; classtype:trojan-activity;sid:84728436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oslap"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865335/; classtype:trojan-activity;sid:84728435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qmvaz"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865330/; classtype:trojan-activity;sid:84728430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xiyks"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865331/; classtype:trojan-activity;sid:84728431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ysxpq2c20https3a/pub-ce02802067934e0eb072f69bf6427bf6.r2.dev/"; depth:62; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865332/; classtype:trojan-activity;sid:84728432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nxpkj"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865333/; classtype:trojan-activity;sid:84728433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrvnd"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865334/; classtype:trojan-activity;sid:84728434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.118.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865329/; classtype:trojan-activity;sid:84728429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad49dd4b-b522-4518-a211-f396232dd5d5"; depth:37; endswith; nocase; http.host; content:"mnzrz.azmoonzare.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865328/; classtype:trojan-activity;sid:84728428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865327/; classtype:trojan-activity;sid:84728427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.140.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865326/; classtype:trojan-activity;sid:84728426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coraline_4.7.zip"; depth:17; endswith; nocase; http.host; content:"coraline.work"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865325/; classtype:trojan-activity;sid:84728425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"59.96.143.192"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865322/; classtype:trojan-activity;sid:84728422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"5.166.107.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865323/; classtype:trojan-activity;sid:84728423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.227.176.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865324/; classtype:trojan-activity;sid:84728424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dx.zip"; depth:7; endswith; nocase; http.host; content:"holl.microtr.life"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865321/; classtype:trojan-activity;sid:84728421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"video-vae.vercel.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865320/; classtype:trojan-activity;sid:84728420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.53.152.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865318/; classtype:trojan-activity;sid:84728418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"123.4.247.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865319/; classtype:trojan-activity;sid:84728419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"photo-poisk.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865317/; classtype:trojan-activity;sid:84728417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"policecontrol2026.vercel.app"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865312/; classtype:trojan-activity;sid:84728412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"36.35.78.155"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865313/; classtype:trojan-activity;sid:84728413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.166.188.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865314/; classtype:trojan-activity;sid:84728414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"163.142.79.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865315/; classtype:trojan-activity;sid:84728415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865316/; classtype:trojan-activity;sid:84728416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1bd787051c777547.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865311/; classtype:trojan-activity;sid:84728411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.96.139.228"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865310/; classtype:trojan-activity;sid:84728410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.238.22.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865309/; classtype:trojan-activity;sid:84728409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865308/; classtype:trojan-activity;sid:84728408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.237.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865307/; classtype:trojan-activity;sid:84728407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f5fa02b-3c52-42b3-8947-3138abc7f6cc"; depth:37; endswith; nocase; http.host; content:"zejlnzmy.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865306/; classtype:trojan-activity;sid:84728406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.206.38"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865305/; classtype:trojan-activity;sid:84728405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865304/; classtype:trojan-activity;sid:84728404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.217.85"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865303/; classtype:trojan-activity;sid:84728403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.83.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865302/; classtype:trojan-activity;sid:84728402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.141.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865301/; classtype:trojan-activity;sid:84728401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5b5da4c0-7d17-41e3-932b-8ce63a6c87f1"; depth:37; endswith; nocase; http.host; content:"hxhqsvdq.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865300/; classtype:trojan-activity;sid:84728400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.11.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865299/; classtype:trojan-activity;sid:84728399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.44.136.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865298/; classtype:trojan-activity;sid:84728398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b07c0f25-c56c-4039-a605-0459346a69b3"; depth:47; endswith; nocase; http.host; content:"82a3dcwt.sazehayefooladi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865297/; classtype:trojan-activity;sid:84728397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.44.136.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865296/; classtype:trojan-activity;sid:84728396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.217.85"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865295/; classtype:trojan-activity;sid:84728395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a365ac5d-80d6-4874-be4f-f7776010717e"; depth:37; endswith; nocase; http.host; content:"vtulyasw.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865294/; classtype:trojan-activity;sid:84728394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.47.168"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865292/; classtype:trojan-activity;sid:84728392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.220.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865293/; classtype:trojan-activity;sid:84728393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.225.37.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865291/; classtype:trojan-activity;sid:84728391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.181.13.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865289/; classtype:trojan-activity;sid:84728389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.55.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865290/; classtype:trojan-activity;sid:84728390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.47.168"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865288/; classtype:trojan-activity;sid:84728388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/73adeb87-db7f-4c85-9351-d9b641c68cab"; depth:37; endswith; nocase; http.host; content:"klpiy.mabanimashin.site"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865287/; classtype:trojan-activity;sid:84728387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5cc156b3-5639-47fd-a343-2a41c833fb11"; depth:47; endswith; nocase; http.host; content:"i2zev0hr.hesabdarieskandari.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865286/; classtype:trojan-activity;sid:84728386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865285/; classtype:trojan-activity;sid:84728385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8d94cd44-7f7f-468f-aec5-446e19920eb9"; depth:37; endswith; nocase; http.host; content:"tfpypiqq.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865284/; classtype:trojan-activity;sid:84728384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.231.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865283/; classtype:trojan-activity;sid:84728383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.181.13.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865282/; classtype:trojan-activity;sid:84728382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.55.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865281/; classtype:trojan-activity;sid:84728381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e33900b1-19ee-4dab-a850-b0991f543fc7"; depth:47; endswith; nocase; http.host; content:"et3y84jg.testpaye.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865280/; classtype:trojan-activity;sid:84728380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.183.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865279/; classtype:trojan-activity;sid:84728379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.231.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865278/; classtype:trojan-activity;sid:84728378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b87e2b19-f210-4db5-b0c4-f76ebb977dbc"; depth:37; endswith; nocase; http.host; content:"gyrtdqr.shartbandikade.online"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865277/; classtype:trojan-activity;sid:84728377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.140.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865276/; classtype:trojan-activity;sid:84728376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865275/; classtype:trojan-activity;sid:84728375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7fc78516-fa84-486f-935e-e9143e81cd1f"; depth:37; endswith; nocase; http.host; content:"ruynyxnj.karafarini.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865274/; classtype:trojan-activity;sid:84728374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.84.27"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865273/; classtype:trojan-activity;sid:84728373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.74.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865272/; classtype:trojan-activity;sid:84728372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/233a7382-bfea-4d19-819c-fb64a19dbb52"; depth:37; endswith; nocase; http.host; content:"cpclyyro.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865271/; classtype:trojan-activity;sid:84728371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=da9b3973-c16f-4f52-aefa-d9a171dae53d"; depth:47; endswith; nocase; http.host; content:"l6sa1ldu.ravanshenasisaeedi.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865270/; classtype:trojan-activity;sid:84728370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.74.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865269/; classtype:trojan-activity;sid:84728369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.241.15"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865268/; classtype:trojan-activity;sid:84728368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5824e175-41b8-4c43-b663-642c8a8698ea"; depth:37; endswith; nocase; http.host; content:"mszrd.mabanieslami2.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865267/; classtype:trojan-activity;sid:84728367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.201.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865266/; classtype:trojan-activity;sid:84728366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.23.100.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865265/; classtype:trojan-activity;sid:84728365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.136.87.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865263/; classtype:trojan-activity;sid:84728363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.63.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865264/; classtype:trojan-activity;sid:84728364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c260b7a-8b28-4593-af59-20a690d2d14a"; depth:37; endswith; nocase; http.host; content:"nvxwrvxi.tasisathosseini.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865262/; classtype:trojan-activity;sid:84728362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.63.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865261/; classtype:trojan-activity;sid:84728361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.42.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865260/; classtype:trojan-activity;sid:84728360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05f6b9a8-639e-432f-867d-0f987be08642"; depth:37; endswith; nocase; http.host; content:"shfbucmg.tarikhravannovin.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865259/; classtype:trojan-activity;sid:84728359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.42.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865258/; classtype:trojan-activity;sid:84728358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.53.124.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865257/; classtype:trojan-activity;sid:84728357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.207.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865256/; classtype:trojan-activity;sid:84728356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.63.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865255/; classtype:trojan-activity;sid:84728355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.136.87.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865254/; classtype:trojan-activity;sid:84728354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.178.54"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865253/; classtype:trojan-activity;sid:84728353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/451ace37-fd9e-4d7d-91ad-e5715869589e"; depth:37; endswith; nocase; http.host; content:"hibwmmbn.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865252/; classtype:trojan-activity;sid:84728352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.53.124.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865251/; classtype:trojan-activity;sid:84728351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9fe247e7-7acb-4654-a19d-4da24fff0176"; depth:47; endswith; nocase; http.host; content:"ez92gghl.ravanshenasinovin.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865250/; classtype:trojan-activity;sid:84728350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/54b317e4-9435-43df-9b8c-9a67ac1b1729"; depth:37; endswith; nocase; http.host; content:"abnbc.livefootba11.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865249/; classtype:trojan-activity;sid:84728349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.242.136.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865248/; classtype:trojan-activity;sid:84728348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e2c89a1a-a1ee-4d2e-879e-d6ea87bf9861"; depth:47; endswith; nocase; http.host; content:"vb6axq3r.testdrivepaye3.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865247/; classtype:trojan-activity;sid:84728347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.arm7"; depth:13; endswith; nocase; http.host; content:"23.27.25.135"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865246/; classtype:trojan-activity;sid:84728346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/094c72ca-4d4a-41b5-a6da-a4df56e0c77e"; depth:37; endswith; nocase; http.host; content:"khfujqd.shartbandifootballkade.online"; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865245/; classtype:trojan-activity;sid:84728345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.236.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865244/; classtype:trojan-activity;sid:84728344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5183554d-46ce-4e98-98ff-f708e37a9bbc"; depth:37; endswith; nocase; http.host; content:"tmajnhws.sazebetonarme.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865243/; classtype:trojan-activity;sid:84728343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.207.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865242/; classtype:trojan-activity;sid:84728342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.170.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865241/; classtype:trojan-activity;sid:84728341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"154.242.136.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865240/; classtype:trojan-activity;sid:84728340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.236.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865239/; classtype:trojan-activity;sid:84728339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.94.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865238/; classtype:trojan-activity;sid:84728338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/60c8482e-2af7-49cb-81ee-9b80d39f8181"; depth:37; endswith; nocase; http.host; content:"cunozylb.sanjeshvaandazegiri.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865237/; classtype:trojan-activity;sid:84728337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.15.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865236/; classtype:trojan-activity;sid:84728336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"68.185.152.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865235/; classtype:trojan-activity;sid:84728335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.149.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865234/; classtype:trojan-activity;sid:84728334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.arm5"; depth:12; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865233/; classtype:trojan-activity;sid:84728333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.mipsel"; depth:14; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865227/; classtype:trojan-activity;sid:84728327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.mips"; depth:12; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865228/; classtype:trojan-activity;sid:84728328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.arm4"; depth:12; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865229/; classtype:trojan-activity;sid:84728329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.arc"; depth:11; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865230/; classtype:trojan-activity;sid:84728330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.x86"; depth:11; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865231/; classtype:trojan-activity;sid:84728331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.arm6"; depth:12; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865232/; classtype:trojan-activity;sid:84728332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.dbg"; depth:11; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865226/; classtype:trojan-activity;sid:84728326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fpdejoseo"; depth:10; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865225/; classtype:trojan-activity;sid:84728325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.ppc"; depth:11; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865220/; classtype:trojan-activity;sid:84728320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.m68k"; depth:12; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865221/; classtype:trojan-activity;sid:84728321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.sparc"; depth:13; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865222/; classtype:trojan-activity;sid:84728322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.arm7"; depth:12; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865223/; classtype:trojan-activity;sid:84728323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sonnet.sh4"; depth:11; endswith; nocase; http.host; content:"91.92.40.176"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865224/; classtype:trojan-activity;sid:84728324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1db4f0a-3faa-4a35-b670-bd8348b7d557"; depth:37; endswith; nocase; http.host; content:"maxvicsh.sanjeshravani.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865219/; classtype:trojan-activity;sid:84728319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.15.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865218/; classtype:trojan-activity;sid:84728318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"68.185.152.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865217/; classtype:trojan-activity;sid:84728317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.149.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865216/; classtype:trojan-activity;sid:84728316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.31.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865215/; classtype:trojan-activity;sid:84728315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.53.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865214/; classtype:trojan-activity;sid:84728314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95c84383-8edc-46e2-beba-a5316ded4a9b"; depth:37; endswith; nocase; http.host; content:"tuivp.ecologyardakani.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865213/; classtype:trojan-activity;sid:84728313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4717ee5f-2245-4346-8b0d-ffe637453d4c"; depth:47; endswith; nocase; http.host; content:"cx2b8w38.anodaz.vip"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865212/; classtype:trojan-activity;sid:84728312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.245.8"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865211/; classtype:trojan-activity;sid:84728311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b4d4e751-acab-4e47-908e-816e93bed98b"; depth:47; endswith; nocase; http.host; content:"bpirhh68.ravanshenasiganji.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865210/; classtype:trojan-activity;sid:84728310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2e234745-a8a0-446f-a5fd-3a9ea281323e"; depth:37; endswith; nocase; http.host; content:"abmkzgbs.sakhtemandade.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865209/; classtype:trojan-activity;sid:84728309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.99.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865208/; classtype:trojan-activity;sid:84728308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.31.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865207/; classtype:trojan-activity;sid:84728307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.56.232.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865206/; classtype:trojan-activity;sid:84728306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.56.232.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865205/; classtype:trojan-activity;sid:84728305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_082eaf7f5d6ca3f8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865204/; classtype:trojan-activity;sid:84728304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.120.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865203/; classtype:trojan-activity;sid:84728303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865202/; classtype:trojan-activity;sid:84728302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.137.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865201/; classtype:trojan-activity;sid:84728301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.83.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865200/; classtype:trojan-activity;sid:84728300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff6962fb-c642-4628-a1c7-047d73a0c942"; depth:37; endswith; nocase; http.host; content:"ihypqyrn.sadreislam.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865199/; classtype:trojan-activity;sid:84728299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.226.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865197/; classtype:trojan-activity;sid:84728297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865198/; classtype:trojan-activity;sid:84728298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865196/; classtype:trojan-activity;sid:84728296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.220.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865195/; classtype:trojan-activity;sid:84728295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.137.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865194/; classtype:trojan-activity;sid:84728294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.83.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865193/; classtype:trojan-activity;sid:84728293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865192/; classtype:trojan-activity;sid:84728292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=16d12f5d-ce8b-46d2-8a79-0698cdab2b67"; depth:47; endswith; nocase; http.host; content:"6x7obrlx.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865191/; classtype:trojan-activity;sid:84728291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.220.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865190/; classtype:trojan-activity;sid:84728290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ddd78f1-1367-4677-a1f7-e7e0c6d8ee1f"; depth:37; endswith; nocase; http.host; content:"fbvxbuzt.questionsmotor.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865189/; classtype:trojan-activity;sid:84728289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.54.70"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865188/; classtype:trojan-activity;sid:84728288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.220.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865187/; classtype:trojan-activity;sid:84728287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.9.10"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865186/; classtype:trojan-activity;sid:84728286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/941dfc13-1bf3-4ca2-84a6-3ba143402575"; depth:37; endswith; nocase; http.host; content:"dbhmpap.shansline.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865185/; classtype:trojan-activity;sid:84728285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.9.10"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865184/; classtype:trojan-activity;sid:84728284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.120.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865183/; classtype:trojan-activity;sid:84728283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d6d3719-06fa-458a-9e07-3a5e5f16f742"; depth:37; endswith; nocase; http.host; content:"pvmzd.drivingbook.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865182/; classtype:trojan-activity;sid:84728282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d84db105-513b-4629-bb83-cb9e5577ddf1"; depth:37; endswith; nocase; http.host; content:"golkqcqa.psgnewsiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865181/; classtype:trojan-activity;sid:84728281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=622da9e1-3770-4045-9182-4fbc2f9d543d"; depth:47; endswith; nocase; http.host; content:"lp4hvt2f.ravanshenakhti.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865180/; classtype:trojan-activity;sid:84728280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chil.thn"; depth:9; endswith; nocase; http.host; content:"bgmotors.ro"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865179/; classtype:trojan-activity;sid:84728279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/be39c017-2705-4908-9967-10779dca1bae"; depth:37; endswith; nocase; http.host; content:"vdigvuaz.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865178/; classtype:trojan-activity;sid:84728278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nenk2.aspx|3f|bfu"; depth:18; endswith; nocase; http.host; content:"venist2.runasp.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865177/; classtype:trojan-activity;sid:84728277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/202/ecc/goodcreationsforbestfamilypeoples.hta"; depth:46; endswith; nocase; http.host; content:"172.245.209.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865176/; classtype:trojan-activity;sid:84728276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97/goodthingsarebestforbesttihignstocome.hta"; depth:45; endswith; nocase; http.host; content:"107.172.135.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865173/; classtype:trojan-activity;sid:84728273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/96/ibredgoodforbestthingscomingbackform.hta"; depth:44; endswith; nocase; http.host; content:"107.172.135.60"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865174/; classtype:trojan-activity;sid:84728274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/154/goodchoiceforbetterplacingconvencingthebesttreatments.hta"; depth:62; endswith; nocase; http.host; content:"172.245.209.169"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865175/; classtype:trojan-activity;sid:84728275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123/evc/greatindianthingsareperfectforbest.hta"; depth:47; endswith; nocase; http.host; content:"107.172.135.8"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865172/; classtype:trojan-activity;sid:84728272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a360f75-e07e-4089-b847-f0bb966f1ab2"; depth:37; endswith; nocase; http.host; content:"scsjldll.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865171/; classtype:trojan-activity;sid:84728271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bin.dat"; depth:10; endswith; nocase; http.host; content:"myzen.pro"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865170/; classtype:trojan-activity;sid:84728270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/theme-compat/nvfexht/uandeso/plftkrv/ojstub.ps1"; depth:60; endswith; nocase; http.host; content:"hikmah69.net"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865169/; classtype:trojan-activity;sid:84728269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"baskor.mypi.co"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865168/; classtype:trojan-activity;sid:84728268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_014506.png"; depth:15; endswith; nocase; http.host; content:"nickart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865167/; classtype:trojan-activity;sid:84728267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/v1/download/file.json/odvfodyxodazntbf|3f|temp_key=%a2%9bb%9a%2c%det%c4%88%a6x|7c|26|7c|inline=0"; depth:101; endswith; nocase; http.host; content:"web.opendrive.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865166/; classtype:trojan-activity;sid:84728266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exoticisms121.dsp"; depth:18; endswith; nocase; http.host; content:"cembusconfort.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865164/; classtype:trojan-activity;sid:84728264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yohtj27.bin"; depth:12; endswith; nocase; http.host; content:"cembusconfort.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865165/; classtype:trojan-activity;sid:84728265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/odvfodyxodazntbf/optimized_msi.png"; depth:37; endswith; nocase; http.host; content:"od.lk"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865163/; classtype:trojan-activity;sid:84728263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.190.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865162/; classtype:trojan-activity;sid:84728262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abgbipo.txt"; depth:12; endswith; nocase; http.host; content:"85.121.240.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865160/; classtype:trojan-activity;sid:84728260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grundfladernes.lpk"; depth:19; endswith; nocase; http.host; content:"cembusconfort.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865161/; classtype:trojan-activity;sid:84728261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdoiee.txt"; depth:12; endswith; nocase; http.host; content:"85.121.240.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865158/; classtype:trojan-activity;sid:84728258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nonprovin.snp"; depth:14; endswith; nocase; http.host; content:"bgmotors.ro"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865159/; classtype:trojan-activity;sid:84728259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apwglfvvczyjbpb54.bin"; depth:22; endswith; nocase; http.host; content:"bgmotors.ro"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865157/; classtype:trojan-activity;sid:84728257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ifadgif.txt"; depth:12; endswith; nocase; http.host; content:"85.121.240.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865156/; classtype:trojan-activity;sid:84728256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tpo-g4n0-u714-l9kx/img_6f211h.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865154/; classtype:trojan-activity;sid:84728254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pupoprge/a2.ps1"; depth:16; endswith; nocase; http.host; content:"miki-visitasia.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865155/; classtype:trojan-activity;sid:84728255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jkdekmk.txt"; depth:12; endswith; nocase; http.host; content:"85.121.240.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865153/; classtype:trojan-activity;sid:84728253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/certainwhenever"; depth:16; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865152/; classtype:trojan-activity;sid:84728252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lack/stego_payload.png"; depth:23; endswith; nocase; http.host; content:"voltejeasteis.click"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865151/; classtype:trojan-activity;sid:84728251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jp/stego_payload.png"; depth:21; endswith; nocase; http.host; content:"sixmexicos.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865149/; classtype:trojan-activity;sid:84728249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3tpo-g4n0-u714-l9kx/img_c6s4k2.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865150/; classtype:trojan-activity;sid:84728250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.242.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865148/; classtype:trojan-activity;sid:84728248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/kb/img_194735.png"; depth:22; endswith; nocase; http.host; content:"172.86.110.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865147/; classtype:trojan-activity;sid:84728247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865146/; classtype:trojan-activity;sid:84728246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img_165940.png"; depth:19; endswith; nocase; http.host; content:"82.223.139.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865145/; classtype:trojan-activity;sid:84728245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/221/givenbestthingsforbetterplacegoodcoming.hta"; depth:48; endswith; nocase; http.host; content:"82.223.139.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865144/; classtype:trojan-activity;sid:84728244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/kb/verygoodperformancethingsarecominginthisnewthingsinside.hta"; depth:67; endswith; nocase; http.host; content:"172.86.110.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865143/; classtype:trojan-activity;sid:84728243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/46/givemebestthignsbackfromthisbusiness.hta"; depth:44; endswith; nocase; http.host; content:"209.54.103.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865139/; classtype:trojan-activity;sid:84728239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33/img_220818.png"; depth:18; endswith; nocase; http.host; content:"192.3.140.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865140/; classtype:trojan-activity;sid:84728240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a2054e924072d7f1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865141/; classtype:trojan-activity;sid:84728241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img_160722.png"; depth:19; endswith; nocase; http.host; content:"209.54.103.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865142/; classtype:trojan-activity;sid:84728242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/40/imacomingthisweekinthrforbestgoodthings.hta"; depth:47; endswith; nocase; http.host; content:"198.23.144.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865138/; classtype:trojan-activity;sid:84728238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33/goodthingsarebesttogetbetterthingsfrome.hta"; depth:47; endswith; nocase; http.host; content:"192.3.140.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865137/; classtype:trojan-activity;sid:84728237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/203/goodthingsarebestbetterwayscomingforu.vbs"; depth:46; endswith; nocase; http.host; content:"172.245.209.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865135/; classtype:trojan-activity;sid:84728235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/156/img_225642.png"; depth:19; endswith; nocase; http.host; content:"23.95.103.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865136/; classtype:trojan-activity;sid:84728236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/203/ech/goodjobtodayreallyfinegoodhearthatcurrentilot.hta"; depth:58; endswith; nocase; http.host; content:"172.245.209.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865134/; classtype:trojan-activity;sid:84728234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/156/notimefordothatallbrotherherewiatingalot.hta"; depth:49; endswith; nocase; http.host; content:"23.95.103.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865133/; classtype:trojan-activity;sid:84728233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/img_023305.png"; depth:19; endswith; nocase; http.host; content:"172.86.110.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865132/; classtype:trojan-activity;sid:84728232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33/img_044256.png"; depth:18; endswith; nocase; http.host; content:"193.37.215.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865131/; classtype:trojan-activity;sid:84728231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33/verygreatthingsaregoingaroundonmethings.hta"; depth:47; endswith; nocase; http.host; content:"193.37.215.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865129/; classtype:trojan-activity;sid:84728229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/121/goodreangewithbestthignsaroundonmyself.hta"; depth:47; endswith; nocase; http.host; content:"172.86.110.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865130/; classtype:trojan-activity;sid:84728230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tochka.exe"; depth:11; endswith; nocase; http.host; content:"31.77.168.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865127/; classtype:trojan-activity;sid:84728227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sopeas.exe"; depth:11; endswith; nocase; http.host; content:"31.77.168.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865128/; classtype:trojan-activity;sid:84728228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/reosmesf967rgeaveon.jug"; depth:26; endswith; nocase; http.host; content:"104.239.66.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865125/; classtype:trojan-activity;sid:84728225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/rgeaveonrgeaveon77.abb"; depth:25; endswith; nocase; http.host; content:"104.239.66.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865126/; classtype:trojan-activity;sid:84728226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.190.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865124/; classtype:trojan-activity;sid:84728224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cpeg/stego_payload.png"; depth:23; endswith; nocase; http.host; content:"www.controliumbt.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865123/; classtype:trojan-activity;sid:84728223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/687f4184-f8bd-45af-af74-f4a594120c2b"; depth:37; endswith; nocase; http.host; content:"jehezikh.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865122/; classtype:trojan-activity;sid:84728222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dx.zip"; depth:7; endswith; nocase; http.host; content:"fine.microtr.life"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865121/; classtype:trojan-activity;sid:84728221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"157.230.61.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865119/; classtype:trojan-activity;sid:84728219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"157.230.61.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865120/; classtype:trojan-activity;sid:84728220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e839abd2-ca52-46e7-a662-953024674c1c"; depth:37; endswith; nocase; http.host; content:"btskl.downloadquran.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865118/; classtype:trojan-activity;sid:84728218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.54.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865117/; classtype:trojan-activity;sid:84728217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.92.220"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865116/; classtype:trojan-activity;sid:84728216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/096568a7-672f-4fc0-a683-eeadf0db1b1f"; depth:37; endswith; nocase; http.host; content:"xkpxrkko.mechanicsayalat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865115/; classtype:trojan-activity;sid:84728215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.226.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865114/; classtype:trojan-activity;sid:84728214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_468efb8047c9b439.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865113/; classtype:trojan-activity;sid:84728213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"200.115.102.16"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865112/; classtype:trojan-activity;sid:84728212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaf.sh"; depth:7; endswith; nocase; http.host; content:"skynet1.ydns.eu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865111/; classtype:trojan-activity;sid:84728211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c46cdbec2c0d50af.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865108/; classtype:trojan-activity;sid:84728208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ed8aa147a32047b4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865109/; classtype:trojan-activity;sid:84728209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mass"; depth:5; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865110/; classtype:trojan-activity;sid:84728210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865107/; classtype:trojan-activity;sid:84728207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.42.91.237"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865106/; classtype:trojan-activity;sid:84728206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0183fd3-b714-463f-a965-bc4107b6f865"; depth:37; endswith; nocase; http.host; content:"ljhxazhv.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865105/; classtype:trojan-activity;sid:84728205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6383b346-fa18-46a5-b5fb-1f20a058d2e9"; depth:47; endswith; nocase; http.host; content:"ieg4j0ii.ravansalamat.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865104/; classtype:trojan-activity;sid:84728204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.77.13.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865103/; classtype:trojan-activity;sid:84728203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4d050985-399e-4ea6-91e0-c40c2e0123af"; depth:47; endswith; nocase; http.host; content:"x8268vj9.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865102/; classtype:trojan-activity;sid:84728202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb018452-ccbe-46aa-88ac-4951dd1b4570"; depth:37; endswith; nocase; http.host; content:"ckdydch.shansbartar.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865101/; classtype:trojan-activity;sid:84728201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/701299d6-343c-4880-8ee7-15a420f988be"; depth:37; endswith; nocase; http.host; content:"aiaufdwh.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865100/; classtype:trojan-activity;sid:84728200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.172.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865099/; classtype:trojan-activity;sid:84728199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.77.13.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865098/; classtype:trojan-activity;sid:84728198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.238.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865097/; classtype:trojan-activity;sid:84728197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.exe"; depth:10; endswith; nocase; http.host; content:"24.89.4.180"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865096/; classtype:trojan-activity;sid:84728196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18f4af96-df5c-4fb6-9849-b9aba548c632"; depth:37; endswith; nocase; http.host; content:"bgyxg.differentialmamuli.store"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865095/; classtype:trojan-activity;sid:84728195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1c65bc76-6150-4d6e-9b18-b86497e6d8e2"; depth:47; endswith; nocase; http.host; content:"uivmtnvu.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865094/; classtype:trojan-activity;sid:84728194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.92.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865093/; classtype:trojan-activity;sid:84728193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84685321-511e-4f41-8e2c-ca2e6fb1629c"; depth:37; endswith; nocase; http.host; content:"rgojzoub.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865092/; classtype:trojan-activity;sid:84728192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.238.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865091/; classtype:trojan-activity;sid:84728191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.120.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865090/; classtype:trojan-activity;sid:84728190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.128.215"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865089/; classtype:trojan-activity;sid:84728189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.120.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865088/; classtype:trojan-activity;sid:84728188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.200.212.18"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865087/; classtype:trojan-activity;sid:84728187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1cbe1001-a757-4ea9-95d0-60ef5b24b3bc"; depth:37; endswith; nocase; http.host; content:"rdpztlxu.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865086/; classtype:trojan-activity;sid:84728186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.242.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865085/; classtype:trojan-activity;sid:84728185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.92.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865084/; classtype:trojan-activity;sid:84728184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/htmlweb/axis/dbk.png"; depth:21; endswith; nocase; http.host; content:"files01.click"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865081/; classtype:trojan-activity;sid:84728181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/htmlweb/axis/edu.png"; depth:21; endswith; nocase; http.host; content:"files01.click"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865082/; classtype:trojan-activity;sid:84728182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jktjune.png"; depth:12; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865083/; classtype:trojan-activity;sid:84728183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55/img_005447.png"; depth:18; endswith; nocase; http.host; content:"151.241.154.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865079/; classtype:trojan-activity;sid:84728179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/htmlweb/axis/optimized.png"; depth:27; endswith; nocase; http.host; content:"files01.click"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865080/; classtype:trojan-activity;sid:84728180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55/givemebesttthingsforbetterplaces.hta"; depth:40; endswith; nocase; http.host; content:"151.241.154.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865078/; classtype:trojan-activity;sid:84728178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3b429f66-afec-4dab-9bc6-718a868296fc"; depth:47; endswith; nocase; http.host; content:"l3fcolra.fubet24.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865077/; classtype:trojan-activity;sid:84728177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.mips"; depth:10; endswith; nocase; http.host; content:"217.60.195.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865076/; classtype:trojan-activity;sid:84728176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonuser72/files/refs/heads/main/umpdc.dll"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865075/; classtype:trojan-activity;sid:84728175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.239.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865074/; classtype:trojan-activity;sid:84728174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7aae494e-5d65-49cc-ae50-6707d6037b7f"; depth:37; endswith; nocase; http.host; content:"kulnpioc.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865073/; classtype:trojan-activity;sid:84728173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.29.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865072/; classtype:trojan-activity;sid:84728172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tochka.exe"; depth:11; endswith; nocase; http.host; content:"31.77.168.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865070/; classtype:trojan-activity;sid:84728170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sopeas.exe"; depth:11; endswith; nocase; http.host; content:"31.77.168.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865071/; classtype:trojan-activity;sid:84728171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/memesense.exe"; depth:14; endswith; nocase; http.host; content:"akarstresser.pro"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865069/; classtype:trojan-activity;sid:84728169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/do/bekransendes.com"; depth:20; endswith; nocase; http.host; content:"consways.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865066/; classtype:trojan-activity;sid:84728166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"agrovelca.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865067/; classtype:trojan-activity;sid:84728167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/144.exe"; depth:8; endswith; nocase; http.host; content:"agrovelca.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865068/; classtype:trojan-activity;sid:84728168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/do/quote-9398.pdf"; depth:18; endswith; nocase; http.host; content:"consways.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865065/; classtype:trojan-activity;sid:84728165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.220.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865064/; classtype:trojan-activity;sid:84728164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6193ee7-9dea-43c2-82d6-d300c6dea112"; depth:37; endswith; nocase; http.host; content:"xipas.differentialkerayechiyan.store"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865063/; classtype:trojan-activity;sid:84728163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.239.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865062/; classtype:trojan-activity;sid:84728162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8142d329-5500-45e9-aa46-64db60340173"; depth:37; endswith; nocase; http.host; content:"yrzwlqcu.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865061/; classtype:trojan-activity;sid:84728161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"one-verif.lol"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865060/; classtype:trojan-activity;sid:84728160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.240.237.18"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865059/; classtype:trojan-activity;sid:84728159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.33.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865058/; classtype:trojan-activity;sid:84728158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.76.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865057/; classtype:trojan-activity;sid:84728157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865056/; classtype:trojan-activity;sid:84728156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.143.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865055/; classtype:trojan-activity;sid:84728155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zefuyckmhfbapafkmojd213.bin"; depth:28; endswith; nocase; http.host; content:"bin.workcentral.shop"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865054/; classtype:trojan-activity;sid:84728154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navd-ctrl/facebook-marketplace-scraper/raw/refs/heads/main/src/marketplace_scraper_facebook_v2.4-beta.2.zip"; depth:108; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865053/; classtype:trojan-activity;sid:84728153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/navd-ctrl/facebook-marketplace-scraper/main/data/facebook-marketplace-scraper-v3.7-beta.3.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865052/; classtype:trojan-activity;sid:84728152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai_dalas_retarted_hifromb4ckdoorbitches.x86"; depth:52; endswith; nocase; http.host; content:"216.126.239.78"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865051/; classtype:trojan-activity;sid:84728151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_0209f25166222dee.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865050/; classtype:trojan-activity;sid:84728150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.76.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865049/; classtype:trojan-activity;sid:84728149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=645096c2-d8fd-41c0-834b-3ce11a66ed58"; depth:47; endswith; nocase; http.host; content:"5e568txr.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865048/; classtype:trojan-activity;sid:84728148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/be0903b8-c368-450b-96a6-f8ae118fddba"; depth:37; endswith; nocase; http.host; content:"lmlnqaju.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865047/; classtype:trojan-activity;sid:84728147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.116.65"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865046/; classtype:trojan-activity;sid:84728146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865045/; classtype:trojan-activity;sid:84728145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e142ecdf-4c92-4a1b-afb8-505a46d3abbc"; depth:37; endswith; nocase; http.host; content:"dvbkmkq.rocketbet.pro"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865044/; classtype:trojan-activity;sid:84728144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865043/; classtype:trojan-activity;sid:84728143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.81.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865042/; classtype:trojan-activity;sid:84728142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/99034b05-4eda-4ee0-9e18-466b702ee766"; depth:37; endswith; nocase; http.host; content:"eofvjfbp.karafarini.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865041/; classtype:trojan-activity;sid:84728141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.84.241"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865040/; classtype:trojan-activity;sid:84728140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.122.250"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865039/; classtype:trojan-activity;sid:84728139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.119.95"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865038/; classtype:trojan-activity;sid:84728138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95/img_070815.png"; depth:18; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865037/; classtype:trojan-activity;sid:84728137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/55/givemebestsupportingskillswithmygirlfriend.hta"; depth:50; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865036/; classtype:trojan-activity;sid:84728136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.81.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865035/; classtype:trojan-activity;sid:84728135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6a80970c-0a95-49f2-bfae-019678cc6fb9"; depth:47; endswith; nocase; http.host; content:"1ghy1rc2.questionstest.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865034/; classtype:trojan-activity;sid:84728134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9fd7eaf3-efbb-4a36-a174-dabd8dd7f6f6"; depth:37; endswith; nocase; http.host; content:"ziryn.defamogadas.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865033/; classtype:trojan-activity;sid:84728133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30f8acb1-5d2d-4756-a5b1-2939496416c8"; depth:37; endswith; nocase; http.host; content:"thhcalzn.jam-jahani.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865032/; classtype:trojan-activity;sid:84728132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.167.175.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865031/; classtype:trojan-activity;sid:84728131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.198.176"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865030/; classtype:trojan-activity;sid:84728130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865029/; classtype:trojan-activity;sid:84728129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52e01f9a-41be-40fc-b2f4-09436c906305"; depth:37; endswith; nocase; http.host; content:"paqyqptu.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865028/; classtype:trojan-activity;sid:84728128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.226.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865027/; classtype:trojan-activity;sid:84728127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.128.215"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865026/; classtype:trojan-activity;sid:84728126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.175.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865025/; classtype:trojan-activity;sid:84728125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babyfacexload.png"; depth:18; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865022/; classtype:trojan-activity;sid:84728122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jktjune.png"; depth:12; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865023/; classtype:trojan-activity;sid:84728123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/djokunewrdp.png"; depth:21; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865024/; classtype:trojan-activity;sid:84728124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msiljune.png"; depth:23; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865020/; classtype:trojan-activity;sid:84728120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yufile.png"; depth:11; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865021/; classtype:trojan-activity;sid:84728121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.85.108.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865019/; classtype:trojan-activity;sid:84728119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.148.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865018/; classtype:trojan-activity;sid:84728118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.59.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865016/; classtype:trojan-activity;sid:84728116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/606fd583-76b7-4ed7-ad98-03e75b075dfe"; depth:37; endswith; nocase; http.host; content:"vdljitxt.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865017/; classtype:trojan-activity;sid:84728117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.80.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865015/; classtype:trojan-activity;sid:84728115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.148.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865014/; classtype:trojan-activity;sid:84728114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.85.108.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865013/; classtype:trojan-activity;sid:84728113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7258b478-ed56-4af6-9478-8a8beb26dacf"; depth:37; endswith; nocase; http.host; content:"zvxuc.darsnamejame.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865012/; classtype:trojan-activity;sid:84728112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/file/get|3f|filekey=wprlcteiw3x3afmsaytstq_szzhnnoeuu1i3rb06iof_ipbx2dilzkdd0yq"; depth:84; endswith; nocase; http.host; content:"3008.filemail.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865011/; classtype:trojan-activity;sid:84728111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmkitxgt/stub.ps1"; depth:18; endswith; nocase; http.host; content:"miki-visitasia.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865010/; classtype:trojan-activity;sid:84728110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=725daec8-a61b-4418-81ae-b6f26655973b"; depth:47; endswith; nocase; http.host; content:"opyo2s3o.akhlagvaahkam.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865009/; classtype:trojan-activity;sid:84728109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83aef4c5-4a1c-45be-b256-ddcdbd4d3944"; depth:37; endswith; nocase; http.host; content:"froqlquf.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865008/; classtype:trojan-activity;sid:84728108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.251.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865007/; classtype:trojan-activity;sid:84728107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.72.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865006/; classtype:trojan-activity;sid:84728106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.m68k"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865002/; classtype:trojan-activity;sid:84728102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.arm6"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865003/; classtype:trojan-activity;sid:84728103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.mpsl"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865004/; classtype:trojan-activity;sid:84728104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.arm7"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865005/; classtype:trojan-activity;sid:84728105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"158.255.83.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865000/; classtype:trojan-activity;sid:84728100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.72.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865001/; classtype:trojan-activity;sid:84728101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.ppc"; depth:8; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864994/; classtype:trojan-activity;sid:84728094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.x86"; depth:8; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864995/; classtype:trojan-activity;sid:84728095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.sh4"; depth:8; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864996/; classtype:trojan-activity;sid:84728096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.mips"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864997/; classtype:trojan-activity;sid:84728097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.arm4"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864998/; classtype:trojan-activity;sid:84728098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rep.arm5"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864999/; classtype:trojan-activity;sid:84728099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.80.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864993/; classtype:trojan-activity;sid:84728093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bbc1df9b-84c2-4fd3-a83e-55e6107d916a"; depth:47; endswith; nocase; http.host; content:"0hz5u1mn.moarefeslami.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864992/; classtype:trojan-activity;sid:84728092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b7031f38-b366-468d-a174-257599273c72"; depth:47; endswith; nocase; http.host; content:"0snofqmc.megaparikade.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864991/; classtype:trojan-activity;sid:84728091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/368c0d89-eccb-4dbc-8bc0-af78efae0e2d"; depth:37; endswith; nocase; http.host; content:"qbuhghd.melbetkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864990/; classtype:trojan-activity;sid:84728090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f4383c3b-41f8-4c4c-92e0-c87d378bde01"; depth:37; endswith; nocase; http.host; content:"qeqnjdds.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864989/; classtype:trojan-activity;sid:84728089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.171.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864988/; classtype:trojan-activity;sid:84728088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.223.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864987/; classtype:trojan-activity;sid:84728087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.97.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864986/; classtype:trojan-activity;sid:84728086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"193.233.113.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864985/; classtype:trojan-activity;sid:84728085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.106.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864984/; classtype:trojan-activity;sid:84728084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e2e3095-d3e0-46ed-9ff8-4946a6da363c"; depth:37; endswith; nocase; http.host; content:"ncpzdseh.usoleamoozesh.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864983/; classtype:trojan-activity;sid:84728083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.223.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864982/; classtype:trojan-activity;sid:84728082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864981/; classtype:trojan-activity;sid:84728081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.dick"; depth:12; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864969/; classtype:trojan-activity;sid:84728069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864970/; classtype:trojan-activity;sid:84728070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.dick"; depth:12; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864971/; classtype:trojan-activity;sid:84728071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864972/; classtype:trojan-activity;sid:84728072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.dick"; depth:12; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864973/; classtype:trojan-activity;sid:84728073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.dick"; depth:12; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864974/; classtype:trojan-activity;sid:84728074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864975/; classtype:trojan-activity;sid:84728075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864976/; classtype:trojan-activity;sid:84728076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864977/; classtype:trojan-activity;sid:84728077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864978/; classtype:trojan-activity;sid:84728078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864979/; classtype:trojan-activity;sid:84728079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.dick"; depth:13; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864980/; classtype:trojan-activity;sid:84728080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864954/; classtype:trojan-activity;sid:84728054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864955/; classtype:trojan-activity;sid:84728055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864956/; classtype:trojan-activity;sid:84728056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864957/; classtype:trojan-activity;sid:84728057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864958/; classtype:trojan-activity;sid:84728058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864959/; classtype:trojan-activity;sid:84728059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864960/; classtype:trojan-activity;sid:84728060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864961/; classtype:trojan-activity;sid:84728061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864962/; classtype:trojan-activity;sid:84728062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864963/; classtype:trojan-activity;sid:84728063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864964/; classtype:trojan-activity;sid:84728064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864965/; classtype:trojan-activity;sid:84728065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.aarch64"; depth:13; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864966/; classtype:trojan-activity;sid:84728066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"31.56.209.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864967/; classtype:trojan-activity;sid:84728067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.i468"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864968/; classtype:trojan-activity;sid:84728068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864953/; classtype:trojan-activity;sid:84728053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.152.28"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864952/; classtype:trojan-activity;sid:84728052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2e8ffe65-52c2-4ef6-8713-0c78e4a121eb"; depth:37; endswith; nocase; http.host; content:"chjwx.danestanihavarzeshi.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864951/; classtype:trojan-activity;sid:84728051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/np.txt"; depth:7; endswith; nocase; http.host; content:"viveturetiro.mx"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864950/; classtype:trojan-activity;sid:84728050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpazlluwij_14_05_meus_arquivosdetexto//01.txt"; depth:46; endswith; nocase; http.host; content:"andrefelipedonascime1778799406970.2241107.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864949/; classtype:trojan-activity;sid:84728049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de9b02ea-7628-46d9-86cf-a9dfb1fe2a5d"; depth:37; endswith; nocase; http.host; content:"fqcwxddh.tractor11.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864948/; classtype:trojan-activity;sid:84728048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpazlluwij_14_05_meus_arquivosdetexto/03.txt"; depth:45; endswith; nocase; http.host; content:"andrefelipedonascime1778799406970.2241107.meusitehostgator.com.br"; depth:65; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864947/; classtype:trojan-activity;sid:84728047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/billymonday.msi"; depth:16; endswith; nocase; http.host; content:"s-14billmondy.s3.us-east-2.amazonaws.com"; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864945/; classtype:trojan-activity;sid:84728045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/billymonday.msi"; depth:16; endswith; nocase; http.host; content:"s-14billmondy.s3.us-east-2.amazonaws.com"; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864946/; classtype:trojan-activity;sid:84728046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/zoom/windows/download.php"; depth:31; endswith; nocase; http.host; content:"samiksha.com.sg"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864941/; classtype:trojan-activity;sid:84728041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/zoom/windows/download.php"; depth:31; endswith; nocase; http.host; content:"samiksha.com.sg"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864942/; classtype:trojan-activity;sid:84728042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/zoom/windows/download.php/"; depth:32; endswith; nocase; http.host; content:"samiksha.com.sg"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864943/; classtype:trojan-activity;sid:84728043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi"; depth:34; endswith; nocase; http.host; content:"alpanel.screenconnect.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864944/; classtype:trojan-activity;sid:84728044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docusign/windows/download/index.php"; depth:36; endswith; nocase; http.host; content:"absolutecaninepa.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864940/; classtype:trojan-activity;sid:84728040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docusign/d0cs/windows/download/index.php"; depth:41; endswith; nocase; http.host; content:"docsonlineshare.shorepowersolution.net"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864939/; classtype:trojan-activity;sid:84728039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864935/; classtype:trojan-activity;sid:84728035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864936/; classtype:trojan-activity;sid:84728036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864937/; classtype:trojan-activity;sid:84728037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864938/; classtype:trojan-activity;sid:84728038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cumshotnews"; depth:12; endswith; nocase; http.host; content:"192.142.28.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864933/; classtype:trojan-activity;sid:84728033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.dick"; depth:12; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864934/; classtype:trojan-activity;sid:84728034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ff7be7df8b1596c3.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864932/; classtype:trojan-activity;sid:84728032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"176.82.171.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864931/; classtype:trojan-activity;sid:84728031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864922/; classtype:trojan-activity;sid:84728022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864923/; classtype:trojan-activity;sid:84728023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864924/; classtype:trojan-activity;sid:84728024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.dick"; depth:13; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864925/; classtype:trojan-activity;sid:84728025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.dick"; depth:12; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864926/; classtype:trojan-activity;sid:84728026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dick.sh"; depth:8; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864927/; classtype:trojan-activity;sid:84728027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.dick"; depth:12; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864928/; classtype:trojan-activity;sid:84728028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.dick"; depth:12; endswith; nocase; http.host; content:"45.135.194.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864929/; classtype:trojan-activity;sid:84728029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.10.230.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864930/; classtype:trojan-activity;sid:84728030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864921/; classtype:trojan-activity;sid:84728021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ab37b617-940d-4b56-bd46-6d5beb88a1e4"; depth:47; endswith; nocase; http.host; content:"jibkc2ky.geotechnictahuni.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864920/; classtype:trojan-activity;sid:84728020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b5bf87e3-a072-4603-a308-bfa23621298a"; depth:37; endswith; nocase; http.host; content:"ttmwdcsm.testranandegi.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864919/; classtype:trojan-activity;sid:84728019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.32.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864918/; classtype:trojan-activity;sid:84728018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ce0ea39-2bc7-40e9-9840-1e8387d45531"; depth:37; endswith; nocase; http.host; content:"dkrxwehc.testpaye.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864917/; classtype:trojan-activity;sid:84728017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864916/; classtype:trojan-activity;sid:84728016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.188.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864915/; classtype:trojan-activity;sid:84728015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b4ca518c-8957-4ffc-91dd-a80e0a865df5"; depth:37; endswith; nocase; http.host; content:"bxzyp.daneshkhanevade.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864914/; classtype:trojan-activity;sid:84728014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8fbe1ca0-3a94-4d25-8bed-0a8f0447b8a0"; depth:37; endswith; nocase; http.host; content:"cucnczaq.testdrivepaye3.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864913/; classtype:trojan-activity;sid:84728013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8f14f5a1-25de-4ced-a7b7-30205d9415fa"; depth:37; endswith; nocase; http.host; content:"oxfzzuaq.tasisathosseini.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864912/; classtype:trojan-activity;sid:84728012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.220.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864911/; classtype:trojan-activity;sid:84728011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79f1c4da-a639-4799-ae13-de96fa85d349"; depth:37; endswith; nocase; http.host; content:"vwochim.megaparikade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864910/; classtype:trojan-activity;sid:84728010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.251.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864909/; classtype:trojan-activity;sid:84728009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864908/; classtype:trojan-activity;sid:84728008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25/optimized_msi.png"; depth:21; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864903/; classtype:trojan-activity;sid:84728003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84/img_094508.png"; depth:18; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864904/; classtype:trojan-activity;sid:84728004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95/verygoodpersonhavingmybestchancestogivme.hta"; depth:48; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864905/; classtype:trojan-activity;sid:84728005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.bettercloud.commonitorthe-perils-of-expose-files-y-external-file-sharing-needs-security-prosess.php"; depth:109; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864906/; classtype:trojan-activity;sid:84728006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/92/goodplacebestchoiceformebetterplacecoming.hta"; depth:49; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864907/; classtype:trojan-activity;sid:84728007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.gartner.comennewsroompress-releases2025-05-13-gartner-identifies-top-trends-shaping-the-future-of-cloud-o900.php"; depth:122; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864898/; classtype:trojan-activity;sid:84727998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84/goodthingshappenedsoonbro.hta"; depth:33; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864899/; classtype:trojan-activity;sid:84727999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpsappexchange.salesforce.comappxlistingdetaillistingid=a0n3a00000efntjun3a00000efntjun3a00000efntjun3a00000efntt.php"; depth:120; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864900/; classtype:trojan-activity;sid:84728000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87/goodthingswithbetterworldcoming.hta"; depth:39; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864901/; classtype:trojan-activity;sid:84728001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.bettercloud.commonitorthe-perils-of-exposed-files-why-external-file-sharing-needs-security-prosess.php"; depth:112; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864902/; classtype:trojan-activity;sid:84728002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18300527-3931-4870-a422-e33acbf09266"; depth:37; endswith; nocase; http.host; content:"qqpidjr.megaparikade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864897/; classtype:trojan-activity;sid:84727997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67df51fe-9a20-4165-bd83-a0cf8387b77f"; depth:37; endswith; nocase; http.host; content:"fcxkiekt.tasisathosseini.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864896/; classtype:trojan-activity;sid:84727996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.54.70"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864895/; classtype:trojan-activity;sid:84727995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"124.198.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864894/; classtype:trojan-activity;sid:84727994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"124.198.132.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864893/; classtype:trojan-activity;sid:84727993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"124.198.131.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864892/; classtype:trojan-activity;sid:84727992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"124.198.131.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864891/; classtype:trojan-activity;sid:84727991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.220.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864890/; classtype:trojan-activity;sid:84727990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864889/; classtype:trojan-activity;sid:84727989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864888/; classtype:trojan-activity;sid:84727988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864883/; classtype:trojan-activity;sid:84727983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.aarch64"; depth:13; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864884/; classtype:trojan-activity;sid:84727984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864885/; classtype:trojan-activity;sid:84727985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864886/; classtype:trojan-activity;sid:84727986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsrouter"; depth:16; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864887/; classtype:trojan-activity;sid:84727987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864880/; classtype:trojan-activity;sid:84727980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864881/; classtype:trojan-activity;sid:84727981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864882/; classtype:trojan-activity;sid:84727982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864875/; classtype:trojan-activity;sid:84727975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864876/; classtype:trojan-activity;sid:84727976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864877/; classtype:trojan-activity;sid:84727977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864878/; classtype:trojan-activity;sid:84727978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"176.65.139.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864879/; classtype:trojan-activity;sid:84727979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm"; depth:12; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864873/; classtype:trojan-activity;sid:84727973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864874/; classtype:trojan-activity;sid:84727974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864872/; classtype:trojan-activity;sid:84727972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864870/; classtype:trojan-activity;sid:84727970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864871/; classtype:trojan-activity;sid:84727971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5c1c5e3e-63b1-473a-a600-8f7a1935c2be"; depth:37; endswith; nocase; http.host; content:"mjwougwp.tarikhravannovin.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864869/; classtype:trojan-activity;sid:84727969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"103.168.67.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864868/; classtype:trojan-activity;sid:84727968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"89.40.31.51"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864867/; classtype:trojan-activity;sid:84727967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=917e1e3d-cfad-4500-ae28-b435cbd1a785"; depth:47; endswith; nocase; http.host; content:"0dt4r35j.gavaedfagahe.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864866/; classtype:trojan-activity;sid:84727966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"89.40.31.51"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864865/; classtype:trojan-activity;sid:84727965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"62.60.226.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864863/; classtype:trojan-activity;sid:84727963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"62.60.226.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864864/; classtype:trojan-activity;sid:84727964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"64.89.160.96"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864859/; classtype:trojan-activity;sid:84727959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"46.151.182.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864860/; classtype:trojan-activity;sid:84727960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"64.89.160.96"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864861/; classtype:trojan-activity;sid:84727961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"46.151.182.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864862/; classtype:trojan-activity;sid:84727962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.39.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864858/; classtype:trojan-activity;sid:84727958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.188.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864857/; classtype:trojan-activity;sid:84727957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.190.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864855/; classtype:trojan-activity;sid:84727955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"213.111.147.16"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864856/; classtype:trojan-activity;sid:84727956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.188.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864853/; classtype:trojan-activity;sid:84727953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.188.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864854/; classtype:trojan-activity;sid:84727954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.188.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864852/; classtype:trojan-activity;sid:84727952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.190.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864849/; classtype:trojan-activity;sid:84727949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.190.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864850/; classtype:trojan-activity;sid:84727950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"213.111.147.16"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864851/; classtype:trojan-activity;sid:84727951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94/brightfeaturescomingforbestthingsforme.hta"; depth:46; endswith; nocase; http.host; content:"107.172.235.215"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864848/; classtype:trojan-activity;sid:84727948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_11ecfa7ba4592d56.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864847/; classtype:trojan-activity;sid:84727947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.184.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864845/; classtype:trojan-activity;sid:84727945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.188.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864846/; classtype:trojan-activity;sid:84727946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.236.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864844/; classtype:trojan-activity;sid:84727944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.184.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864842/; classtype:trojan-activity;sid:84727942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.184.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864843/; classtype:trojan-activity;sid:84727943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.184.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864839/; classtype:trojan-activity;sid:84727939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.188.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864840/; classtype:trojan-activity;sid:84727940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.188.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864841/; classtype:trojan-activity;sid:84727941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.185.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864837/; classtype:trojan-activity;sid:84727937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.185.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864838/; classtype:trojan-activity;sid:84727938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.184.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864832/; classtype:trojan-activity;sid:84727932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.185.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864833/; classtype:trojan-activity;sid:84727933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.188.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864834/; classtype:trojan-activity;sid:84727934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.185.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864835/; classtype:trojan-activity;sid:84727935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.184.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864836/; classtype:trojan-activity;sid:84727936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.24.247"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864831/; classtype:trojan-activity;sid:84727931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"77.83.39.246"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864830/; classtype:trojan-activity;sid:84727930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"77.83.39.195"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864827/; classtype:trojan-activity;sid:84727927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"77.83.39.195"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864828/; classtype:trojan-activity;sid:84727928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"77.83.39.246"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864829/; classtype:trojan-activity;sid:84727929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"130.94.114.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864826/; classtype:trojan-activity;sid:84727926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"45.197.12.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864825/; classtype:trojan-activity;sid:84727925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.185.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864824/; classtype:trojan-activity;sid:84727924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c9304589-54fb-4d24-8a01-a28c1055b068"; depth:37; endswith; nocase; http.host; content:"amrwjltv.tarikhcheravanshenasi.xyz"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864823/; classtype:trojan-activity;sid:84727923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864822/; classtype:trojan-activity;sid:84727922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864821/; classtype:trojan-activity;sid:84727921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864819/; classtype:trojan-activity;sid:84727919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864820/; classtype:trojan-activity;sid:84727920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864818/; classtype:trojan-activity;sid:84727918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864817/; classtype:trojan-activity;sid:84727917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864814/; classtype:trojan-activity;sid:84727914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864815/; classtype:trojan-activity;sid:84727915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864816/; classtype:trojan-activity;sid:84727916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864810/; classtype:trojan-activity;sid:84727910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864811/; classtype:trojan-activity;sid:84727911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864812/; classtype:trojan-activity;sid:84727912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.205"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864813/; classtype:trojan-activity;sid:84727913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864809/; classtype:trojan-activity;sid:84727909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864800/; classtype:trojan-activity;sid:84727900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864801/; classtype:trojan-activity;sid:84727901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864802/; classtype:trojan-activity;sid:84727902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864803/; classtype:trojan-activity;sid:84727903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864804/; classtype:trojan-activity;sid:84727904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864805/; classtype:trojan-activity;sid:84727905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864806/; classtype:trojan-activity;sid:84727906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864807/; classtype:trojan-activity;sid:84727907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864808/; classtype:trojan-activity;sid:84727908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864796/; classtype:trojan-activity;sid:84727896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864797/; classtype:trojan-activity;sid:84727897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864798/; classtype:trojan-activity;sid:84727898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864799/; classtype:trojan-activity;sid:84727899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.188.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864795/; classtype:trojan-activity;sid:84727895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.188.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864794/; classtype:trojan-activity;sid:84727894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e100b367-ecf6-41a7-a832-59e9eed7ffb4"; depth:37; endswith; nocase; http.host; content:"xrexe.bookdrive.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864793/; classtype:trojan-activity;sid:84727893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.236.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864792/; classtype:trojan-activity;sid:84727892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.3.251"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864791/; classtype:trojan-activity;sid:84727891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=27925330-01b4-4e04-b077-227f05e04e2d"; depth:47; endswith; nocase; http.host; content:"h4z6bu79.akhbarsport.info"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864790/; classtype:trojan-activity;sid:84727890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.52.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864789/; classtype:trojan-activity;sid:84727889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.50.148.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864788/; classtype:trojan-activity;sid:84727888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/103d6889-6e12-44d9-9b49-ea5952cc9014"; depth:37; endswith; nocase; http.host; content:"onnzlkiy.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864787/; classtype:trojan-activity;sid:84727887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.227.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864786/; classtype:trojan-activity;sid:84727886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.241.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864785/; classtype:trojan-activity;sid:84727885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.3.251"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864784/; classtype:trojan-activity;sid:84727884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.ppc440"; depth:12; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864783/; classtype:trojan-activity;sid:84727883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.i686"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864780/; classtype:trojan-activity;sid:84727880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.ppc"; depth:9; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864781/; classtype:trojan-activity;sid:84727881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.m68k"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864782/; classtype:trojan-activity;sid:84727882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.i486"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864777/; classtype:trojan-activity;sid:84727877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.x86"; depth:9; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864778/; classtype:trojan-activity;sid:84727878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.sh4"; depth:9; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864779/; classtype:trojan-activity;sid:84727879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864776/; classtype:trojan-activity;sid:84727876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864768/; classtype:trojan-activity;sid:84727868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864769/; classtype:trojan-activity;sid:84727869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864770/; classtype:trojan-activity;sid:84727870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864771/; classtype:trojan-activity;sid:84727871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864772/; classtype:trojan-activity;sid:84727872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864773/; classtype:trojan-activity;sid:84727873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864774/; classtype:trojan-activity;sid:84727874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864775/; classtype:trojan-activity;sid:84727875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel"; depth:13; endswith; nocase; http.host; content:"103.119.13.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864767/; classtype:trojan-activity;sid:84727867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.242.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864766/; classtype:trojan-activity;sid:84727866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.50.148.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864765/; classtype:trojan-activity;sid:84727865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.232.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864764/; classtype:trojan-activity;sid:84727864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.24.247"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864763/; classtype:trojan-activity;sid:84727863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.241.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864762/; classtype:trojan-activity;sid:84727862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output_86.bin"; depth:14; endswith; nocase; http.host; content:"103.119.3.91"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864761/; classtype:trojan-activity;sid:84727861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.52.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864760/; classtype:trojan-activity;sid:84727860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b19a75f0-f4ae-4e17-9069-adeec525d6c5"; depth:37; endswith; nocase; http.host; content:"mukvsxft.sazebetonarme.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864759/; classtype:trojan-activity;sid:84727859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.227.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864758/; classtype:trojan-activity;sid:84727858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.77.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864757/; classtype:trojan-activity;sid:84727857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.39.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864756/; classtype:trojan-activity;sid:84727856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.232.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864755/; classtype:trojan-activity;sid:84727855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.242.137.63"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864754/; classtype:trojan-activity;sid:84727854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"158.255.83.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864753/; classtype:trojan-activity;sid:84727853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dick.sh"; depth:8; endswith; nocase; http.host; content:"176.65.148.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864751/; classtype:trojan-activity;sid:84727851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"39.67.158.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864752/; classtype:trojan-activity;sid:84727852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"222.137.166.147"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864749/; classtype:trojan-activity;sid:84727849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"policeonliine2026.vercel.app"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864750/; classtype:trojan-activity;sid:84727850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c00e71adddd6740e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864746/; classtype:trojan-activity;sid:84727846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6b58124b24e186cf.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864747/; classtype:trojan-activity;sid:84727847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/direct/072cfe24-aace-432d-a7d7-a20945261951/microsoftteamsupdate.msi"; depth:78; endswith; nocase; http.host; content:"store1.gofile.io"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864748/; classtype:trojan-activity;sid:84727848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c97ecfeaa6eec157.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864745/; classtype:trojan-activity;sid:84727845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=aaafc769-ed3f-4200-a620-48a9d9e7a3f3"; depth:47; endswith; nocase; http.host; content:"nrqyn3ip.garatequran.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864744/; classtype:trojan-activity;sid:84727844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9a888675-964e-42f5-8187-968d29deef86"; depth:37; endswith; nocase; http.host; content:"fhprjdfj.sanjeshvaandazegiri.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864743/; classtype:trojan-activity;sid:84727843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.201.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864742/; classtype:trojan-activity;sid:84727842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"154.242.137.63"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864741/; classtype:trojan-activity;sid:84727841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_x86"; depth:8; endswith; nocase; http.host; content:"80.94.92.170"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864740/; classtype:trojan-activity;sid:84727840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mipsel"; depth:11; endswith; nocase; http.host; content:"80.94.92.170"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864739/; classtype:trojan-activity;sid:84727839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm"; depth:8; endswith; nocase; http.host; content:"80.94.92.170"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864738/; classtype:trojan-activity;sid:84727838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm7"; depth:9; endswith; nocase; http.host; content:"80.94.92.170"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864736/; classtype:trojan-activity;sid:84727836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mips"; depth:9; endswith; nocase; http.host; content:"80.94.92.170"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864737/; classtype:trojan-activity;sid:84727837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_x86_64"; depth:11; endswith; nocase; http.host; content:"80.94.92.170"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864735/; classtype:trojan-activity;sid:84727835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.49.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864734/; classtype:trojan-activity;sid:84727834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a5856b6-5ac4-4104-950b-01e928f3ab8d"; depth:37; endswith; nocase; http.host; content:"yqzbm.barnamenevisi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864733/; classtype:trojan-activity;sid:84727833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.201.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864732/; classtype:trojan-activity;sid:84727832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.150.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864731/; classtype:trojan-activity;sid:84727831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e19c2c74-2c32-4567-ac94-2e37e701f082"; depth:37; endswith; nocase; http.host; content:"maryaxdn.sanjeshravani.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864730/; classtype:trojan-activity;sid:84727830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a06c6046-33db-4fc4-8367-971293307ac9"; depth:47; endswith; nocase; http.host; content:"fpsjq82d.shartbandifootballkade.online"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864729/; classtype:trojan-activity;sid:84727829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmips"; depth:6; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864728/; classtype:trojan-activity;sid:84727828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"23.148.144.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864727/; classtype:trojan-activity;sid:84727827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"23.148.144.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864723/; classtype:trojan-activity;sid:84727823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"23.148.144.58"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864724/; classtype:trojan-activity;sid:84727824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"23.146.242.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864725/; classtype:trojan-activity;sid:84727825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"23.146.242.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864726/; classtype:trojan-activity;sid:84727826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.16.164.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864722/; classtype:trojan-activity;sid:84727822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm7"; depth:6; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864721/; classtype:trojan-activity;sid:84727821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm5"; depth:6; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864714/; classtype:trojan-activity;sid:84727814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm"; depth:8; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864715/; classtype:trojan-activity;sid:84727815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm6"; depth:6; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864716/; classtype:trojan-activity;sid:84727816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm"; depth:5; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864717/; classtype:trojan-activity;sid:84727817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmpsl"; depth:6; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864718/; classtype:trojan-activity;sid:84727818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tul.arm7"; depth:9; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864719/; classtype:trojan-activity;sid:84727819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm7"; depth:9; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864720/; classtype:trojan-activity;sid:84727820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm5"; depth:9; endswith; nocase; http.host; content:"185.223.82.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864713/; classtype:trojan-activity;sid:84727813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.174.11"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864712/; classtype:trojan-activity;sid:84727812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6221f596-557c-4ee4-b959-b95791576ac0"; depth:37; endswith; nocase; http.host; content:"bcfrgjpx.sakhtemandade.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864711/; classtype:trojan-activity;sid:84727811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.220.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864710/; classtype:trojan-activity;sid:84727810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5bf76801-ba53-4d8b-9cd5-90988b1f2116"; depth:37; endswith; nocase; http.host; content:"vazqhwad.sadreislam.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864709/; classtype:trojan-activity;sid:84727809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.220.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864708/; classtype:trojan-activity;sid:84727808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.4.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864707/; classtype:trojan-activity;sid:84727807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=03634b15-1e50-421f-b0fb-c7c1f5242acd"; depth:47; endswith; nocase; http.host; content:"qilapvvt.ganuneasasi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864706/; classtype:trojan-activity;sid:84727806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a585e437-f996-4efa-916c-4bbad2290c8f"; depth:37; endswith; nocase; http.host; content:"pnuwf.bankefile.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864705/; classtype:trojan-activity;sid:84727805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6106c9f6-2ff1-4f99-8711-1d19b7af7f1b"; depth:47; endswith; nocase; http.host; content:"yl1r3n6e.shartbandifootballkade.online"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864704/; classtype:trojan-activity;sid:84727804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b429b91-a801-4b60-9aff-da22e9b182b3"; depth:37; endswith; nocase; http.host; content:"utnoqzc.melbetkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864703/; classtype:trojan-activity;sid:84727803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abf44237-8254-463d-8d53-457b384ef5e2"; depth:37; endswith; nocase; http.host; content:"pauheuld.questionsmotor.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864702/; classtype:trojan-activity;sid:84727802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.157.108"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864701/; classtype:trojan-activity;sid:84727801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.4.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864700/; classtype:trojan-activity;sid:84727800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.47.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864699/; classtype:trojan-activity;sid:84727799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864698/; classtype:trojan-activity;sid:84727798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.145.158"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864697/; classtype:trojan-activity;sid:84727797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.182.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864696/; classtype:trojan-activity;sid:84727796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33497cf8-28be-4556-82eb-c6cb58f74919"; depth:37; endswith; nocase; http.host; content:"everztsi.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864695/; classtype:trojan-activity;sid:84727795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.9.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864694/; classtype:trojan-activity;sid:84727794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.47.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864693/; classtype:trojan-activity;sid:84727793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.182.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864692/; classtype:trojan-activity;sid:84727792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.26.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864691/; classtype:trojan-activity;sid:84727791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.179.88.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864690/; classtype:trojan-activity;sid:84727790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.127.5"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864689/; classtype:trojan-activity;sid:84727789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.247.241"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864688/; classtype:trojan-activity;sid:84727788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.242.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864687/; classtype:trojan-activity;sid:84727787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd00127f-f290-41e4-a828-1f87145ca4c5"; depth:37; endswith; nocase; http.host; content:"tblrdccw.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864686/; classtype:trojan-activity;sid:84727786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.127.5"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864685/; classtype:trojan-activity;sid:84727785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.76.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864684/; classtype:trojan-activity;sid:84727784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.76.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864683/; classtype:trojan-activity;sid:84727783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d41d9a01-e96c-4e7b-aca8-f7580ad4d3eb"; depth:47; endswith; nocase; http.host; content:"543533s9.nagshekeshi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864682/; classtype:trojan-activity;sid:84727782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.27.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864681/; classtype:trojan-activity;sid:84727781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5a86ae5-a9e9-4dd5-81d6-4415606fc1cb"; depth:37; endswith; nocase; http.host; content:"tawej.bankefiile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864680/; classtype:trojan-activity;sid:84727780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00e1ee19-4c81-4043-a499-43d8f935a0cc"; depth:37; endswith; nocase; http.host; content:"fkwiyfrv.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864679/; classtype:trojan-activity;sid:84727779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=23d6a378-6e9d-4926-a03b-a63b7198edbc"; depth:47; endswith; nocase; http.host; content:"7y077du1.enfejarkade.online"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864678/; classtype:trojan-activity;sid:84727778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.167.224.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864677/; classtype:trojan-activity;sid:84727777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/683d4635-b1e0-4cb0-8815-d59949166ee2"; depth:37; endswith; nocase; http.host; content:"lvegwzzz.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864676/; classtype:trojan-activity;sid:84727776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864675/; classtype:trojan-activity;sid:84727775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c95b6da-0fd9-42f6-86e7-b6829178737c"; depth:37; endswith; nocase; http.host; content:"lhpahogn.karafarini.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864674/; classtype:trojan-activity;sid:84727774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.237.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864673/; classtype:trojan-activity;sid:84727773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.34.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864672/; classtype:trojan-activity;sid:84727772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.34.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864671/; classtype:trojan-activity;sid:84727771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6411e125-68f0-46c4-aaf8-d9f7a0a4bcf3"; depth:47; endswith; nocase; http.host; content:"sdppicy4.shansline.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864670/; classtype:trojan-activity;sid:84727770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.100.132.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864669/; classtype:trojan-activity;sid:84727769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb923bef-04d8-45bf-b0f4-bdd253aff14e"; depth:37; endswith; nocase; http.host; content:"qelljcx.megaparikade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864668/; classtype:trojan-activity;sid:84727768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.196.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864667/; classtype:trojan-activity;sid:84727767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.35.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864666/; classtype:trojan-activity;sid:84727766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a5735095-434f-4e01-9b16-d7b66d90ec96"; depth:37; endswith; nocase; http.host; content:"xiazx.azmoonzare.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864665/; classtype:trojan-activity;sid:84727765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcde484a-5c02-4f55-b844-02551a80424c"; depth:37; endswith; nocase; http.host; content:"bgfwrtgo.jam-jahani.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864664/; classtype:trojan-activity;sid:84727764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.100.132.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864663/; classtype:trojan-activity;sid:84727763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.196.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864662/; classtype:trojan-activity;sid:84727762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.118.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864661/; classtype:trojan-activity;sid:84727761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=15ee193a-365d-4bf3-b08a-86fc71d9a1f3"; depth:47; endswith; nocase; http.host; content:"q6ewl5b2.casinokade.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864660/; classtype:trojan-activity;sid:84727760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adc55840-71f5-451e-9521-c9308c34ee5e"; depth:37; endswith; nocase; http.host; content:"twmpoxnh.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864659/; classtype:trojan-activity;sid:84727759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.59.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864657/; classtype:trojan-activity;sid:84727757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.35.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864658/; classtype:trojan-activity;sid:84727758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.193.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864655/; classtype:trojan-activity;sid:84727755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864656/; classtype:trojan-activity;sid:84727756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.193.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864654/; classtype:trojan-activity;sid:84727754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864653/; classtype:trojan-activity;sid:84727753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0294fa63-458e-417a-a250-cc00d81b6795"; depth:37; endswith; nocase; http.host; content:"cwpjgrng.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864652/; classtype:trojan-activity;sid:84727752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.18.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864651/; classtype:trojan-activity;sid:84727751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc6de1c8-82ed-4e30-af1d-eae42754b3ba"; depth:37; endswith; nocase; http.host; content:"wxlfp.motorbook.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864650/; classtype:trojan-activity;sid:84727750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c085d521-cb10-4e60-8191-117bfe9a736c"; depth:37; endswith; nocase; http.host; content:"idcmamvr.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864649/; classtype:trojan-activity;sid:84727749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.18.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864648/; classtype:trojan-activity;sid:84727748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.251.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864647/; classtype:trojan-activity;sid:84727747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.14.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864646/; classtype:trojan-activity;sid:84727746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1abab7ca-15bf-45f7-acec-9ce0a13f9009"; depth:37; endswith; nocase; http.host; content:"ldbrrvwc.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864645/; classtype:trojan-activity;sid:84727745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.182.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864644/; classtype:trojan-activity;sid:84727744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.5.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864643/; classtype:trojan-activity;sid:84727743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.91.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864641/; classtype:trojan-activity;sid:84727741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.182.239.45"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864642/; classtype:trojan-activity;sid:84727742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.5.203"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864640/; classtype:trojan-activity;sid:84727740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4d484c51-cb81-4b7a-825b-34ad656e518a"; depth:47; endswith; nocase; http.host; content:"r7mbajwk.bordestan.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864639/; classtype:trojan-activity;sid:84727739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.182.239.45"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864638/; classtype:trojan-activity;sid:84727738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d418f9b5-5c26-4072-a439-6ecec91483ff"; depth:47; endswith; nocase; http.host; content:"q5r1s83i.shartmag.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864637/; classtype:trojan-activity;sid:84727737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a3afd54-ee9b-4230-a75f-68e6ed180c56"; depth:37; endswith; nocase; http.host; content:"iyejvhz.shansbartar.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864636/; classtype:trojan-activity;sid:84727736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.121.48"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864635/; classtype:trojan-activity;sid:84727735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.80.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864634/; classtype:trojan-activity;sid:84727734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.182.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864633/; classtype:trojan-activity;sid:84727733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.193.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864632/; classtype:trojan-activity;sid:84727732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1c9c47bd-f7bc-44e4-908c-82b6a1f5e7c7"; depth:37; endswith; nocase; http.host; content:"rfvxpytm.psgnewsiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864631/; classtype:trojan-activity;sid:84727731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.18.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864630/; classtype:trojan-activity;sid:84727730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.140.35.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864629/; classtype:trojan-activity;sid:84727729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.63.185.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864628/; classtype:trojan-activity;sid:84727728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.80.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864627/; classtype:trojan-activity;sid:84727727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.18.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864626/; classtype:trojan-activity;sid:84727726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.201.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864625/; classtype:trojan-activity;sid:84727725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e25423e-77ac-4d3c-a31a-c69495774c23"; depth:37; endswith; nocase; http.host; content:"zywnzrqf.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864624/; classtype:trojan-activity;sid:84727724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b37bcd63-5dae-437f-a89f-bbb72d9841f1"; depth:37; endswith; nocase; http.host; content:"ipiyt.moshavereravan.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864623/; classtype:trojan-activity;sid:84727723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5c80212b-1dd2-4b26-a687-6666f7c4ae74"; depth:47; endswith; nocase; http.host; content:"rduzbygb.mustatabashpazi.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864622/; classtype:trojan-activity;sid:84727722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmixx.exe"; depth:10; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864619/; classtype:trojan-activity;sid:84727719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us.exe"; depth:7; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864620/; classtype:trojan-activity;sid:84727720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmix.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864621/; classtype:trojan-activity;sid:84727721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.85.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864618/; classtype:trojan-activity;sid:84727718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.98.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864617/; classtype:trojan-activity;sid:84727717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.193.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864616/; classtype:trojan-activity;sid:84727716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.85.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864615/; classtype:trojan-activity;sid:84727715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f31599b5-46f7-4078-aad4-d560453d5e16"; depth:37; endswith; nocase; http.host; content:"igcokmdd.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864614/; classtype:trojan-activity;sid:84727714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.91.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864613/; classtype:trojan-activity;sid:84727713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.254.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864612/; classtype:trojan-activity;sid:84727712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b657f4ef-fa14-46a2-95a9-be50525e3be0"; depth:37; endswith; nocase; http.host; content:"aasdaonz.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864611/; classtype:trojan-activity;sid:84727711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.237.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864610/; classtype:trojan-activity;sid:84727710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.19.144"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864609/; classtype:trojan-activity;sid:84727709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=45fe5de3-775f-49d9-8223-b09e26135777"; depth:47; endswith; nocase; http.host; content:"qj2ddn7c.zabanmemari.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864608/; classtype:trojan-activity;sid:84727708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.254.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864607/; classtype:trojan-activity;sid:84727707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864606/; classtype:trojan-activity;sid:84727706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87e94c82-8c29-4b7f-aee1-9b0ad41c70e8"; depth:37; endswith; nocase; http.host; content:"irtefuln.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864605/; classtype:trojan-activity;sid:84727705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.179.88.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864604/; classtype:trojan-activity;sid:84727704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yui/86u5"; depth:9; endswith; nocase; http.host; content:"95.214.53.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864603/; classtype:trojan-activity;sid:84727703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yui/ar712"; depth:10; endswith; nocase; http.host; content:"95.214.53.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864599/; classtype:trojan-activity;sid:84727699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yui/86u4"; depth:9; endswith; nocase; http.host; content:"95.214.53.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864600/; classtype:trojan-activity;sid:84727700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yui/ar512"; depth:10; endswith; nocase; http.host; content:"95.214.53.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864601/; classtype:trojan-activity;sid:84727701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yui/m4y"; depth:8; endswith; nocase; http.host; content:"95.214.53.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864602/; classtype:trojan-activity;sid:84727702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33c08169-d87c-4280-8d6e-2b67130f6a57"; depth:37; endswith; nocase; http.host; content:"zxokl.mabaninazaridelavar.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864598/; classtype:trojan-activity;sid:84727698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.19.144"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864597/; classtype:trojan-activity;sid:84727697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79a5b0ac-cdb7-4023-a710-7280374751e1"; depth:37; endswith; nocase; http.host; content:"dtgncsqn.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864596/; classtype:trojan-activity;sid:84727696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.231.239"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864595/; classtype:trojan-activity;sid:84727695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864594/; classtype:trojan-activity;sid:84727694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.38.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864593/; classtype:trojan-activity;sid:84727693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864592/; classtype:trojan-activity;sid:84727692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm7"; depth:12; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864590/; classtype:trojan-activity;sid:84727690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm"; depth:11; endswith; nocase; http.host; content:"bitter-handsome-truck.digivmm.katapult.cloud"; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864591/; classtype:trojan-activity;sid:84727691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm"; depth:11; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864589/; classtype:trojan-activity;sid:84727689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monero.arm7"; depth:12; endswith; nocase; http.host; content:"152.89.76.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864588/; classtype:trojan-activity;sid:84727688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.231.239"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864587/; classtype:trojan-activity;sid:84727687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.247.87.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864586/; classtype:trojan-activity;sid:84727686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864585/; classtype:trojan-activity;sid:84727685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c6283d6e-0b96-40ae-bfe6-4dfba30cf762"; depth:37; endswith; nocase; http.host; content:"xtyqemyq.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864584/; classtype:trojan-activity;sid:84727684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.69.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864583/; classtype:trojan-activity;sid:84727683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.151.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864582/; classtype:trojan-activity;sid:84727682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1476d4eb-7aa8-4ded-ba64-1db4dd15fca4"; depth:37; endswith; nocase; http.host; content:"qchwdca.rocketbet.pro"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864581/; classtype:trojan-activity;sid:84727681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d24d4db3-f3e0-4245-8943-d508b5b1d46a"; depth:47; endswith; nocase; http.host; content:"rne9p9if.shartbandikade.online"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864580/; classtype:trojan-activity;sid:84727680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.201.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864579/; classtype:trojan-activity;sid:84727679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.201.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864578/; classtype:trojan-activity;sid:84727678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69062b94-c1b7-4be1-88cd-17679755d67e"; depth:37; endswith; nocase; http.host; content:"fsphwjzi.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864577/; classtype:trojan-activity;sid:84727677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.241.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864576/; classtype:trojan-activity;sid:84727676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.215.58.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864575/; classtype:trojan-activity;sid:84727675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9dc854ba-db5a-41a0-b72e-619b9f927b92"; depth:47; endswith; nocase; http.host; content:"g7of4qhx.zabanhaggani.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864574/; classtype:trojan-activity;sid:84727674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ab9216d-5c2b-4296-a7bb-01c13617b79d"; depth:37; endswith; nocase; http.host; content:"kagug.mabaninazari.shop"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864573/; classtype:trojan-activity;sid:84727673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.227.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864572/; classtype:trojan-activity;sid:84727672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3d2de796-fef6-4027-b67d-009f9e15b964"; depth:37; endswith; nocase; http.host; content:"emqtqmnj.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864571/; classtype:trojan-activity;sid:84727671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.241.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864570/; classtype:trojan-activity;sid:84727670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.221.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864569/; classtype:trojan-activity;sid:84727669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.11.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864568/; classtype:trojan-activity;sid:84727668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.11.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864567/; classtype:trojan-activity;sid:84727667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72c4bc63-821e-4c58-990c-7a4cfdb8e58d"; depth:37; endswith; nocase; http.host; content:"cfwrfrqx.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864566/; classtype:trojan-activity;sid:84727666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.51.46"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864565/; classtype:trojan-activity;sid:84727665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.236.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864564/; classtype:trojan-activity;sid:84727664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.151.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864563/; classtype:trojan-activity;sid:84727663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.236.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864562/; classtype:trojan-activity;sid:84727662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.215.58.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864561/; classtype:trojan-activity;sid:84727661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.115.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864560/; classtype:trojan-activity;sid:84727660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a3e47055e098a7f8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864559/; classtype:trojan-activity;sid:84727659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d54e501c-b565-4f5e-814a-4f1b29588ae5"; depth:37; endswith; nocase; http.host; content:"ockpahmv.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864558/; classtype:trojan-activity;sid:84727658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.115.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864557/; classtype:trojan-activity;sid:84727657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.233.214"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864556/; classtype:trojan-activity;sid:84727656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.57.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864555/; classtype:trojan-activity;sid:84727655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.75.13.98"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864554/; classtype:trojan-activity;sid:84727654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.174.11"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864553/; classtype:trojan-activity;sid:84727653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.201.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864552/; classtype:trojan-activity;sid:84727652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29eb7140-b04b-4014-9332-bbacd90534f5"; depth:37; endswith; nocase; http.host; content:"shrqj.mabanimashin.site"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864551/; classtype:trojan-activity;sid:84727651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"video7566.vercel.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864550/; classtype:trojan-activity;sid:84727650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a7796ba1-14ae-42ec-9ae9-c96db1cdb3c4"; depth:47; endswith; nocase; http.host; content:"of8p7ob4.mururhesabdari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864549/; classtype:trojan-activity;sid:84727649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok"; depth:3; endswith; nocase; http.host; content:"5.182.210.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864548/; classtype:trojan-activity;sid:84727648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa283f87-fd18-405a-add5-7bdac374ab40"; depth:37; endswith; nocase; http.host; content:"fcsulewd.karafarini.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864547/; classtype:trojan-activity;sid:84727647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.75.13.98"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864546/; classtype:trojan-activity;sid:84727646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.57.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864545/; classtype:trojan-activity;sid:84727645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9d946edb-9321-4e91-b022-26d6fd36d963"; depth:47; endswith; nocase; http.host; content:"npmc4uw2.zabanenglishanari.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864544/; classtype:trojan-activity;sid:84727644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.233.214"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864543/; classtype:trojan-activity;sid:84727643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.51.46"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864542/; classtype:trojan-activity;sid:84727642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.62.155"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864540/; classtype:trojan-activity;sid:84727640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.62.155"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864541/; classtype:trojan-activity;sid:84727641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=08711c72-b549-4aa4-a739-bbe0df0f976c"; depth:47; endswith; nocase; http.host; content:"sw9k00e8.shartbandifootballkade.online"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864539/; classtype:trojan-activity;sid:84727639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/49750f58-70a0-4bc9-a794-e8f0b8a6e0d2"; depth:37; endswith; nocase; http.host; content:"xntwroz.melbetkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864538/; classtype:trojan-activity;sid:84727638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/904cb344-01c1-4e71-bbaa-785172667e72"; depth:37; endswith; nocase; http.host; content:"aaqgnsji.jam-jahani.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864537/; classtype:trojan-activity;sid:84727637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.171.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864536/; classtype:trojan-activity;sid:84727636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.29.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864535/; classtype:trojan-activity;sid:84727635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24d1c883-fc9e-4d37-a4c2-bbebe9ba7c95"; depth:37; endswith; nocase; http.host; content:"ojblxlua.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864534/; classtype:trojan-activity;sid:84727634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.176.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864533/; classtype:trojan-activity;sid:84727633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864532/; classtype:trojan-activity;sid:84727632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/444/16020572.bin"; depth:17; endswith; nocase; http.host; content:"27.124.40.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864531/; classtype:trojan-activity;sid:84727631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/444/chart.exe"; depth:14; endswith; nocase; http.host; content:"27.124.40.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864530/; classtype:trojan-activity;sid:84727630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.108.103.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864529/; classtype:trojan-activity;sid:84727629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a8011a7-cc17-4af0-abc3-df98ab7daf5a"; depth:37; endswith; nocase; http.host; content:"rteutcjg.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864528/; classtype:trojan-activity;sid:84727628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/84f6698d-87bc-4c8a-8770-bd4f669c61e5"; depth:37; endswith; nocase; http.host; content:"ajthn.mabanieslami2.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864527/; classtype:trojan-activity;sid:84727627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b99062f2d7807484.ps1"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864526/; classtype:trojan-activity;sid:84727626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.4.140.56"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864525/; classtype:trojan-activity;sid:84727625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.4.140.56"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864524/; classtype:trojan-activity;sid:84727624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.164.107.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864523/; classtype:trojan-activity;sid:84727623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.80.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864522/; classtype:trojan-activity;sid:84727622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.164.107.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864521/; classtype:trojan-activity;sid:84727621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47462296-2501-4eaf-8e3f-4ca0565f69a6"; depth:37; endswith; nocase; http.host; content:"zrbhitjy.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864520/; classtype:trojan-activity;sid:84727620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fe1d1674-63bb-4185-ada9-ffa5c2b0f99f"; depth:47; endswith; nocase; http.host; content:"21g49hcq.vanatarsim.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864519/; classtype:trojan-activity;sid:84727619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.12.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864518/; classtype:trojan-activity;sid:84727618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.88.7.48"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864517/; classtype:trojan-activity;sid:84727617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864516/; classtype:trojan-activity;sid:84727616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.88.7.48"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864515/; classtype:trojan-activity;sid:84727615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95adcf96-ee01-42aa-bab0-bcd1e5cb36bc"; depth:37; endswith; nocase; http.host; content:"mxlsapwz.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864514/; classtype:trojan-activity;sid:84727614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.39.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864513/; classtype:trojan-activity;sid:84727613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.124.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864512/; classtype:trojan-activity;sid:84727612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.139.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864511/; classtype:trojan-activity;sid:84727611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.93.158"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864510/; classtype:trojan-activity;sid:84727610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864509/; classtype:trojan-activity;sid:84727609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.39.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864508/; classtype:trojan-activity;sid:84727608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf42f494-df81-4b19-9165-84b31372fef8"; depth:37; endswith; nocase; http.host; content:"lvtimaax.usoleamoozesh.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864507/; classtype:trojan-activity;sid:84727607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=861070b8-153d-447e-8bd7-de5b242950e7"; depth:47; endswith; nocase; http.host; content:"sxzvcen2.shansline.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864506/; classtype:trojan-activity;sid:84727606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5fe3f645-285a-447b-914e-40e6d469f185"; depth:37; endswith; nocase; http.host; content:"ygyam.livefootba11.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864505/; classtype:trojan-activity;sid:84727605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/795dba88-1861-4a71-85cc-e1304fd1625f"; depth:37; endswith; nocase; http.host; content:"eviwuji.megaparikade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864504/; classtype:trojan-activity;sid:84727604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.227.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864503/; classtype:trojan-activity;sid:84727603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.114.144"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864502/; classtype:trojan-activity;sid:84727602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.221.241.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864501/; classtype:trojan-activity;sid:84727601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.111.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864500/; classtype:trojan-activity;sid:84727600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ca8895f-5e51-44e7-85b1-1fecacef1f08"; depth:37; endswith; nocase; http.host; content:"wbnggxoc.tractor11.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864499/; classtype:trojan-activity;sid:84727599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.92.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864498/; classtype:trojan-activity;sid:84727598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.240.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864497/; classtype:trojan-activity;sid:84727597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.0.107"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864496/; classtype:trojan-activity;sid:84727596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.111.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864495/; classtype:trojan-activity;sid:84727595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d621d067-1cc7-44d3-8067-c62247942532"; depth:47; endswith; nocase; http.host; content:"4v96patx.vajename.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864494/; classtype:trojan-activity;sid:84727594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43bb9d8d-11d4-4085-9f75-89c83be8e552"; depth:37; endswith; nocase; http.host; content:"cqtwbvlx.testranandegi.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864493/; classtype:trojan-activity;sid:84727593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.209.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864492/; classtype:trojan-activity;sid:84727592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.124.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864491/; classtype:trojan-activity;sid:84727591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"infosvo2026.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864488/; classtype:trojan-activity;sid:84727588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"bazasvo2026.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864489/; classtype:trojan-activity;sid:84727589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"svo-name-poisk.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864490/; classtype:trojan-activity;sid:84727590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"policeonlaine2026.vercel.app"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864487/; classtype:trojan-activity;sid:84727587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.114.144"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864486/; classtype:trojan-activity;sid:84727586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.34.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864485/; classtype:trojan-activity;sid:84727585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864484/; classtype:trojan-activity;sid:84727584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.3.226"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864483/; classtype:trojan-activity;sid:84727583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7ac6dd4b-732c-46d9-8bd0-1d1a7615db5c"; depth:37; endswith; nocase; http.host; content:"xyxoieix.testpaye.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864482/; classtype:trojan-activity;sid:84727582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.245.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864481/; classtype:trojan-activity;sid:84727581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864480/; classtype:trojan-activity;sid:84727580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e6c59be8-ae1e-4e16-b98d-7dce8ef9d35b"; depth:47; endswith; nocase; http.host; content:"m85zqt33.motuntakhasosi.store"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864479/; classtype:trojan-activity;sid:84727579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9fe38289-c027-4c33-be5e-65157b9b5f61"; depth:37; endswith; nocase; http.host; content:"sujjp.ecologyardakani.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864478/; classtype:trojan-activity;sid:84727578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864477/; classtype:trojan-activity;sid:84727577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.245.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864476/; classtype:trojan-activity;sid:84727576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.34.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864475/; classtype:trojan-activity;sid:84727575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864474/; classtype:trojan-activity;sid:84727574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86c8df2e-d9ab-4695-8cd1-a6161c4a087b"; depth:37; endswith; nocase; http.host; content:"zggkpuuy.testdrivepaye3.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864473/; classtype:trojan-activity;sid:84727573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.3.226"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864472/; classtype:trojan-activity;sid:84727572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/default.dat"; depth:12; endswith; nocase; http.host; content:"tuasesoriadigital.es"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864471/; classtype:trojan-activity;sid:84727571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.88.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864470/; classtype:trojan-activity;sid:84727570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/default.dat"; depth:12; endswith; nocase; http.host; content:"tuasesoriadigital.es"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864469/; classtype:trojan-activity;sid:84727569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87/img_015059.png"; depth:18; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864468/; classtype:trojan-activity;sid:84727568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87/goodthingswithbetterworldcoming.hta"; depth:39; endswith; nocase; http.host; content:"107.172.235.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864467/; classtype:trojan-activity;sid:84727567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"secure-code.lol"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864466/; classtype:trojan-activity;sid:84727566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/co"; depth:3; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864459/; classtype:trojan-activity;sid:84727559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864460/; classtype:trojan-activity;sid:84727560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm61"; depth:6; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864461/; classtype:trojan-activity;sid:84727561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc"; depth:3; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864462/; classtype:trojan-activity;sid:84727562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864463/; classtype:trojan-activity;sid:84727563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864464/; classtype:trojan-activity;sid:84727564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864465/; classtype:trojan-activity;sid:84727565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864457/; classtype:trojan-activity;sid:84727557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864458/; classtype:trojan-activity;sid:84727558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dss"; depth:4; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864456/; classtype:trojan-activity;sid:84727556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864454/; classtype:trojan-activity;sid:84727554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/586"; depth:4; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864455/; classtype:trojan-activity;sid:84727555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.74.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864453/; classtype:trojan-activity;sid:84727553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arc"; depth:10; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864447/; classtype:trojan-activity;sid:84727547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.i686"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864448/; classtype:trojan-activity;sid:84727548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm6"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864449/; classtype:trojan-activity;sid:84727549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm"; depth:10; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864450/; classtype:trojan-activity;sid:84727550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm7"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864451/; classtype:trojan-activity;sid:84727551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm5"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864452/; classtype:trojan-activity;sid:84727552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.x86"; depth:10; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864438/; classtype:trojan-activity;sid:84727538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.x86_64"; depth:13; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864439/; classtype:trojan-activity;sid:84727539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.mips"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864440/; classtype:trojan-activity;sid:84727540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.mpsl"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864441/; classtype:trojan-activity;sid:84727541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.sh4"; depth:10; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864442/; classtype:trojan-activity;sid:84727542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.spc"; depth:10; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864443/; classtype:trojan-activity;sid:84727543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.ppc"; depth:10; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864444/; classtype:trojan-activity;sid:84727544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.i468"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864445/; classtype:trojan-activity;sid:84727545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.m68k"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864446/; classtype:trojan-activity;sid:84727546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b1b9b3e-b426-4d13-ac37-5acd9c852c32"; depth:37; endswith; nocase; http.host; content:"ndotkgyl.tasisathosseini.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864437/; classtype:trojan-activity;sid:84727537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.99.249.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864436/; classtype:trojan-activity;sid:84727536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krypton.jar"; depth:12; endswith; nocase; http.host; content:"clientkrypton.lovable.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864435/; classtype:trojan-activity;sid:84727535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"125.44.62.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864434/; classtype:trojan-activity;sid:84727534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xw/phan.dat"; depth:12; endswith; nocase; http.host; content:"gat-matics.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864433/; classtype:trojan-activity;sid:84727533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864432/; classtype:trojan-activity;sid:84727532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=03bf81b1-e3a3-4772-91ec-2f722801f654"; depth:47; endswith; nocase; http.host; content:"q35f5c61.shimiumumi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864431/; classtype:trojan-activity;sid:84727531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ab91975-69f8-4662-b2e8-d602d4efb482"; depth:37; endswith; nocase; http.host; content:"yvrvsspv.tarikhravannovin.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864430/; classtype:trojan-activity;sid:84727530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.8"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864429/; classtype:trojan-activity;sid:84727529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.50.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864428/; classtype:trojan-activity;sid:84727528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/girls.apk"; depth:10; endswith; nocase; http.host; content:"raz1eve.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864427/; classtype:trojan-activity;sid:84727527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptex1.4.zip"; depth:15; endswith; nocase; http.host; content:"cryptex-core.pw"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864426/; classtype:trojan-activity;sid:84727526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"196.135.205.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864425/; classtype:trojan-activity;sid:84727525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"60.19.217.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864423/; classtype:trojan-activity;sid:84727523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"125.24.1.104"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864424/; classtype:trojan-activity;sid:84727524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.173.80.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864419/; classtype:trojan-activity;sid:84727519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.5.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864420/; classtype:trojan-activity;sid:84727520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.103.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864421/; classtype:trojan-activity;sid:84727521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f6441b3f1f36535c"; depth:17; endswith; nocase; http.host; content:"verification-js-cdn.boats"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864422/; classtype:trojan-activity;sid:84727522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"123.188.175.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864418/; classtype:trojan-activity;sid:84727518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licenses.chromium.dat"; depth:22; endswith; nocase; http.host; content:"pub-2f1bcdf12a2e44408e7a58efe6006d43.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864417/; classtype:trojan-activity;sid:84727517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/ghost.rar"; depth:20; endswith; nocase; http.host; content:"ghost-loader.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864416/; classtype:trojan-activity;sid:84727516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dating.apk"; depth:11; endswith; nocase; http.host; content:"kis2kis.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864403/; classtype:trojan-activity;sid:84727503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dating.apk"; depth:11; endswith; nocase; http.host; content:"datingtj22.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864404/; classtype:trojan-activity;sid:84727504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiss.apk"; depth:9; endswith; nocase; http.host; content:"razdev11tj.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864405/; classtype:trojan-activity;sid:84727505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sevgi.apk"; depth:10; endswith; nocase; http.host; content:"da-tinguz1.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864406/; classtype:trojan-activity;sid:84727506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.245.141.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864407/; classtype:trojan-activity;sid:84727507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/girls.apk"; depth:10; endswith; nocase; http.host; content:"razuz-c1c.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864408/; classtype:trojan-activity;sid:84727508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.165.85.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864409/; classtype:trojan-activity;sid:84727509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sevgi.apk"; depth:10; endswith; nocase; http.host; content:"132.243.221.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864410/; classtype:trojan-activity;sid:84727510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kiss.apk"; depth:9; endswith; nocase; http.host; content:"132.243.221.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864411/; classtype:trojan-activity;sid:84727511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sevgi.apk"; depth:10; endswith; nocase; http.host; content:"uzdating1.shop"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864412/; classtype:trojan-activity;sid:84727512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sevgi.apk"; depth:10; endswith; nocase; http.host; content:"taniyuz1prem.shop"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864413/; classtype:trojan-activity;sid:84727513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sevgi.apk"; depth:10; endswith; nocase; http.host; content:"topdatccing2.shop"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864414/; classtype:trojan-activity;sid:84727514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"158.255.83.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864415/; classtype:trojan-activity;sid:84727515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.40.118"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864399/; classtype:trojan-activity;sid:84727499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.15.170.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864400/; classtype:trojan-activity;sid:84727500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.52.191.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864401/; classtype:trojan-activity;sid:84727501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"176.65.139.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864402/; classtype:trojan-activity;sid:84727502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.126.89.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864398/; classtype:trojan-activity;sid:84727498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.py"; depth:7; endswith; nocase; http.host; content:"438bab4aeb69b5.lhr.life"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864397/; classtype:trojan-activity;sid:84727497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.44.62.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864395/; classtype:trojan-activity;sid:84727495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b18c349c536cb383.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864396/; classtype:trojan-activity;sid:84727496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_9249b1dabee4e9fd.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864390/; classtype:trojan-activity;sid:84727490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_40474ae8c91ea37d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864391/; classtype:trojan-activity;sid:84727491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_334c58ff73ca6c4b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864392/; classtype:trojan-activity;sid:84727492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864393/; classtype:trojan-activity;sid:84727493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b8da4488851fda52.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864394/; classtype:trojan-activity;sid:84727494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864389/; classtype:trojan-activity;sid:84727489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cac36a1e-7e6c-4b09-86dc-589715e170e9"; depth:37; endswith; nocase; http.host; content:"fkqhi.drivingbook.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864388/; classtype:trojan-activity;sid:84727488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/733b42de-d8d6-4d05-b594-a338a7bd31cc"; depth:37; endswith; nocase; http.host; content:"xglycuye.tarikhcheravanshenasi.xyz"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864387/; classtype:trojan-activity;sid:84727487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c430ebcf-b315-43b6-9a07-9086b292ea45"; depth:47; endswith; nocase; http.host; content:"qlsgo9c9.shimiskoog.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864386/; classtype:trojan-activity;sid:84727486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.184.193.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864385/; classtype:trojan-activity;sid:84727485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.153.144.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864384/; classtype:trojan-activity;sid:84727484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=85bc62ac-2d8e-41db-8a0d-6b4ec0ca8b13"; depth:47; endswith; nocase; http.host; content:"vg902zk8.sazehayefooladi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864383/; classtype:trojan-activity;sid:84727483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.242.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864382/; classtype:trojan-activity;sid:84727482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7ba73d78-d11b-4f10-9572-a3132299848a"; depth:37; endswith; nocase; http.host; content:"crghbprm.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864381/; classtype:trojan-activity;sid:84727481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.58.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864380/; classtype:trojan-activity;sid:84727480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.50.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864379/; classtype:trojan-activity;sid:84727479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.153.144.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864378/; classtype:trojan-activity;sid:84727478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.184.193.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864377/; classtype:trojan-activity;sid:84727477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.242.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864375/; classtype:trojan-activity;sid:84727475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.53.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864376/; classtype:trojan-activity;sid:84727476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.89"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864374/; classtype:trojan-activity;sid:84727474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/571d266b-b190-4a4a-8c99-f29697ec3515"; depth:37; endswith; nocase; http.host; content:"fnuqorvu.sazebetonarme.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864373/; classtype:trojan-activity;sid:84727473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.196.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864372/; classtype:trojan-activity;sid:84727472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/596fac19-0658-4fb9-a06f-86829b056de1"; depth:37; endswith; nocase; http.host; content:"otbmu.downloadquran.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864371/; classtype:trojan-activity;sid:84727471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9e7ff0f-16b7-4a31-9c23-8fe83d2b3a36"; depth:37; endswith; nocase; http.host; content:"irljgzvr.sanjeshvaandazegiri.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864370/; classtype:trojan-activity;sid:84727470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.164.8.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864369/; classtype:trojan-activity;sid:84727469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.122.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864368/; classtype:trojan-activity;sid:84727468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.122.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864367/; classtype:trojan-activity;sid:84727467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.239.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864366/; classtype:trojan-activity;sid:84727466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864364/; classtype:trojan-activity;sid:84727464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.246.148"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864365/; classtype:trojan-activity;sid:84727465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feba32e2-8b2f-4d95-a7ab-6a9bd0342011"; depth:37; endswith; nocase; http.host; content:"zjkgepkj.sanjeshravani.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864363/; classtype:trojan-activity;sid:84727463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9266c65c-827a-4b18-8b69-23dcde052cac"; depth:47; endswith; nocase; http.host; content:"ztx7i07q.ravanshenasisaeedi.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864362/; classtype:trojan-activity;sid:84727462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.1.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864361/; classtype:trojan-activity;sid:84727461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.1.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864360/; classtype:trojan-activity;sid:84727460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.105.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864359/; classtype:trojan-activity;sid:84727459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.105.253"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864358/; classtype:trojan-activity;sid:84727458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.27.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864356/; classtype:trojan-activity;sid:84727456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.147.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864357/; classtype:trojan-activity;sid:84727457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.173.192"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864355/; classtype:trojan-activity;sid:84727455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.173.192"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864354/; classtype:trojan-activity;sid:84727454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c606994d-42bf-4379-9125-477c3bc585e0"; depth:37; endswith; nocase; http.host; content:"zujqygdq.sakhtemandade.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864353/; classtype:trojan-activity;sid:84727453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.27.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864352/; classtype:trojan-activity;sid:84727452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.198.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864351/; classtype:trojan-activity;sid:84727451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864350/; classtype:trojan-activity;sid:84727450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3628001c-973d-4f2b-8bec-c9d6a52ae275"; depth:47; endswith; nocase; http.host; content:"f27u92nr.ravanshenasi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864349/; classtype:trojan-activity;sid:84727449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.196.112"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864348/; classtype:trojan-activity;sid:84727448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba8db969-db64-4e65-a744-45dc5bb3c651"; depth:37; endswith; nocase; http.host; content:"ggqgx.differentialmamuli.store"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864347/; classtype:trojan-activity;sid:84727447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.161.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864346/; classtype:trojan-activity;sid:84727446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c7492f4-7bcd-40b6-8b49-6aec3c3d71db"; depth:37; endswith; nocase; http.host; content:"zkukywuh.sadreislam.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864345/; classtype:trojan-activity;sid:84727445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.148.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864344/; classtype:trojan-activity;sid:84727444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.191.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864343/; classtype:trojan-activity;sid:84727443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.73.205.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864342/; classtype:trojan-activity;sid:84727442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.12.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864341/; classtype:trojan-activity;sid:84727441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.196.112"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864340/; classtype:trojan-activity;sid:84727440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.74.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864339/; classtype:trojan-activity;sid:84727439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.43.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864338/; classtype:trojan-activity;sid:84727438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.43.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864337/; classtype:trojan-activity;sid:84727437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.97.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864336/; classtype:trojan-activity;sid:84727436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3abca54-f2e5-4432-a87d-500e780e8724"; depth:37; endswith; nocase; http.host; content:"hogugzxj.questionsmotor.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864335/; classtype:trojan-activity;sid:84727435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.73.205.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864334/; classtype:trojan-activity;sid:84727434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.221.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864333/; classtype:trojan-activity;sid:84727433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.112.129.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864332/; classtype:trojan-activity;sid:84727432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.147.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864331/; classtype:trojan-activity;sid:84727431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.97.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864330/; classtype:trojan-activity;sid:84727430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.221.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864329/; classtype:trojan-activity;sid:84727429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ff77e0b-d59c-4e47-b265-84509132d33a"; depth:37; endswith; nocase; http.host; content:"hduwrmy.megaparikade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864328/; classtype:trojan-activity;sid:84727428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864327/; classtype:trojan-activity;sid:84727427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dbd4a5b-ddef-4050-80af-6e60186c4e18"; depth:37; endswith; nocase; http.host; content:"fjagjlhm.psgnewsiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864326/; classtype:trojan-activity;sid:84727426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm5"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864310/; classtype:trojan-activity;sid:84727410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.x86_64"; depth:13; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864311/; classtype:trojan-activity;sid:84727411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz.sh"; depth:6; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864312/; classtype:trojan-activity;sid:84727412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.mips"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864313/; classtype:trojan-activity;sid:84727413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm6"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864314/; classtype:trojan-activity;sid:84727414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.m68k"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864315/; classtype:trojan-activity;sid:84727415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.x86"; depth:10; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864316/; classtype:trojan-activity;sid:84727416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.i686"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864317/; classtype:trojan-activity;sid:84727417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm"; depth:10; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864318/; classtype:trojan-activity;sid:84727418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/debug"; depth:9; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864319/; classtype:trojan-activity;sid:84727419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arc"; depth:10; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864320/; classtype:trojan-activity;sid:84727420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.arm7"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864321/; classtype:trojan-activity;sid:84727421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.spc"; depth:10; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864322/; classtype:trojan-activity;sid:84727422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.sh4"; depth:10; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864323/; classtype:trojan-activity;sid:84727423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.ppc"; depth:10; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864324/; classtype:trojan-activity;sid:84727424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/nz.mpsl"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864325/; classtype:trojan-activity;sid:84727425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nz/o.xml"; depth:9; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864309/; classtype:trojan-activity;sid:84727409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2acbc4b9-df9b-46c0-8ad8-68fa762ac998"; depth:47; endswith; nocase; http.host; content:"365johfe.ravanshenasinovin.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864308/; classtype:trojan-activity;sid:84727408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.95.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864307/; classtype:trojan-activity;sid:84727407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.95.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864306/; classtype:trojan-activity;sid:84727406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9d091c22-9ff1-4715-81c1-972bc9cb7b6d"; depth:37; endswith; nocase; http.host; content:"ycnrdnqk.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864305/; classtype:trojan-activity;sid:84727405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.115.186"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864304/; classtype:trojan-activity;sid:84727404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b86c3106-f287-472b-8dbf-c2de512a55f0"; depth:37; endswith; nocase; http.host; content:"qlvir.differentialkerayechiyan.store"; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864303/; classtype:trojan-activity;sid:84727403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.178.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864302/; classtype:trojan-activity;sid:84727402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.203.202"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864301/; classtype:trojan-activity;sid:84727401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.55.173.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864300/; classtype:trojan-activity;sid:84727400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.244.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864299/; classtype:trojan-activity;sid:84727399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.115.186"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864298/; classtype:trojan-activity;sid:84727398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/208bd4d3-cb7a-43ad-b84c-66fb96aed9aa"; depth:37; endswith; nocase; http.host; content:"gbqlwrat.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864297/; classtype:trojan-activity;sid:84727397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.90.250"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864296/; classtype:trojan-activity;sid:84727396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.244.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864295/; classtype:trojan-activity;sid:84727395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.196.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864294/; classtype:trojan-activity;sid:84727394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.64.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864293/; classtype:trojan-activity;sid:84727393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b382aba8-b81f-4bb2-b632-05e41d793252"; depth:37; endswith; nocase; http.host; content:"pwzkdexx.mechanicsayalat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864292/; classtype:trojan-activity;sid:84727392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.84.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864291/; classtype:trojan-activity;sid:84727391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.161.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864290/; classtype:trojan-activity;sid:84727390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.199.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864289/; classtype:trojan-activity;sid:84727389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ec4c63fd-f857-4cec-9b81-cfd073290db2"; depth:47; endswith; nocase; http.host; content:"c3ord92p.ravanshenasiganji.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864287/; classtype:trojan-activity;sid:84727387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.125.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864288/; classtype:trojan-activity;sid:84727388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ce2b967-b2dc-4a0a-9d24-4ce8a8b2e6ea"; depth:37; endswith; nocase; http.host; content:"ozaauajb.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864286/; classtype:trojan-activity;sid:84727386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.125.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864285/; classtype:trojan-activity;sid:84727385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864284/; classtype:trojan-activity;sid:84727384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7db760e6-9549-4a6b-9704-68a53c16a554"; depth:37; endswith; nocase; http.host; content:"errmx.defamogadas.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864283/; classtype:trojan-activity;sid:84727383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864282/; classtype:trojan-activity;sid:84727382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.251.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864281/; classtype:trojan-activity;sid:84727381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/46da6600-fbc7-484c-afcf-d70e4b458548"; depth:37; endswith; nocase; http.host; content:"ipzukbru.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864280/; classtype:trojan-activity;sid:84727380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.135.20"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864279/; classtype:trojan-activity;sid:84727379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.166.67.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864278/; classtype:trojan-activity;sid:84727378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.166.67.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864277/; classtype:trojan-activity;sid:84727377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aece5eb3-8c69-49f7-8eba-8cf91b754c7e"; depth:37; endswith; nocase; http.host; content:"xreyotb.livebetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864276/; classtype:trojan-activity;sid:84727376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7b801071-647e-43ca-9e0d-6bbc1704decd"; depth:47; endswith; nocase; http.host; content:"u7ezu7d6.shartmag.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864275/; classtype:trojan-activity;sid:84727375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.181.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864274/; classtype:trojan-activity;sid:84727374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b5ad4e07-9c41-46d3-94ab-63e209ebf91b"; depth:37; endswith; nocase; http.host; content:"xwtwlrkc.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864273/; classtype:trojan-activity;sid:84727373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.67.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864272/; classtype:trojan-activity;sid:84727372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.224.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864271/; classtype:trojan-activity;sid:84727371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.90.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864270/; classtype:trojan-activity;sid:84727370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.90.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864269/; classtype:trojan-activity;sid:84727369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.181.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864268/; classtype:trojan-activity;sid:84727368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.79.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864267/; classtype:trojan-activity;sid:84727367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beb1977e-7b93-4074-bc13-77b53317e440"; depth:37; endswith; nocase; http.host; content:"qjivlnde.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864266/; classtype:trojan-activity;sid:84727366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.67.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864265/; classtype:trojan-activity;sid:84727365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a7302ac6-2002-42d1-80f0-176adb774041"; depth:47; endswith; nocase; http.host; content:"6wkjs482.nazariyeyadgiri.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864264/; classtype:trojan-activity;sid:84727364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d0feacce-56e0-4a06-ada3-d2cb6d135ea0"; depth:37; endswith; nocase; http.host; content:"xovqk.darsnamejame.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864263/; classtype:trojan-activity;sid:84727363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fb4012d6-ca01-497d-a93f-16160fa4f68b"; depth:47; endswith; nocase; http.host; content:"3cxt05zy.ravanshenakhti.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864262/; classtype:trojan-activity;sid:84727362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.50.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864261/; classtype:trojan-activity;sid:84727361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.79.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864260/; classtype:trojan-activity;sid:84727360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7d786c01-f316-48d3-a6ae-18327c14e960"; depth:37; endswith; nocase; http.host; content:"nztdbnij.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864259/; classtype:trojan-activity;sid:84727359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.120.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864258/; classtype:trojan-activity;sid:84727358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47f7f66f-267e-4381-af44-ef0fbdedeeb3"; depth:37; endswith; nocase; http.host; content:"qcfxtzci.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864257/; classtype:trojan-activity;sid:84727357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.120.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864256/; classtype:trojan-activity;sid:84727356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14f036a7-f8f9-4027-8240-7d0b097325ca"; depth:37; endswith; nocase; http.host; content:"ptybfgjf.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864255/; classtype:trojan-activity;sid:84727355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.70.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864254/; classtype:trojan-activity;sid:84727354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5b689f92-0232-43bd-ac4c-e5044966d790"; depth:37; endswith; nocase; http.host; content:"cdppx.danestanihavarzeshi.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864253/; classtype:trojan-activity;sid:84727353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.109.51"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864252/; classtype:trojan-activity;sid:84727352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/88f43874-6a47-4d78-8885-41cbf77e4d50"; depth:37; endswith; nocase; http.host; content:"efwjubk.rocketbet.pro"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864251/; classtype:trojan-activity;sid:84727351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.123.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864250/; classtype:trojan-activity;sid:84727350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.244.20"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864249/; classtype:trojan-activity;sid:84727349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.90.250"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864248/; classtype:trojan-activity;sid:84727348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6ff9c924-d996-4132-8dad-98b413e52e66"; depth:37; endswith; nocase; http.host; content:"qvipoojy.karafarini.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864247/; classtype:trojan-activity;sid:84727347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.70.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864246/; classtype:trojan-activity;sid:84727346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c03a3496-3590-45b5-950d-2bff7fecc2d5"; depth:47; endswith; nocase; http.host; content:"7sxu8ft8.shartbandikade.online"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864245/; classtype:trojan-activity;sid:84727345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.7.82"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864244/; classtype:trojan-activity;sid:84727344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=614ab09c-7541-4084-b0f9-2cadfcaa27d8"; depth:47; endswith; nocase; http.host; content:"8r61gwvq.ravansalamat.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864243/; classtype:trojan-activity;sid:84727343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864242/; classtype:trojan-activity;sid:84727342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f912ba0-d146-461a-8cb0-c7da19e2a869"; depth:37; endswith; nocase; http.host; content:"zkclsegh.jam-jahani.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864241/; classtype:trojan-activity;sid:84727341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.19.247.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864240/; classtype:trojan-activity;sid:84727340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.94.49"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864239/; classtype:trojan-activity;sid:84727339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864238/; classtype:trojan-activity;sid:84727338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.227.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864237/; classtype:trojan-activity;sid:84727337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.42.70"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864236/; classtype:trojan-activity;sid:84727336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864235/; classtype:trojan-activity;sid:84727335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1c98c951-1361-48e6-9950-7e2c448f3786"; depth:37; endswith; nocase; http.host; content:"pirqlheh.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864234/; classtype:trojan-activity;sid:84727334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62f94114-0896-4385-966c-eb08620af44d"; depth:37; endswith; nocase; http.host; content:"efxvu.daneshkhanevade.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864233/; classtype:trojan-activity;sid:84727333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.42.70"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864232/; classtype:trojan-activity;sid:84727332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clean"; depth:6; endswith; nocase; http.host; content:"217.60.195.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864231/; classtype:trojan-activity;sid:84727331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"217.60.195.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864227/; classtype:trojan-activity;sid:84727327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"217.60.195.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864228/; classtype:trojan-activity;sid:84727328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"217.60.195.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864229/; classtype:trojan-activity;sid:84727329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"217.60.195.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864230/; classtype:trojan-activity;sid:84727330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"217.60.195.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864226/; classtype:trojan-activity;sid:84727326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.191.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864225/; classtype:trojan-activity;sid:84727325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b75f7ce-f34c-4188-ab80-d8c3acc89e83"; depth:37; endswith; nocase; http.host; content:"ahkyokta.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864224/; classtype:trojan-activity;sid:84727324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.246.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864223/; classtype:trojan-activity;sid:84727323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.87.181"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864222/; classtype:trojan-activity;sid:84727322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=761655fd-dbd9-4efc-8033-6a957c790e3e"; depth:47; endswith; nocase; http.host; content:"8co4mfeh.qurandownload.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864221/; classtype:trojan-activity;sid:84727321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f3ee70d-e58a-4a1f-9a92-0287493ed062"; depth:37; endswith; nocase; http.host; content:"xeviozwk.hugugnasiri.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864220/; classtype:trojan-activity;sid:84727320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.3"; depth:12; endswith; nocase; http.host; content:"152.236.3.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864219/; classtype:trojan-activity;sid:84727319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/areyouajew.sh"; depth:14; endswith; nocase; http.host; content:"152.236.3.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864217/; classtype:trojan-activity;sid:84727317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.2"; depth:12; endswith; nocase; http.host; content:"152.236.3.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864218/; classtype:trojan-activity;sid:84727318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.205.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864216/; classtype:trojan-activity;sid:84727316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ae44564-acab-47bf-a54a-0f207913e7ac"; depth:37; endswith; nocase; http.host; content:"uhnuyfcr.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864215/; classtype:trojan-activity;sid:84727315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.87.181"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864214/; classtype:trojan-activity;sid:84727314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.186.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864213/; classtype:trojan-activity;sid:84727313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c898c073-9e03-4ca3-a721-c4083f4a3753"; depth:37; endswith; nocase; http.host; content:"igrbuyo.pokerkade.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864212/; classtype:trojan-activity;sid:84727312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6d861f61-8ec0-46a4-9305-e7027cc46536"; depth:47; endswith; nocase; http.host; content:"kl23rl6f.nahjolbalage.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864211/; classtype:trojan-activity;sid:84727311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3e57f49-0f75-4258-a0fd-e232eb134d2e"; depth:37; endswith; nocase; http.host; content:"hfolz.bookdrive.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864210/; classtype:trojan-activity;sid:84727310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.7.82"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864209/; classtype:trojan-activity;sid:84727309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1766dc2c-1a7c-44a3-9769-9cfbc09b0a1f"; depth:47; endswith; nocase; http.host; content:"p60hpuvn.shartbandifootballkade.online"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864208/; classtype:trojan-activity;sid:84727308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.189.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864207/; classtype:trojan-activity;sid:84727307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db068de5-b6f6-4178-abdf-bd3d1b9cbfcc"; depth:37; endswith; nocase; http.host; content:"kzkzbbha.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864206/; classtype:trojan-activity;sid:84727306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.122.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864205/; classtype:trojan-activity;sid:84727305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864204/; classtype:trojan-activity;sid:84727304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.122.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864203/; classtype:trojan-activity;sid:84727303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/telnet"; depth:10; endswith; nocase; http.host; content:"162.248.101.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864202/; classtype:trojan-activity;sid:84727302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.7.171"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864201/; classtype:trojan-activity;sid:84727301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.31.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864200/; classtype:trojan-activity;sid:84727300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d4c6d93-33b7-4a36-b3b9-99eeb9de1e28"; depth:37; endswith; nocase; http.host; content:"wdbcypih.hugugedari.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864199/; classtype:trojan-activity;sid:84727299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.109.51"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864198/; classtype:trojan-activity;sid:84727298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.31.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864197/; classtype:trojan-activity;sid:84727297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.89.93.195"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864196/; classtype:trojan-activity;sid:84727296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d3848191-cced-47d7-a7a8-53228ecbc2bd"; depth:47; endswith; nocase; http.host; content:"osggwts6.fubet24.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864195/; classtype:trojan-activity;sid:84727295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.16.171.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864194/; classtype:trojan-activity;sid:84727294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f69a6d79-790d-4532-903a-12e90829c1c4"; depth:37; endswith; nocase; http.host; content:"vhsqohyd.hugugdaryayi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864193/; classtype:trojan-activity;sid:84727293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.146.176.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864192/; classtype:trojan-activity;sid:84727292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.189.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864191/; classtype:trojan-activity;sid:84727291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.145.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864189/; classtype:trojan-activity;sid:84727289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.89.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864190/; classtype:trojan-activity;sid:84727290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/599f2bdb-0d1c-4eb8-a081-4ee5252e0d54"; depth:37; endswith; nocase; http.host; content:"yyrup.barnamenevisi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864188/; classtype:trojan-activity;sid:84727288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.237.148"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864187/; classtype:trojan-activity;sid:84727287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b01530d0-469d-4dd6-a19b-c91f8ad45997"; depth:37; endswith; nocase; http.host; content:"jrmcsezq.hugugbime.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864186/; classtype:trojan-activity;sid:84727286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.67.45.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864185/; classtype:trojan-activity;sid:84727285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.229.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864184/; classtype:trojan-activity;sid:84727284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.157.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864183/; classtype:trojan-activity;sid:84727283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_73fea0a7b4e57bf6.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864182/; classtype:trojan-activity;sid:84727282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.67.45.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864181/; classtype:trojan-activity;sid:84727281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a45f861-3bfb-455f-9180-2b001d170a89"; depth:37; endswith; nocase; http.host; content:"nqsaymjr.betyek.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864180/; classtype:trojan-activity;sid:84727280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.181.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864179/; classtype:trojan-activity;sid:84727279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.237.148"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864176/; classtype:trojan-activity;sid:84727276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.123.201"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864177/; classtype:trojan-activity;sid:84727277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.165.18.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864178/; classtype:trojan-activity;sid:84727278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.165.18.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864175/; classtype:trojan-activity;sid:84727275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/css/colors/oceans/ebu.exe"; depth:35; endswith; nocase; http.host; content:"scoala1gherla.ro"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864174/; classtype:trojan-activity;sid:84727274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5bc15e8-1ed5-44f8-b6dc-4057db224a1d"; depth:37; endswith; nocase; http.host; content:"gbbzykw.melbetkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864173/; classtype:trojan-activity;sid:84727273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.78.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864172/; classtype:trojan-activity;sid:84727272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc9c1abd-5cb1-4afe-824a-c64a8192cae6"; depth:37; endswith; nocase; http.host; content:"fswqsjdd.betxane.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864171/; classtype:trojan-activity;sid:84727271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.181.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864170/; classtype:trojan-activity;sid:84727270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fb4849b8-5e48-48a1-a916-7156a36dc374"; depth:47; endswith; nocase; http.host; content:"1mp15ubu.shansline.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864169/; classtype:trojan-activity;sid:84727269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a6eecb05-6704-411c-9206-09fb272bccc2"; depth:47; endswith; nocase; http.host; content:"9q2tk0oi.enfejarkade.online"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864168/; classtype:trojan-activity;sid:84727268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.250.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864167/; classtype:trojan-activity;sid:84727267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.164.227.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864166/; classtype:trojan-activity;sid:84727266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.42.11.67"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864165/; classtype:trojan-activity;sid:84727265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.223.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864164/; classtype:trojan-activity;sid:84727264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/98c304f8-64e8-433a-89bc-64a4e1056a33"; depth:37; endswith; nocase; http.host; content:"xetxx.bankefile.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864163/; classtype:trojan-activity;sid:84727263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.90.82"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864162/; classtype:trojan-activity;sid:84727262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.78.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864161/; classtype:trojan-activity;sid:84727261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.250.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864160/; classtype:trojan-activity;sid:84727260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0512bed0-756b-4f03-b1a3-2ff544f92964"; depth:37; endswith; nocase; http.host; content:"cugeuvle.betwanna.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864159/; classtype:trojan-activity;sid:84727259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.168.97.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864158/; classtype:trojan-activity;sid:84727258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.158.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864157/; classtype:trojan-activity;sid:84727257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.223.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864156/; classtype:trojan-activity;sid:84727256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.164.227.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864155/; classtype:trojan-activity;sid:84727255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.239.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864154/; classtype:trojan-activity;sid:84727254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.239.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864153/; classtype:trojan-activity;sid:84727253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.23.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864152/; classtype:trojan-activity;sid:84727252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_10792eb44b14abee.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864151/; classtype:trojan-activity;sid:84727251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.23.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864150/; classtype:trojan-activity;sid:84727250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.208.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864149/; classtype:trojan-activity;sid:84727249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.168.97.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864148/; classtype:trojan-activity;sid:84727248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.223.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864147/; classtype:trojan-activity;sid:84727247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7eeb5cbd-57d5-40df-812c-b65757c4841f"; depth:37; endswith; nocase; http.host; content:"urelelgc.betforwardkade.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864146/; classtype:trojan-activity;sid:84727246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.148.226.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864145/; classtype:trojan-activity;sid:84727245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi.png"; depth:8; endswith; nocase; http.host; content:"portwesl.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864144/; classtype:trojan-activity;sid:84727244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tyimg/16netmisp.png"; depth:20; endswith; nocase; http.host; content:"r2.image-upload.app"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864143/; classtype:trojan-activity;sid:84727243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25/seethebestpersonievermadewithmybestdays.hta"; depth:47; endswith; nocase; http.host; content:"107.172.172.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864142/; classtype:trojan-activity;sid:84727242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cfca4668fb703b9d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864141/; classtype:trojan-activity;sid:84727241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864140/; classtype:trojan-activity;sid:84727240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ed27e62be8d4fe3d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864139/; classtype:trojan-activity;sid:84727239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wizard.exe"; depth:11; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864138/; classtype:trojan-activity;sid:84727238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.214.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864137/; classtype:trojan-activity;sid:84727237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864136/; classtype:trojan-activity;sid:84727236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.148.226.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864135/; classtype:trojan-activity;sid:84727235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/44cd360e-aa92-4828-975f-c4ff2f54b527"; depth:37; endswith; nocase; http.host; content:"dyqanvdt.betfidokade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864134/; classtype:trojan-activity;sid:84727234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.38.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864133/; classtype:trojan-activity;sid:84727233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.0.62.14"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864132/; classtype:trojan-activity;sid:84727232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.247.241"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864131/; classtype:trojan-activity;sid:84727231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.151.118.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864130/; classtype:trojan-activity;sid:84727230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7586e2cc-cd8e-492f-9526-1d195bb92af2"; depth:47; endswith; nocase; http.host; content:"0z0kmkwn.anodaz.tv"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864129/; classtype:trojan-activity;sid:84727229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fda6e6f9-4b20-4231-94ff-29a4c5f20a68"; depth:37; endswith; nocase; http.host; content:"qzkdr.bankefiile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864128/; classtype:trojan-activity;sid:84727228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1131d69e-ed6d-4a6e-b35d-a151f70baa79"; depth:37; endswith; nocase; http.host; content:"bqxhfhog.bet313.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864127/; classtype:trojan-activity;sid:84727227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.0.62.14"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864126/; classtype:trojan-activity;sid:84727226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.155.108"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864125/; classtype:trojan-activity;sid:84727225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.214.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864124/; classtype:trojan-activity;sid:84727224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=26a4da2b-c75f-4002-9614-a250c42b3b0f"; depth:47; endswith; nocase; http.host; content:"phw2uk1e.casinokade.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864123/; classtype:trojan-activity;sid:84727223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.151.118.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864122/; classtype:trojan-activity;sid:84727222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tron/file.exe"; depth:14; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864121/; classtype:trojan-activity;sid:84727221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83627138-9ec3-478a-b482-8b8cebd0bf36"; depth:37; endswith; nocase; http.host; content:"qoutbfpg.bet120x.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864120/; classtype:trojan-activity;sid:84727220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864119/; classtype:trojan-activity;sid:84727219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.232.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864118/; classtype:trojan-activity;sid:84727218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.227.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864117/; classtype:trojan-activity;sid:84727217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.232.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864116/; classtype:trojan-activity;sid:84727216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads12152152142356367346/caches/5_fulltext_reestr_tekushih_proektov_kompanii.ps1"; depth:84; endswith; nocase; http.host; content:"104.253.79.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864114/; classtype:trojan-activity;sid:84727214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads12152152142356367346/caches/4_chek_list_dlya_provedeniya_vstrechi.ps1"; depth:77; endswith; nocase; http.host; content:"104.253.79.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864115/; classtype:trojan-activity;sid:84727215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bb1ecc6e-97cd-4eb4-85a7-2c522cf1eb77"; depth:47; endswith; nocase; http.host; content:"7dqgr2or.shansbartar.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864113/; classtype:trojan-activity;sid:84727213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3d88b06c-578c-4a65-87a5-413e9442c2a1"; depth:37; endswith; nocase; http.host; content:"qzxjphs.megaparikade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864112/; classtype:trojan-activity;sid:84727212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864111/; classtype:trojan-activity;sid:84727211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.ppc"; depth:48; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864084/; classtype:trojan-activity;sid:84727184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.mipsel"; depth:51; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864085/; classtype:trojan-activity;sid:84727185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864086/; classtype:trojan-activity;sid:84727186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864087/; classtype:trojan-activity;sid:84727187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm"; depth:48; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864088/; classtype:trojan-activity;sid:84727188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864089/; classtype:trojan-activity;sid:84727189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864090/; classtype:trojan-activity;sid:84727190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864091/; classtype:trojan-activity;sid:84727191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864092/; classtype:trojan-activity;sid:84727192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.sh4"; depth:48; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864093/; classtype:trojan-activity;sid:84727193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.cats.sh"; depth:52; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864094/; classtype:trojan-activity;sid:84727194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n3881.sh"; depth:9; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864095/; classtype:trojan-activity;sid:84727195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864096/; classtype:trojan-activity;sid:84727196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864097/; classtype:trojan-activity;sid:84727197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864098/; classtype:trojan-activity;sid:84727198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.mips"; depth:49; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864099/; classtype:trojan-activity;sid:84727199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864100/; classtype:trojan-activity;sid:84727200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864101/; classtype:trojan-activity;sid:84727201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm6"; depth:49; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864102/; classtype:trojan-activity;sid:84727202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.spc"; depth:48; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864103/; classtype:trojan-activity;sid:84727203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm7"; depth:49; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864104/; classtype:trojan-activity;sid:84727204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864105/; classtype:trojan-activity;sid:84727205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.x86_64"; depth:51; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864106/; classtype:trojan-activity;sid:84727206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm5"; depth:49; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864107/; classtype:trojan-activity;sid:84727207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864108/; classtype:trojan-activity;sid:84727208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864109/; classtype:trojan-activity;sid:84727209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//r/nsec-fetch-dest"; depth:19; endswith; nocase; http.host; content:"123.25.239.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864083/; classtype:trojan-activity;sid:84727183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//r/naccept-encoding"; depth:20; endswith; nocase; http.host; content:"172.232.246.219"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864082/; classtype:trojan-activity;sid:84727182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin//r/naccept-encoding"; depth:29; endswith; nocase; http.host; content:"159.89.171.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864080/; classtype:trojan-activity;sid:84727180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mel.so"; depth:7; endswith; nocase; http.host; content:"176.65.139.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864081/; classtype:trojan-activity;sid:84727181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6f6457737182b229.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864079/; classtype:trojan-activity;sid:84727179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f42337f33d83e98"; depth:17; endswith; nocase; http.host; content:"verification-js-cdn.boats"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864078/; classtype:trojan-activity;sid:84727178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864075/; classtype:trojan-activity;sid:84727175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mpsl"; depth:9; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864076/; classtype:trojan-activity;sid:84727176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864077/; classtype:trojan-activity;sid:84727177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864060/; classtype:trojan-activity;sid:84727160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864061/; classtype:trojan-activity;sid:84727161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864062/; classtype:trojan-activity;sid:84727162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"175.173.80.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864063/; classtype:trojan-activity;sid:84727163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864064/; classtype:trojan-activity;sid:84727164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864065/; classtype:trojan-activity;sid:84727165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864066/; classtype:trojan-activity;sid:84727166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm"; depth:8; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864067/; classtype:trojan-activity;sid:84727167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864068/; classtype:trojan-activity;sid:84727168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm5"; depth:9; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864069/; classtype:trojan-activity;sid:84727169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arm7"; depth:9; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864070/; classtype:trojan-activity;sid:84727170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.103.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864071/; classtype:trojan-activity;sid:84727171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"42.228.39.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864072/; classtype:trojan-activity;sid:84727172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864073/; classtype:trojan-activity;sid:84727173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.ppc"; depth:8; endswith; nocase; http.host; content:"vbotnt1.duckdns.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864074/; classtype:trojan-activity;sid:84727174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86"; depth:8; endswith; nocase; http.host; content:"103.245.27.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864059/; classtype:trojan-activity;sid:84727159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e.mpsl"; depth:7; endswith; nocase; http.host; content:"45.198.224.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864058/; classtype:trojan-activity;sid:84727158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"h23.dad"; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864057/; classtype:trojan-activity;sid:84727157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ccc|3f|download_token=5744f723de13fe0c6bbe52a8ce58126e7beaa11079b78b7392410b4659220434"; depth:88; endswith; nocase; http.host; content:"bedrive.ru"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864054/; classtype:trojan-activity;sid:84727154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"universemap.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864055/; classtype:trojan-activity;sid:84727155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864056/; classtype:trojan-activity;sid:84727156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_27ef4778bdd07b51.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864050/; classtype:trojan-activity;sid:84727150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6b36d2f073339db1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864051/; classtype:trojan-activity;sid:84727151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_139eb4d35baf4b5a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864052/; classtype:trojan-activity;sid:84727152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a5ba0a11805d3800.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864053/; classtype:trojan-activity;sid:84727153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07536e96-e3f2-4dc8-85ca-79071b430014"; depth:37; endswith; nocase; http.host; content:"boqetwvb.bcgamekade.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864049/; classtype:trojan-activity;sid:84727149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.42.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864048/; classtype:trojan-activity;sid:84727148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864047/; classtype:trojan-activity;sid:84727147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.4.192"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864046/; classtype:trojan-activity;sid:84727146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864045/; classtype:trojan-activity;sid:84727145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.189.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864044/; classtype:trojan-activity;sid:84727144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.235.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864043/; classtype:trojan-activity;sid:84727143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ce4f454a-a4e0-45ed-9cd9-6aaa2385a350"; depth:37; endswith; nocase; http.host; content:"wabel.azmoonzare.online"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864042/; classtype:trojan-activity;sid:84727142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.76.32"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864041/; classtype:trojan-activity;sid:84727141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95bb93c4-8e14-472f-b4b9-b89a28edf05c"; depth:37; endswith; nocase; http.host; content:"kdqtqtbo.ace9bet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864040/; classtype:trojan-activity;sid:84727140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.235.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864039/; classtype:trojan-activity;sid:84727139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.76.32"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864038/; classtype:trojan-activity;sid:84727138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.42.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864037/; classtype:trojan-activity;sid:84727137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.154.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864036/; classtype:trojan-activity;sid:84727136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=405f85c6-a14b-4f83-a6d2-bd4b7a074fc8"; depth:47; endswith; nocase; http.host; content:"k57famtz.bordestan.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864035/; classtype:trojan-activity;sid:84727135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.117.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864034/; classtype:trojan-activity;sid:84727134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.79.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864033/; classtype:trojan-activity;sid:84727133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79886325-b9b6-4008-bace-415d8715f8a8"; depth:37; endswith; nocase; http.host; content:"mkspkafs.4030bet.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864031/; classtype:trojan-activity;sid:84727131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=92fb436b-571b-41cd-bf08-14d60bbd7e03"; depth:47; endswith; nocase; http.host; content:"qnuaqbez.anodaz.vip"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864032/; classtype:trojan-activity;sid:84727132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.222.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864030/; classtype:trojan-activity;sid:84727130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864029/; classtype:trojan-activity;sid:84727129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.154.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864028/; classtype:trojan-activity;sid:84727128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.77.184"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864027/; classtype:trojan-activity;sid:84727127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.117.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864026/; classtype:trojan-activity;sid:84727126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.72.10.106"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864025/; classtype:trojan-activity;sid:84727125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.237.190"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864024/; classtype:trojan-activity;sid:84727124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864023/; classtype:trojan-activity;sid:84727123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.240.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864022/; classtype:trojan-activity;sid:84727122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ed79298-d065-4531-9b14-3c09a4867ef8"; depth:37; endswith; nocase; http.host; content:"hhghzngh.22betkade.online"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864021/; classtype:trojan-activity;sid:84727121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.72.10.106"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864020/; classtype:trojan-activity;sid:84727120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.55.173.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864019/; classtype:trojan-activity;sid:84727119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.240.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864018/; classtype:trojan-activity;sid:84727118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e4c2f28-a542-4770-a560-a8c6595ea38c"; depth:37; endswith; nocase; http.host; content:"iaqem.bankefiile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864017/; classtype:trojan-activity;sid:84727117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b545169-0fc9-4314-ba6e-dc8be8b4863c"; depth:37; endswith; nocase; http.host; content:"xrekqgkh.1xyek.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864016/; classtype:trojan-activity;sid:84727116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.27.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864015/; classtype:trojan-activity;sid:84727115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.137.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864014/; classtype:trojan-activity;sid:84727114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.188.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864013/; classtype:trojan-activity;sid:84727113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.155.108"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864012/; classtype:trojan-activity;sid:84727112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4f310431-5681-4852-bac5-208715cb0e0b"; depth:37; endswith; nocase; http.host; content:"ymwntmdt.1xborokade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864011/; classtype:trojan-activity;sid:84727111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd4bb780-a0a4-41a3-9e0e-38f4710627ee"; depth:37; endswith; nocase; http.host; content:"toolcvu.livebetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864010/; classtype:trojan-activity;sid:84727110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.184.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864009/; classtype:trojan-activity;sid:84727109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.219.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864008/; classtype:trojan-activity;sid:84727108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.188.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864007/; classtype:trojan-activity;sid:84727107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=374e94ca-5532-438c-ba99-382b1fca374b"; depth:47; endswith; nocase; http.host; content:"undb4pt3.questionstest.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864006/; classtype:trojan-activity;sid:84727106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.184.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864005/; classtype:trojan-activity;sid:84727105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85469301-60a5-4473-92dc-ba2294619ae4"; depth:37; endswith; nocase; http.host; content:"zthedtkr.1xbitkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864004/; classtype:trojan-activity;sid:84727104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.151.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864003/; classtype:trojan-activity;sid:84727103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.231.145.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864002/; classtype:trojan-activity;sid:84727102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.151.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864001/; classtype:trojan-activity;sid:84727101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.43.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864000/; classtype:trojan-activity;sid:84727100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.246.148"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863999/; classtype:trojan-activity;sid:84727099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/220a1e0a-0e20-4915-9d41-5e83b72a69c8"; depth:37; endswith; nocase; http.host; content:"faogw.bankefile.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863998/; classtype:trojan-activity;sid:84727098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20345217-d401-44d5-b9c0-33351cced50e"; depth:37; endswith; nocase; http.host; content:"owbzzpof.1xbetmag.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863997/; classtype:trojan-activity;sid:84727097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.130.85"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863996/; classtype:trojan-activity;sid:84727096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.222.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863995/; classtype:trojan-activity;sid:84727095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90f93feb-b629-434a-b0cf-fbfce117a486"; depth:37; endswith; nocase; http.host; content:"ggifzobt.hugugmadani3.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863994/; classtype:trojan-activity;sid:84727094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.204.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863993/; classtype:trojan-activity;sid:84727093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.172.218.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863992/; classtype:trojan-activity;sid:84727092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.53.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863991/; classtype:trojan-activity;sid:84727091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0f258f17-8614-4e9f-8877-bd88c7b3aaf9"; depth:47; endswith; nocase; http.host; content:"d5qqrmyp.geotechnictahuni.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863990/; classtype:trojan-activity;sid:84727090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.103.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863989/; classtype:trojan-activity;sid:84727089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.57.7.10"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863988/; classtype:trojan-activity;sid:84727088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.92.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863987/; classtype:trojan-activity;sid:84727087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.57.7.10"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863986/; classtype:trojan-activity;sid:84727086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.165.5"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863985/; classtype:trojan-activity;sid:84727085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.237.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863984/; classtype:trojan-activity;sid:84727084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.184.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863983/; classtype:trojan-activity;sid:84727083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/935a804d-0cb6-4e50-a582-0902469639f3"; depth:37; endswith; nocase; http.host; content:"dtbgl.bookdrive.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863982/; classtype:trojan-activity;sid:84727082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.183.206"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863981/; classtype:trojan-activity;sid:84727081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.58.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863980/; classtype:trojan-activity;sid:84727080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0581224a-d3da-4a12-9ddb-7cbc5d305f02"; depth:47; endswith; nocase; http.host; content:"sh6rkpx6.shartmag.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863979/; classtype:trojan-activity;sid:84727079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.183.206"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863978/; classtype:trojan-activity;sid:84727078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.84.71.14"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863977/; classtype:trojan-activity;sid:84727077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.58.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863976/; classtype:trojan-activity;sid:84727076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0d026720-3dfe-46d0-a19a-d961b817eddd"; depth:47; endswith; nocase; http.host; content:"86h7e2zq.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863975/; classtype:trojan-activity;sid:84727075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.237.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863974/; classtype:trojan-activity;sid:84727074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.127.241"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863973/; classtype:trojan-activity;sid:84727073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.86.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863972/; classtype:trojan-activity;sid:84727072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.172.218.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863971/; classtype:trojan-activity;sid:84727071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.209.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863970/; classtype:trojan-activity;sid:84727070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"78.84.71.14"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863969/; classtype:trojan-activity;sid:84727069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/99a6edcb-34fc-4896-8d95-d22aca759009"; depth:37; endswith; nocase; http.host; content:"alrwomdp.restaurantguideaarhus.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863968/; classtype:trojan-activity;sid:84727068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.94.49"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863967/; classtype:trojan-activity;sid:84727067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.184.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863966/; classtype:trojan-activity;sid:84727066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.209.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863965/; classtype:trojan-activity;sid:84727065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/private/python3.6"; depth:18; endswith; nocase; http.host; content:"5.78.73.122"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863964/; classtype:trojan-activity;sid:84727064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.30.129"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863963/; classtype:trojan-activity;sid:84727063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/private/bins.sh"; depth:16; endswith; nocase; http.host; content:"5.78.73.122"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863962/; classtype:trojan-activity;sid:84727062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/private/bins_py.sh"; depth:19; endswith; nocase; http.host; content:"5.78.73.122"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863961/; classtype:trojan-activity;sid:84727061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.242.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863960/; classtype:trojan-activity;sid:84727060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a74a7d1-c502-4a6b-8ede-e4f5d425911b"; depth:37; endswith; nocase; http.host; content:"obmhxqg.rocketbet.pro"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863959/; classtype:trojan-activity;sid:84727059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.180.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863958/; classtype:trojan-activity;sid:84727058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5be58697-7947-4dd3-9734-7ad75f0b94c4"; depth:47; endswith; nocase; http.host; content:"ggcjxgov.fununetadris.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863957/; classtype:trojan-activity;sid:84727057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.2.241"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863956/; classtype:trojan-activity;sid:84727056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.237.190"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863955/; classtype:trojan-activity;sid:84727055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94f31742-680b-42ce-96a4-db1816a6831d"; depth:37; endswith; nocase; http.host; content:"gsdzofat.winxbet.co"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863954/; classtype:trojan-activity;sid:84727054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.160.197.219"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863953/; classtype:trojan-activity;sid:84727053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e30aae3-fcc4-467f-a775-2cc6985afcb1"; depth:37; endswith; nocase; http.host; content:"krigo.ecologyardakani.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863952/; classtype:trojan-activity;sid:84727052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.242.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863951/; classtype:trojan-activity;sid:84727051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.113.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863950/; classtype:trojan-activity;sid:84727050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f70c90c-c606-4b15-a1ad-b785962630ed"; depth:37; endswith; nocase; http.host; content:"aoeoelfz.hugugbime.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863949/; classtype:trojan-activity;sid:84727049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c9fc0f04-c58a-4c06-af49-0cb4186ca166"; depth:47; endswith; nocase; http.host; content:"ew8mvpi7.shartbandikade.online"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863948/; classtype:trojan-activity;sid:84727048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.113.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863947/; classtype:trojan-activity;sid:84727047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.68.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863946/; classtype:trojan-activity;sid:84727046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3bda8235-2912-4c46-933b-7b088c932149"; depth:37; endswith; nocase; http.host; content:"jyvartai.hugugdaryayi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863945/; classtype:trojan-activity;sid:84727045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.81.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863944/; classtype:trojan-activity;sid:84727044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.115.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863943/; classtype:trojan-activity;sid:84727043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ic3iseeyoujewishpigeons.sh"; depth:27; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863942/; classtype:trojan-activity;sid:84727042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.150.202"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863941/; classtype:trojan-activity;sid:84727041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.249.193.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863939/; classtype:trojan-activity;sid:84727039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.159.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863940/; classtype:trojan-activity;sid:84727040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb659031-a24c-4ca9-9059-f15251b727de"; depth:37; endswith; nocase; http.host; content:"cjfwh.drivingbook.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863938/; classtype:trojan-activity;sid:84727038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.68.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863937/; classtype:trojan-activity;sid:84727037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b76e67c7-855c-48ac-b260-0c113467620e"; depth:47; endswith; nocase; http.host; content:"dkcxfqn2.gavaedfagahe.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863936/; classtype:trojan-activity;sid:84727036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.10.132.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863935/; classtype:trojan-activity;sid:84727035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d5e34d7-ad58-4df4-8c4d-1a8794cb0668"; depth:37; endswith; nocase; http.host; content:"psmecdlr.hugugedari.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863934/; classtype:trojan-activity;sid:84727034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.159.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863933/; classtype:trojan-activity;sid:84727033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.249.193.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863932/; classtype:trojan-activity;sid:84727032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.36.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863931/; classtype:trojan-activity;sid:84727031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.27.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863930/; classtype:trojan-activity;sid:84727030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.36.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863929/; classtype:trojan-activity;sid:84727029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.145.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863928/; classtype:trojan-activity;sid:84727028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df880418-2c8e-4016-bf40-08d69ea5f890"; depth:37; endswith; nocase; http.host; content:"dngzhceb.hugugmadani3.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863927/; classtype:trojan-activity;sid:84727027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e4bc025b-e2c5-4321-9359-e6ba727d7cb7"; depth:37; endswith; nocase; http.host; content:"mhhalmi.pokerkade.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863926/; classtype:trojan-activity;sid:84727026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.27.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863925/; classtype:trojan-activity;sid:84727025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.2.241"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863924/; classtype:trojan-activity;sid:84727024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.1"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863923/; classtype:trojan-activity;sid:84727023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.12"; depth:13; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863922/; classtype:trojan-activity;sid:84727022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.3"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863910/; classtype:trojan-activity;sid:84727010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.7"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863911/; classtype:trojan-activity;sid:84727011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.13"; depth:13; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863912/; classtype:trojan-activity;sid:84727012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.2"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863913/; classtype:trojan-activity;sid:84727013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.9"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863914/; classtype:trojan-activity;sid:84727014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.10"; depth:13; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863915/; classtype:trojan-activity;sid:84727015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.8"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863916/; classtype:trojan-activity;sid:84727016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.5"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863917/; classtype:trojan-activity;sid:84727017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.11"; depth:13; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863918/; classtype:trojan-activity;sid:84727018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/areyouajew.sh"; depth:14; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863919/; classtype:trojan-activity;sid:84727019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.4"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863920/; classtype:trojan-activity;sid:84727020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/godisdead.6"; depth:12; endswith; nocase; http.host; content:"152.236.4.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863921/; classtype:trojan-activity;sid:84727021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863909/; classtype:trojan-activity;sid:84727009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43675522-e346-41dd-a059-72da97631052"; depth:37; endswith; nocase; http.host; content:"nwklhlmm.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863908/; classtype:trojan-activity;sid:84727008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4245e366-8a5a-4fda-96ad-c495fee597a8"; depth:37; endswith; nocase; http.host; content:"ezrzb.downloadquran.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863907/; classtype:trojan-activity;sid:84727007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863906/; classtype:trojan-activity;sid:84727006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.219.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863905/; classtype:trojan-activity;sid:84727005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.193.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863904/; classtype:trojan-activity;sid:84727004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.37.236"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863903/; classtype:trojan-activity;sid:84727003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863902/; classtype:trojan-activity;sid:84727002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0903d582-cca8-4b4e-91ad-d09b88706561"; depth:47; endswith; nocase; http.host; content:"2igj4kg6.shartbandifootballkade.online"; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863901/; classtype:trojan-activity;sid:84727001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.89.69"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863900/; classtype:trojan-activity;sid:84727000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=16d95c5e-0be9-49f4-8a92-3268ffc2686f"; depth:47; endswith; nocase; http.host; content:"9fmgmj87.garatequran.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863899/; classtype:trojan-activity;sid:84726999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4d9ae84a-905f-418c-baa2-4e050ff69ce2"; depth:47; endswith; nocase; http.host; content:"wgtpfakz.akhlagvaahkam.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863898/; classtype:trojan-activity;sid:84726998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.37.236"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863897/; classtype:trojan-activity;sid:84726997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/790b17d6-da34-4360-8e08-798766b701d4"; depth:37; endswith; nocase; http.host; content:"xmxmplzc.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863896/; classtype:trojan-activity;sid:84726996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.36.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863895/; classtype:trojan-activity;sid:84726995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.89.69"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863894/; classtype:trojan-activity;sid:84726994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.161.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863893/; classtype:trojan-activity;sid:84726993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.110.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863892/; classtype:trojan-activity;sid:84726992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.252.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863891/; classtype:trojan-activity;sid:84726991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863889/; classtype:trojan-activity;sid:84726989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863890/; classtype:trojan-activity;sid:84726990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.110.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863888/; classtype:trojan-activity;sid:84726988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.106.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863887/; classtype:trojan-activity;sid:84726987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.106.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863886/; classtype:trojan-activity;sid:84726986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.36.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863885/; classtype:trojan-activity;sid:84726985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4f133f44-f638-4ae9-83aa-4f06f185ba9b"; depth:37; endswith; nocase; http.host; content:"qjgjbwpw.hugugnasiri.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863884/; classtype:trojan-activity;sid:84726984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.90.82"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863883/; classtype:trojan-activity;sid:84726983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.252.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863882/; classtype:trojan-activity;sid:84726982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.125.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863881/; classtype:trojan-activity;sid:84726981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.229.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863880/; classtype:trojan-activity;sid:84726980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/468e3159-5088-4ee5-b05a-cc7de4e0e1bf"; depth:37; endswith; nocase; http.host; content:"cdvmgdw.melbetkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863879/; classtype:trojan-activity;sid:84726979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3c2de44-ba26-4ff8-ba84-0d5b9bca7a4a"; depth:37; endswith; nocase; http.host; content:"dpphq.differentialmamuli.store"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863878/; classtype:trojan-activity;sid:84726978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.204.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863877/; classtype:trojan-activity;sid:84726977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.32.109"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863876/; classtype:trojan-activity;sid:84726976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.248.157.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863875/; classtype:trojan-activity;sid:84726975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f24f6b9b-640c-44f9-9a26-05743b8f3119"; depth:37; endswith; nocase; http.host; content:"wutgubeq.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863874/; classtype:trojan-activity;sid:84726974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.189.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863873/; classtype:trojan-activity;sid:84726973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.248.157.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863872/; classtype:trojan-activity;sid:84726972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.31.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863871/; classtype:trojan-activity;sid:84726971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8c46a6d7-e205-4036-b9aa-d31c4d60e3ba"; depth:47; endswith; nocase; http.host; content:"ttr6z4z6.moarefeslami.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863870/; classtype:trojan-activity;sid:84726970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.198.15"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863869/; classtype:trojan-activity;sid:84726969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.8.118.17"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863868/; classtype:trojan-activity;sid:84726968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.86.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863867/; classtype:trojan-activity;sid:84726967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9eb5aec8-8438-4acd-9cf2-b612af760d3e"; depth:37; endswith; nocase; http.host; content:"fmhkmjyi.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863866/; classtype:trojan-activity;sid:84726966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.230.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863865/; classtype:trojan-activity;sid:84726965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.5.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863864/; classtype:trojan-activity;sid:84726964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863863/; classtype:trojan-activity;sid:84726963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.31.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863862/; classtype:trojan-activity;sid:84726962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.5.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863861/; classtype:trojan-activity;sid:84726961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32215893-67aa-4426-8368-31ccf3b184f7"; depth:37; endswith; nocase; http.host; content:"edtmogyp.red90.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863859/; classtype:trojan-activity;sid:84726959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d46e84ed-ed85-4d8f-8c00-e46f976531bb"; depth:37; endswith; nocase; http.host; content:"tkzvl.nagshekeshi.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863860/; classtype:trojan-activity;sid:84726960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1633a656-a511-40cc-8510-7db2d3287e63"; depth:47; endswith; nocase; http.host; content:"5w4mouaz.shansline.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863858/; classtype:trojan-activity;sid:84726958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863857/; classtype:trojan-activity;sid:84726957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.230.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863856/; classtype:trojan-activity;sid:84726956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863855/; classtype:trojan-activity;sid:84726955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.7.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863854/; classtype:trojan-activity;sid:84726954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.10.132.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863853/; classtype:trojan-activity;sid:84726953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.22.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863852/; classtype:trojan-activity;sid:84726952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01081363-29bc-4b0d-9ac7-9c5b3e4c7b66"; depth:37; endswith; nocase; http.host; content:"cowhdabq.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863851/; classtype:trojan-activity;sid:84726951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.79.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863850/; classtype:trojan-activity;sid:84726950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.103.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863849/; classtype:trojan-activity;sid:84726949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=826a75e3-4abf-4811-a120-472468541a97"; depth:47; endswith; nocase; http.host; content:"x6veozdp.ganuneasasi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863848/; classtype:trojan-activity;sid:84726948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.245.6.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863847/; classtype:trojan-activity;sid:84726947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17e58e67-f61d-446c-ac65-355bdf440116"; depth:37; endswith; nocase; http.host; content:"sjgnfsm.megaparikade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863846/; classtype:trojan-activity;sid:84726946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a274e982-7057-438c-8c3a-c0984f407f4c"; depth:37; endswith; nocase; http.host; content:"hkhyaprc.betyek.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863845/; classtype:trojan-activity;sid:84726945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.245.6.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863844/; classtype:trojan-activity;sid:84726944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.205.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863843/; classtype:trojan-activity;sid:84726943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.131.130.85"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863842/; classtype:trojan-activity;sid:84726942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/901081a1-f2d6-4ae8-9cb8-58f09a215ad8"; depth:37; endswith; nocase; http.host; content:"rpndf.mustatabashpazi.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863841/; classtype:trojan-activity;sid:84726941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863840/; classtype:trojan-activity;sid:84726940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2a529807-a2af-4d7f-8cfd-201bb73ee73d"; depth:37; endswith; nocase; http.host; content:"geirvzju.betxane.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863839/; classtype:trojan-activity;sid:84726939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=97ee8911-4035-4d21-b429-d051f400c6fd"; depth:47; endswith; nocase; http.host; content:"u4b0eg10.akhlagkarbordi.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863838/; classtype:trojan-activity;sid:84726938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.42.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863837/; classtype:trojan-activity;sid:84726937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863836/; classtype:trojan-activity;sid:84726936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.221.254.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863834/; classtype:trojan-activity;sid:84726934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863835/; classtype:trojan-activity;sid:84726935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.229.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863833/; classtype:trojan-activity;sid:84726933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de4fcd83-c1fd-463c-ada8-43d690e95047"; depth:37; endswith; nocase; http.host; content:"xipuryqj.betwanna.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863832/; classtype:trojan-activity;sid:84726932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.155.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863831/; classtype:trojan-activity;sid:84726931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863830/; classtype:trojan-activity;sid:84726930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.200.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863828/; classtype:trojan-activity;sid:84726928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.53.79"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863829/; classtype:trojan-activity;sid:84726929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=81193bbf-17a7-4199-bdfd-7d66a9ca105b"; depth:47; endswith; nocase; http.host; content:"ukpoojmk.shansbartar.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863827/; classtype:trojan-activity;sid:84726927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.53.79"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863826/; classtype:trojan-activity;sid:84726926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2c030ca-a427-46e1-aff4-47cf37c27df9"; depth:37; endswith; nocase; http.host; content:"wumyhfj.livebetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863825/; classtype:trojan-activity;sid:84726925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=afe56ead-49bb-4363-bf54-a24800be8320"; depth:47; endswith; nocase; http.host; content:"9w0va69z.shansbartar.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863824/; classtype:trojan-activity;sid:84726924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.221.254.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863823/; classtype:trojan-activity;sid:84726923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.200.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863822/; classtype:trojan-activity;sid:84726922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=67e1e0e1-f66f-444a-a206-21f0d13d6906"; depth:47; endswith; nocase; http.host; content:"1fqobn4w.hattrickbetkade.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863821/; classtype:trojan-activity;sid:84726921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863820/; classtype:trojan-activity;sid:84726920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.114.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863819/; classtype:trojan-activity;sid:84726919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c6bac874-d125-4803-8d94-4ff40719661f"; depth:37; endswith; nocase; http.host; content:"raqmk.mururhesabdari.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863818/; classtype:trojan-activity;sid:84726918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a31854b-2960-46cd-a8ff-3d9c4e9c3922"; depth:37; endswith; nocase; http.host; content:"hqqacfwe.betforwardkade.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863817/; classtype:trojan-activity;sid:84726917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863816/; classtype:trojan-activity;sid:84726916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.229.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863815/; classtype:trojan-activity;sid:84726915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=baf5d98c-f8d0-4fb7-b350-b32330c3af71"; depth:47; endswith; nocase; http.host; content:"k96h8q0b.fubet24.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863814/; classtype:trojan-activity;sid:84726914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.114.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863813/; classtype:trojan-activity;sid:84726913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.233.228"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863812/; classtype:trojan-activity;sid:84726912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.64.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863811/; classtype:trojan-activity;sid:84726911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.230.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863810/; classtype:trojan-activity;sid:84726910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f6ad6156-9e6b-4107-875a-d77ae80b13bf"; depth:37; endswith; nocase; http.host; content:"yzqzbtkr.betfidokade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863809/; classtype:trojan-activity;sid:84726909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863808/; classtype:trojan-activity;sid:84726908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.64.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863807/; classtype:trojan-activity;sid:84726907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.230.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863806/; classtype:trojan-activity;sid:84726906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.79.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863805/; classtype:trojan-activity;sid:84726905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.27.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863804/; classtype:trojan-activity;sid:84726904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.246.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863803/; classtype:trojan-activity;sid:84726903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4e744f4c-cf9f-4294-a519-bcfde531e11a"; depth:47; endswith; nocase; http.host; content:"hopmx6jx.enfejarkade.online"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863802/; classtype:trojan-activity;sid:84726902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a043036d-90bc-4ad7-85ed-b9e416eb0c34"; depth:37; endswith; nocase; http.host; content:"dxxxyoqr.bet313.org"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863801/; classtype:trojan-activity;sid:84726901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.89.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863800/; classtype:trojan-activity;sid:84726900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1098e15d-3b67-4383-a488-091e1bf8ab38"; depth:37; endswith; nocase; http.host; content:"ukfxv.motuntakhasosi.store"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863799/; classtype:trojan-activity;sid:84726899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863798/; classtype:trojan-activity;sid:84726898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.16.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863797/; classtype:trojan-activity;sid:84726897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.246.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863796/; classtype:trojan-activity;sid:84726896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bd90f46b-8f17-474d-af62-e35cc1570076"; depth:37; endswith; nocase; http.host; content:"llfarlit.bet120x.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863795/; classtype:trojan-activity;sid:84726895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.134.28.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863794/; classtype:trojan-activity;sid:84726894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.16.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863793/; classtype:trojan-activity;sid:84726893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.225.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863792/; classtype:trojan-activity;sid:84726892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclearbomb.exe"; depth:16; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863791/; classtype:trojan-activity;sid:84726891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sprd2.exe"; depth:10; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863790/; classtype:trojan-activity;sid:84726890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0298dea3-f658-4b0b-94af-882ca799cd26"; depth:37; endswith; nocase; http.host; content:"vidsloii.bcgamekade.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863789/; classtype:trojan-activity;sid:84726889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.79.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863788/; classtype:trojan-activity;sid:84726888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.202.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863787/; classtype:trojan-activity;sid:84726887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.79.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863786/; classtype:trojan-activity;sid:84726886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.185.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863785/; classtype:trojan-activity;sid:84726885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c780b678-4742-4be3-8c2e-221f98945a0a"; depth:47; endswith; nocase; http.host; content:"g1zevlqh.casinokade.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863784/; classtype:trojan-activity;sid:84726884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7b67ccc7-c03e-4ada-bf00-56c60f3f46e3"; depth:37; endswith; nocase; http.host; content:"whitfkos.ace9bet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863783/; classtype:trojan-activity;sid:84726883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.185.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863781/; classtype:trojan-activity;sid:84726881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.227.251.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863782/; classtype:trojan-activity;sid:84726882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29c283b3-28d8-4406-a383-8e0ad5565830"; depth:37; endswith; nocase; http.host; content:"oywlk.motorbook.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863780/; classtype:trojan-activity;sid:84726880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.223.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863779/; classtype:trojan-activity;sid:84726879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=18951263-3db3-4678-8840-193281461614"; depth:47; endswith; nocase; http.host; content:"b383rztk.bordestan.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863778/; classtype:trojan-activity;sid:84726878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.82.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863777/; classtype:trojan-activity;sid:84726877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.82.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863776/; classtype:trojan-activity;sid:84726876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.202.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863775/; classtype:trojan-activity;sid:84726875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1b1dd147-3e23-4049-b3f2-8e651760df72"; depth:47; endswith; nocase; http.host; content:"dtphi824.akhbarsport.info"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863774/; classtype:trojan-activity;sid:84726874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.114.32.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863773/; classtype:trojan-activity;sid:84726873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.252.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863772/; classtype:trojan-activity;sid:84726872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.76.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863771/; classtype:trojan-activity;sid:84726871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efb36945-6042-4c41-89b3-024021ac017a"; depth:37; endswith; nocase; http.host; content:"rngvl.bilyardkade.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863770/; classtype:trojan-activity;sid:84726870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.241.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863769/; classtype:trojan-activity;sid:84726869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d6907b3e-3be2-40c6-a525-1245d05ece98"; depth:37; endswith; nocase; http.host; content:"burreepr.ace90betkade.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863768/; classtype:trojan-activity;sid:84726868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp1.sh"; depth:9; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863767/; classtype:trojan-activity;sid:84726867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sex.sh"; depth:7; endswith; nocase; http.host; content:"143.20.185.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863766/; classtype:trojan-activity;sid:84726866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.241.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863765/; classtype:trojan-activity;sid:84726865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.183.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863764/; classtype:trojan-activity;sid:84726864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.85.241"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863763/; classtype:trojan-activity;sid:84726863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c60ff44a-cc27-4097-b1d4-b6db11142541"; depth:47; endswith; nocase; http.host; content:"euerx2bw.linebetkade.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863762/; classtype:trojan-activity;sid:84726862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.165.125.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863761/; classtype:trojan-activity;sid:84726861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.167.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863760/; classtype:trojan-activity;sid:84726860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/135c5f82-18a4-46e5-ad5d-3439132e24f9"; depth:37; endswith; nocase; http.host; content:"wnwrwqfz.4030bet.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863759/; classtype:trojan-activity;sid:84726859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57b80f71-793d-4f39-b813-3b7358fd697d"; depth:37; endswith; nocase; http.host; content:"nylmc.hotbetkade.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863758/; classtype:trojan-activity;sid:84726858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863757/; classtype:trojan-activity;sid:84726857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.155.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863756/; classtype:trojan-activity;sid:84726856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_x64.exe"; depth:12; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863755/; classtype:trojan-activity;sid:84726855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62b70cd7-91c9-4cf3-8a64-6387ff78e97a"; depth:37; endswith; nocase; http.host; content:"kfwne.moshavereravan.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863754/; classtype:trojan-activity;sid:84726854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.38.150.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863753/; classtype:trojan-activity;sid:84726853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.167.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863752/; classtype:trojan-activity;sid:84726852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72127d19-2205-4c40-b4be-45259ef03cd2"; depth:37; endswith; nocase; http.host; content:"tngbqcwl.22betkade.online"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863751/; classtype:trojan-activity;sid:84726851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.186.230.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863750/; classtype:trojan-activity;sid:84726850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1788c3a8-4ad3-4ca9-b8c1-ebe8388185d2"; depth:37; endswith; nocase; http.host; content:"gzcgy.hiwino.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863749/; classtype:trojan-activity;sid:84726849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.61.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863748/; classtype:trojan-activity;sid:84726848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b92525972d65ba7f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863747/; classtype:trojan-activity;sid:84726847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips2"; depth:6; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863746/; classtype:trojan-activity;sid:84726846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_34a9e7e80dbe267c.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863745/; classtype:trojan-activity;sid:84726845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=40c01a42-5bcf-48a3-9aa0-69f4b0a97470"; depth:47; endswith; nocase; http.host; content:"cxdba2b3.zabanmemari.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863744/; classtype:trojan-activity;sid:84726844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.7.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863743/; classtype:trojan-activity;sid:84726843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.224.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863742/; classtype:trojan-activity;sid:84726842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863741/; classtype:trojan-activity;sid:84726841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.24.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863740/; classtype:trojan-activity;sid:84726840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c9976b75-3c80-4727-be15-1bc028470169"; depth:37; endswith; nocase; http.host; content:"htftvttj.1xyek.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863739/; classtype:trojan-activity;sid:84726839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.236.148.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863738/; classtype:trojan-activity;sid:84726838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.224.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863737/; classtype:trojan-activity;sid:84726837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.182.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863736/; classtype:trojan-activity;sid:84726836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0bf3816c-4185-4fc4-bed7-1034fe957ad5"; depth:37; endswith; nocase; http.host; content:"twhjk.hazaratkade.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863735/; classtype:trojan-activity;sid:84726835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.24.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863734/; classtype:trojan-activity;sid:84726834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1090d905-000b-48dc-9070-2aa14e39cc7d"; depth:47; endswith; nocase; http.host; content:"ncom2n7n.jetbetkade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863733/; classtype:trojan-activity;sid:84726833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863732/; classtype:trojan-activity;sid:84726832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.17.16.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863731/; classtype:trojan-activity;sid:84726831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c964c57c-c1b2-4efa-a6fd-2817b7f5e3d5"; depth:47; endswith; nocase; http.host; content:"bv2rvqh6.zabanhaggani.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863730/; classtype:trojan-activity;sid:84726830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/497eebb3-18c4-4192-8bb4-7724f6fb0085"; depth:37; endswith; nocase; http.host; content:"hodomoxq.1xborokade.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863729/; classtype:trojan-activity;sid:84726829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/344932c8-b0ba-489e-a9b2-76a4bcf0be19"; depth:37; endswith; nocase; http.host; content:"ygfnk.darsnamejame.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863728/; classtype:trojan-activity;sid:84726828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.182.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863727/; classtype:trojan-activity;sid:84726827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.98.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863726/; classtype:trojan-activity;sid:84726826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.94.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863725/; classtype:trojan-activity;sid:84726825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aee5e6bd-31fb-4721-ad36-baf0aa2ee5bb"; depth:37; endswith; nocase; http.host; content:"emqlb.tahlilsazeha.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863724/; classtype:trojan-activity;sid:84726824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1e9c3e49-69df-446c-9b8a-374b1ec34d65"; depth:37; endswith; nocase; http.host; content:"zjfxfoev.1xbitkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863723/; classtype:trojan-activity;sid:84726823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.120.194"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863722/; classtype:trojan-activity;sid:84726822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.38.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863721/; classtype:trojan-activity;sid:84726821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_dae96b431f16be7b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863720/; classtype:trojan-activity;sid:84726820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.38.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863718/; classtype:trojan-activity;sid:84726818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.94.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863719/; classtype:trojan-activity;sid:84726819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.105.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863717/; classtype:trojan-activity;sid:84726817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/477d98c2-f89e-4c84-85d4-1662df131e9c"; depth:37; endswith; nocase; http.host; content:"ljist.sanjeshvaandazegiri.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863716/; classtype:trojan-activity;sid:84726816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.105.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863715/; classtype:trojan-activity;sid:84726815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daa792e7-022c-4055-aff8-75e28ca72870"; depth:37; endswith; nocase; http.host; content:"vspdk.tahgigbazargan.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863714/; classtype:trojan-activity;sid:84726814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4265d36b-030b-4287-b754-ffb8ea50aee1"; depth:37; endswith; nocase; http.host; content:"rizvw.sanjeshravani.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863713/; classtype:trojan-activity;sid:84726813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6de4dbf6-1ef5-4812-9167-b27f590b467e"; depth:47; endswith; nocase; http.host; content:"g29aiuih.zabanenglishanari.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863712/; classtype:trojan-activity;sid:84726812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89e4471d-de61-4dba-83fb-0fdd5dcf8177"; depth:37; endswith; nocase; http.host; content:"jsyao.tafsirquran.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863711/; classtype:trojan-activity;sid:84726811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ac47d52b-ba87-40bf-be40-9eee7bba1b9f"; depth:47; endswith; nocase; http.host; content:"yc282mnt.hesabdarinoravesh.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863710/; classtype:trojan-activity;sid:84726810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f1c8383-fe7a-4a3d-9f7c-fd722b7999fc"; depth:37; endswith; nocase; http.host; content:"obxan.daneshkhanevade.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863709/; classtype:trojan-activity;sid:84726809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.191.125.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863708/; classtype:trojan-activity;sid:84726808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.70.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863707/; classtype:trojan-activity;sid:84726807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244fa440-f3b8-4d3d-b17a-70a3df08ea9a"; depth:37; endswith; nocase; http.host; content:"eejgo.sakhtemandade.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863706/; classtype:trojan-activity;sid:84726806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.182.119.162"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863705/; classtype:trojan-activity;sid:84726805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.191.125.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863704/; classtype:trojan-activity;sid:84726804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ba88e0ae-8bb3-4f8e-843c-2be73168c634"; depth:47; endswith; nocase; http.host; content:"ydcgvobr.tarbiatbadani.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863703/; classtype:trojan-activity;sid:84726803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.221.253.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863702/; classtype:trojan-activity;sid:84726802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.44.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863701/; classtype:trojan-activity;sid:84726801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.234.118.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863700/; classtype:trojan-activity;sid:84726800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"153.117.6.41"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863699/; classtype:trojan-activity;sid:84726799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.184.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863698/; classtype:trojan-activity;sid:84726798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.70.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863697/; classtype:trojan-activity;sid:84726797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65244cb7-a737-45e5-8bf6-344f906a677d"; depth:37; endswith; nocase; http.host; content:"fuwtp.tafsirnasiri.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863696/; classtype:trojan-activity;sid:84726796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.218.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863695/; classtype:trojan-activity;sid:84726795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.44.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863694/; classtype:trojan-activity;sid:84726794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d2711b5e-9e6b-4231-826f-87a289cb830d"; depth:47; endswith; nocase; http.host; content:"uss6wss6.hesabdarieskandari.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863693/; classtype:trojan-activity;sid:84726793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4304338c-60f7-48c9-9780-9e54c7c27657"; depth:37; endswith; nocase; http.host; content:"qsbsd.sadreislam.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863692/; classtype:trojan-activity;sid:84726792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.184.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863691/; classtype:trojan-activity;sid:84726791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.234.118.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863690/; classtype:trojan-activity;sid:84726790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.221.253.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863689/; classtype:trojan-activity;sid:84726789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.131.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863688/; classtype:trojan-activity;sid:84726788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.218.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863687/; classtype:trojan-activity;sid:84726787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.95.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863686/; classtype:trojan-activity;sid:84726786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.170.136.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863685/; classtype:trojan-activity;sid:84726785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.210.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863684/; classtype:trojan-activity;sid:84726784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6e5f7fe-ac21-4fef-b7ed-e8ea43269d4c"; depth:37; endswith; nocase; http.host; content:"addeg.quranmohagegin.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863683/; classtype:trojan-activity;sid:84726783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.131.92.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863682/; classtype:trojan-activity;sid:84726782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.236.148.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863681/; classtype:trojan-activity;sid:84726781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/194ac1e6-854f-48c7-af0d-63f494d950f1"; depth:37; endswith; nocase; http.host; content:"umnbp.usoleamoozesh.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863680/; classtype:trojan-activity;sid:84726780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f783afd5-b12c-47a9-8b56-afda3b57e382"; depth:37; endswith; nocase; http.host; content:"cswwy.tractor11.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863679/; classtype:trojan-activity;sid:84726779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lonergigs-code/docusign/releases/download/v1.9.1/docusignsetup.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863678/; classtype:trojan-activity;sid:84726778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.68.168.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863677/; classtype:trojan-activity;sid:84726777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.183.1.100"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863676/; classtype:trojan-activity;sid:84726776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b62de9f-b31c-44cd-b520-8560ad73ec56"; depth:37; endswith; nocase; http.host; content:"nbyap.danestanihavarzeshi.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863675/; classtype:trojan-activity;sid:84726775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/effe0897-e609-4091-b03c-9c7eacfb9dea"; depth:37; endswith; nocase; http.host; content:"sqgdb.tractor11.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863674/; classtype:trojan-activity;sid:84726774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.30.103.84"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863673/; classtype:trojan-activity;sid:84726773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f7296dbe-2203-42e0-9f14-db8ad9e84102"; depth:47; endswith; nocase; http.host; content:"coc45rrh.vanatarsim.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863672/; classtype:trojan-activity;sid:84726772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.19.8/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"git.nightcord.st"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863671/; classtype:trojan-activity;sid:84726771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.19.6/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"git.nightcord.st"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863669/; classtype:trojan-activity;sid:84726769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.19.7/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"git.nightcord.st"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863670/; classtype:trojan-activity;sid:84726770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.30.103.84"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863668/; classtype:trojan-activity;sid:84726768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863660/; classtype:trojan-activity;sid:84726760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863661/; classtype:trojan-activity;sid:84726761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863662/; classtype:trojan-activity;sid:84726762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863663/; classtype:trojan-activity;sid:84726763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863664/; classtype:trojan-activity;sid:84726764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863665/; classtype:trojan-activity;sid:84726765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863666/; classtype:trojan-activity;sid:84726766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863667/; classtype:trojan-activity;sid:84726767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863655/; classtype:trojan-activity;sid:84726755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863656/; classtype:trojan-activity;sid:84726756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863657/; classtype:trojan-activity;sid:84726757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863658/; classtype:trojan-activity;sid:84726758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"assets.f1cs-dev.it"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863659/; classtype:trojan-activity;sid:84726759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_next/static/media/ee4c97c61938da5b.js"; depth:39; endswith; nocase; http.host; content:"54328cf8554e67ed-185-174-159-197.serveousercontent.com"; depth:54; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863654/; classtype:trojan-activity;sid:84726754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_next/static/stream/edeb69ed676eee4d.js"; depth:40; endswith; nocase; http.host; content:"views-lan-infant-solve.trycloudflare.com"; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863653/; classtype:trojan-activity;sid:84726753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm4k"; depth:10; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863652/; classtype:trojan-activity;sid:84726752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dipndotsk"; depth:10; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863642/; classtype:trojan-activity;sid:84726742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromek"; depth:8; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863643/; classtype:trojan-activity;sid:84726743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm7"; depth:9; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863644/; classtype:trojan-activity;sid:84726744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm5k"; depth:10; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863645/; classtype:trojan-activity;sid:84726745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dipsk"; depth:6; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863646/; classtype:trojan-activity;sid:84726746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm6k"; depth:10; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863647/; classtype:trojan-activity;sid:84726747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863648/; classtype:trojan-activity;sid:84726748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863649/; classtype:trojan-activity;sid:84726749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm7k"; depth:10; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863650/; classtype:trojan-activity;sid:84726750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"igmc.duckdns.org"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863651/; classtype:trojan-activity;sid:84726751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.183.1.100"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863641/; classtype:trojan-activity;sid:84726741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.149.107.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863640/; classtype:trojan-activity;sid:84726740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.111.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863639/; classtype:trojan-activity;sid:84726739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/51a1db11-2cfd-4243-a99a-a9bb7d239870"; depth:37; endswith; nocase; http.host; content:"esnjo.tractor11.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863638/; classtype:trojan-activity;sid:84726738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"200.112.129.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863637/; classtype:trojan-activity;sid:84726737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ed531e0-eeed-4fd9-a384-daf9396eb04e"; depth:37; endswith; nocase; http.host; content:"brrls.rahnemayenegaresh.site"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863636/; classtype:trojan-activity;sid:84726736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10b11c40-e690-4496-bf35-9275ed152df0"; depth:37; endswith; nocase; http.host; content:"mbxkw.rahnemayenegaresh.site"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863635/; classtype:trojan-activity;sid:84726735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dfe9bbae-7399-47f8-a958-2a2c8e63a120"; depth:47; endswith; nocase; http.host; content:"mauv124k.tarahisystem.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863634/; classtype:trojan-activity;sid:84726734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.111.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863633/; classtype:trojan-activity;sid:84726733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.194"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863632/; classtype:trojan-activity;sid:84726732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.70.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863631/; classtype:trojan-activity;sid:84726731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.80.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863630/; classtype:trojan-activity;sid:84726730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.137.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863629/; classtype:trojan-activity;sid:84726729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.242.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863628/; classtype:trojan-activity;sid:84726728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.148.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863627/; classtype:trojan-activity;sid:84726727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.89.166.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863626/; classtype:trojan-activity;sid:84726726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.203.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863625/; classtype:trojan-activity;sid:84726725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.80.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863624/; classtype:trojan-activity;sid:84726724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.89.166.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863623/; classtype:trojan-activity;sid:84726723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.224.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863622/; classtype:trojan-activity;sid:84726722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cad89886-cd51-421d-a844-b7955e75db47"; depth:37; endswith; nocase; http.host; content:"tfpvi.testranandegi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863621/; classtype:trojan-activity;sid:84726721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.34.242.99"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863620/; classtype:trojan-activity;sid:84726720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863619/; classtype:trojan-activity;sid:84726719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a09e6e12-0f6d-4932-8205-5bb8b68fa8eb"; depth:37; endswith; nocase; http.host; content:"jebclxk.raftarsazmani.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863618/; classtype:trojan-activity;sid:84726718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.148.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863617/; classtype:trojan-activity;sid:84726717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.242.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863616/; classtype:trojan-activity;sid:84726716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.224.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863615/; classtype:trojan-activity;sid:84726715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.213.45.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863614/; classtype:trojan-activity;sid:84726714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863613/; classtype:trojan-activity;sid:84726713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.99.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863612/; classtype:trojan-activity;sid:84726712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59693e3c-df4b-4878-a5be-381f65383988"; depth:37; endswith; nocase; http.host; content:"kagnmzrgu.mabaninazari.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863611/; classtype:trojan-activity;sid:84726711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.187.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863610/; classtype:trojan-activity;sid:84726710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52aa3016-2146-48ad-aab8-111439266345"; depth:37; endswith; nocase; http.host; content:"qtxcrltc.testpaye.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863609/; classtype:trojan-activity;sid:84726709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.74.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863608/; classtype:trojan-activity;sid:84726708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.97.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863607/; classtype:trojan-activity;sid:84726707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a75c7a28-f53d-470a-b3c5-1cd01379278a"; depth:37; endswith; nocase; http.host; content:"qsjvbzp.tahlilsazeha.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863606/; classtype:trojan-activity;sid:84726706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.187.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863605/; classtype:trojan-activity;sid:84726705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bab17a28-af9c-46b6-b2c1-f55df946f01c"; depth:47; endswith; nocase; http.host; content:"arqn7djf.vajename.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863604/; classtype:trojan-activity;sid:84726704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.88.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863603/; classtype:trojan-activity;sid:84726703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.144.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863602/; classtype:trojan-activity;sid:84726702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.251.95"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863601/; classtype:trojan-activity;sid:84726701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.7.20"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863599/; classtype:trojan-activity;sid:84726699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.77.39.248"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863600/; classtype:trojan-activity;sid:84726700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863598/; classtype:trojan-activity;sid:84726698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.88.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863597/; classtype:trojan-activity;sid:84726697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.213.45.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863595/; classtype:trojan-activity;sid:84726695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.85.60.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863596/; classtype:trojan-activity;sid:84726696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8247a00-7b37-48d9-bfbf-ee4c664abcf6"; depth:37; endswith; nocase; http.host; content:"nffhlpcv.testdrivepaye3.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863594/; classtype:trojan-activity;sid:84726694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.166.166"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863593/; classtype:trojan-activity;sid:84726693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.18.172.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863592/; classtype:trojan-activity;sid:84726692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.233.128"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863591/; classtype:trojan-activity;sid:84726691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.144.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863590/; classtype:trojan-activity;sid:84726690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=435c18ad-8ca9-4ec9-9756-058f10289e56"; depth:47; endswith; nocase; http.host; content:"wnfo1c8w.tanasobmafhumi.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863589/; classtype:trojan-activity;sid:84726689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.202.71.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863588/; classtype:trojan-activity;sid:84726688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.162.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863587/; classtype:trojan-activity;sid:84726687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb081ff0-82e9-4d21-9f23-6fc3ba3cbba2"; depth:37; endswith; nocase; http.host; content:"ozymtyh.tahgigbazargan.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863586/; classtype:trojan-activity;sid:84726686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.7.20"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863585/; classtype:trojan-activity;sid:84726685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.170.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863584/; classtype:trojan-activity;sid:84726684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.233.128"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863583/; classtype:trojan-activity;sid:84726683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/354a0040-5bbb-434a-91e2-dd82db39436f"; depth:37; endswith; nocase; http.host; content:"lqlrmchm.tasisathosseini.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863582/; classtype:trojan-activity;sid:84726682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"62.60.130.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863581/; classtype:trojan-activity;sid:84726681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.63.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863580/; classtype:trojan-activity;sid:84726680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d2088237-b23c-4427-979c-6cea4bdf4894"; depth:37; endswith; nocase; http.host; content:"vfxdzptjm.mabaninazaridelavar.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863579/; classtype:trojan-activity;sid:84726679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.164.71.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863578/; classtype:trojan-activity;sid:84726678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.77.39.248"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863577/; classtype:trojan-activity;sid:84726677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.182.119.162"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863576/; classtype:trojan-activity;sid:84726676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/232b6a47-4cd5-4f08-8228-a442a0297e53"; depth:37; endswith; nocase; http.host; content:"zeuephv.tafsirquran.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863575/; classtype:trojan-activity;sid:84726675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.63.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863574/; classtype:trojan-activity;sid:84726674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01864d40-ae3a-4908-b423-e8eca9c482f1"; depth:37; endswith; nocase; http.host; content:"npejbmmk.tarikhravannovin.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863573/; classtype:trojan-activity;sid:84726673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.47.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863572/; classtype:trojan-activity;sid:84726672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.28.220.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863571/; classtype:trojan-activity;sid:84726671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a2cfb2ae-f27d-4cf7-9eba-a1741cdad2bc"; depth:47; endswith; nocase; http.host; content:"qjwhwhzz.hesabdari2.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863570/; classtype:trojan-activity;sid:84726670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.108.24.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863569/; classtype:trojan-activity;sid:84726669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.164.71.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863568/; classtype:trojan-activity;sid:84726668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9e490243-b607-4b54-8c7d-0acb7a157604"; depth:47; endswith; nocase; http.host; content:"rxuuxnyy.shimiumumi.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863567/; classtype:trojan-activity;sid:84726667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.94.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863566/; classtype:trojan-activity;sid:84726666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.42.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863565/; classtype:trojan-activity;sid:84726665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.94.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863564/; classtype:trojan-activity;sid:84726664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.47.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863563/; classtype:trojan-activity;sid:84726663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4be486f2-875a-452d-98c8-ddc4866bef92"; depth:37; endswith; nocase; http.host; content:"rqvfqcgu.tarikhcheravanshenasi.xyz"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863562/; classtype:trojan-activity;sid:84726662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62f26d7d-d705-41d7-bc75-87192f1154de"; depth:37; endswith; nocase; http.host; content:"mnxewnp.tafsirnasiri.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863561/; classtype:trojan-activity;sid:84726661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b5d399b2-813c-4fd6-9fe6-439d097ec74c"; depth:47; endswith; nocase; http.host; content:"8qh80m8o.shimiskoog.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863560/; classtype:trojan-activity;sid:84726660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.17.96"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863559/; classtype:trojan-activity;sid:84726659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.197.114.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863558/; classtype:trojan-activity;sid:84726658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7bd494cf-f5c4-44b0-b3f0-a05557a5524f"; depth:47; endswith; nocase; http.host; content:"ahfq0ebl.ahkam.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863557/; classtype:trojan-activity;sid:84726657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.197.114.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863556/; classtype:trojan-activity;sid:84726656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863554/; classtype:trojan-activity;sid:84726654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863555/; classtype:trojan-activity;sid:84726655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863550/; classtype:trojan-activity;sid:84726650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863551/; classtype:trojan-activity;sid:84726651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863552/; classtype:trojan-activity;sid:84726652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863553/; classtype:trojan-activity;sid:84726653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863549/; classtype:trojan-activity;sid:84726649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863547/; classtype:trojan-activity;sid:84726647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863548/; classtype:trojan-activity;sid:84726648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863544/; classtype:trojan-activity;sid:84726644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863545/; classtype:trojan-activity;sid:84726645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863546/; classtype:trojan-activity;sid:84726646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863543/; classtype:trojan-activity;sid:84726643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/riscv32"; depth:13; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863528/; classtype:trojan-activity;sid:84726628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/or1k"; depth:10; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863529/; classtype:trojan-activity;sid:84726629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/aarch64"; depth:13; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863530/; classtype:trojan-activity;sid:84726630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/powerpc"; depth:13; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863531/; classtype:trojan-activity;sid:84726631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm5k"; depth:10; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863532/; classtype:trojan-activity;sid:84726632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm4k"; depth:10; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863533/; classtype:trojan-activity;sid:84726633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh2"; depth:9; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863534/; classtype:trojan-activity;sid:84726634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dipndotsk"; depth:10; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863535/; classtype:trojan-activity;sid:84726635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm7k"; depth:10; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863536/; classtype:trojan-activity;sid:84726636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/riscv64"; depth:13; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863537/; classtype:trojan-activity;sid:84726637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863538/; classtype:trojan-activity;sid:84726638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863539/; classtype:trojan-activity;sid:84726639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863540/; classtype:trojan-activity;sid:84726640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i386"; depth:10; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863541/; classtype:trojan-activity;sid:84726641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/microblaze"; depth:16; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863542/; classtype:trojan-activity;sid:84726642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm6k"; depth:10; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863523/; classtype:trojan-activity;sid:84726623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dipsk"; depth:6; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863524/; classtype:trojan-activity;sid:84726624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863525/; classtype:trojan-activity;sid:84726625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/loongarch64"; depth:17; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863526/; classtype:trojan-activity;sid:84726626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chromek"; depth:8; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863527/; classtype:trojan-activity;sid:84726627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.17.96"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863522/; classtype:trojan-activity;sid:84726622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.97.19"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863521/; classtype:trojan-activity;sid:84726621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/yarn.sh"; depth:13; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863520/; classtype:trojan-activity;sid:84726620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1io7nfj3rhdfazu4zf6qhc0sowmubmjx2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863519/; classtype:trojan-activity;sid:84726619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=15vbhxqeuodu8weznehcb4ivvlkryyxfg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863518/; classtype:trojan-activity;sid:84726618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.80.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863517/; classtype:trojan-activity;sid:84726617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.97.19"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863516/; classtype:trojan-activity;sid:84726616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.80.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863515/; classtype:trojan-activity;sid:84726615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fe651bd7-9fec-4fc0-920c-4433f5734090"; depth:37; endswith; nocase; http.host; content:"xlrvvrbvb.mabanimashin.site"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863514/; classtype:trojan-activity;sid:84726614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d45137ac-fe15-4e87-8c16-4b9ff6a40afe"; depth:37; endswith; nocase; http.host; content:"syqxxqi.riyaziyattajrobi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863513/; classtype:trojan-activity;sid:84726613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/terminal/connect-runner|3f|flag=7"; depth:38; endswith; nocase; http.host; content:"lab99.sbs"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863512/; classtype:trojan-activity;sid:84726612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/terminal/script|3f|flag=7"; depth:30; endswith; nocase; http.host; content:"lab99.sbs"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863511/; classtype:trojan-activity;sid:84726611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/appdw/app.apk"; depth:23; endswith; nocase; http.host; content:"opmg.top"; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863510/; classtype:trojan-activity;sid:84726610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863508/; classtype:trojan-activity;sid:84726608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"176.65.139.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863509/; classtype:trojan-activity;sid:84726609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_80ffdadbe65cc63f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863507/; classtype:trojan-activity;sid:84726607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.153.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863506/; classtype:trojan-activity;sid:84726606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.249.189"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863505/; classtype:trojan-activity;sid:84726605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.165.157.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863504/; classtype:trojan-activity;sid:84726604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.95.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863503/; classtype:trojan-activity;sid:84726603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.178.144.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863502/; classtype:trojan-activity;sid:84726602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.165.157.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863501/; classtype:trojan-activity;sid:84726601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.153.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863500/; classtype:trojan-activity;sid:84726600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.18.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863499/; classtype:trojan-activity;sid:84726599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d3e146fd-9ddf-4a0d-a6d2-24d39a7df68a"; depth:37; endswith; nocase; http.host; content:"zlsfegg.riyazishahkilid.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863498/; classtype:trojan-activity;sid:84726598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.192.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863497/; classtype:trojan-activity;sid:84726597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.178.144.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863496/; classtype:trojan-activity;sid:84726596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a9880af7-4ec5-41c9-8708-164db92d52dd"; depth:37; endswith; nocase; http.host; content:"omgolqds.sazebetonarme.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863495/; classtype:trojan-activity;sid:84726595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/23acb8ac-eed7-4895-95bf-f10dc88b774b"; depth:37; endswith; nocase; http.host; content:"aegkmnbe.sanjeshvaandazegiri.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863494/; classtype:trojan-activity;sid:84726594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.54.235.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863493/; classtype:trojan-activity;sid:84726593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.206.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863492/; classtype:trojan-activity;sid:84726592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.102.230"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863491/; classtype:trojan-activity;sid:84726591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.166.166"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863490/; classtype:trojan-activity;sid:84726590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.238.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863489/; classtype:trojan-activity;sid:84726589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.114.32.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863488/; classtype:trojan-activity;sid:84726588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.18.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863487/; classtype:trojan-activity;sid:84726587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ee0ca37b-5e14-45e7-8a50-168fe4838e8b"; depth:47; endswith; nocase; http.host; content:"0saw15fk.activereading.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863486/; classtype:trojan-activity;sid:84726586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.212.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863485/; classtype:trojan-activity;sid:84726585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=50279a32-edea-426a-97c2-8f34f4fdf38b"; depth:47; endswith; nocase; http.host; content:"jvvrtt3s.sazehayefooladi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863484/; classtype:trojan-activity;sid:84726584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.202.145.139"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863483/; classtype:trojan-activity;sid:84726583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.54.235.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863482/; classtype:trojan-activity;sid:84726582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.210.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863481/; classtype:trojan-activity;sid:84726581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f3a6cd66-d077-4fb7-8623-e76591a563b8"; depth:37; endswith; nocase; http.host; content:"scrbsmf.activebook.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863480/; classtype:trojan-activity;sid:84726580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53e9dc12-e57d-4867-9efb-aae24d310b97"; depth:37; endswith; nocase; http.host; content:"jwaxmaqh.sanjeshravani.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863479/; classtype:trojan-activity;sid:84726579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.42.91.237"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863478/; classtype:trojan-activity;sid:84726578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.91.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863477/; classtype:trojan-activity;sid:84726577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.91.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863476/; classtype:trojan-activity;sid:84726576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95704a38-1065-4f09-a32d-e52111865611"; depth:37; endswith; nocase; http.host; content:"lvzqrradp.mabanieslami2.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863475/; classtype:trojan-activity;sid:84726575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863473/; classtype:trojan-activity;sid:84726573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.184.50.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863474/; classtype:trojan-activity;sid:84726574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.115.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863472/; classtype:trojan-activity;sid:84726572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.171.199"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863471/; classtype:trojan-activity;sid:84726571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.255.10.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863470/; classtype:trojan-activity;sid:84726570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.190.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863469/; classtype:trojan-activity;sid:84726569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863468/; classtype:trojan-activity;sid:84726568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.40.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863467/; classtype:trojan-activity;sid:84726567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1fc1bd06-7703-42c8-92f7-9ded5fe09759"; depth:37; endswith; nocase; http.host; content:"negnwxwk.sakhtemandade.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863466/; classtype:trojan-activity;sid:84726566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.24.81.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863465/; classtype:trojan-activity;sid:84726565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/439127fa-b8d9-484d-ab12-a7c6ce3eb469"; depth:37; endswith; nocase; http.host; content:"fidixce.abresanishahri.store"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863464/; classtype:trojan-activity;sid:84726564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.115.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863463/; classtype:trojan-activity;sid:84726563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.255.10.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863462/; classtype:trojan-activity;sid:84726562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.190.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863461/; classtype:trojan-activity;sid:84726561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.85.241"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863460/; classtype:trojan-activity;sid:84726560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.76.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863459/; classtype:trojan-activity;sid:84726559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.51.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863458/; classtype:trojan-activity;sid:84726558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863457/; classtype:trojan-activity;sid:84726557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.24.81.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863456/; classtype:trojan-activity;sid:84726556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.57.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863455/; classtype:trojan-activity;sid:84726555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.78.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863454/; classtype:trojan-activity;sid:84726554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.57.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863453/; classtype:trojan-activity;sid:84726553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863452/; classtype:trojan-activity;sid:84726552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.184.50.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863451/; classtype:trojan-activity;sid:84726551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3c3e109-7bd2-41ee-a1b1-7201b7272e23"; depth:37; endswith; nocase; http.host; content:"vdwupypy.sadreislam.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863450/; classtype:trojan-activity;sid:84726550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.228.109.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863449/; classtype:trojan-activity;sid:84726549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07e46f50-2f86-4eeb-8a3a-88c9246e4681"; depth:37; endswith; nocase; http.host; content:"yyyfiub.1x1.pro"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863448/; classtype:trojan-activity;sid:84726548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.76.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863447/; classtype:trojan-activity;sid:84726547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.51.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863446/; classtype:trojan-activity;sid:84726546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863445/; classtype:trojan-activity;sid:84726545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863444/; classtype:trojan-activity;sid:84726544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2df3e49b-8067-4f69-8d20-bf87c3d20ede"; depth:47; endswith; nocase; http.host; content:"2q6xaa8u.ravanshenasisaeedi.xyz"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863443/; classtype:trojan-activity;sid:84726543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f93b6009-3fc8-47c4-9b53-25b98d45547f"; depth:47; endswith; nocase; http.host; content:"epb5v18q.activeintro.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863442/; classtype:trojan-activity;sid:84726542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.48.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863441/; classtype:trojan-activity;sid:84726541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8a688702-f713-4b7b-9b47-d8ff26a0835d"; depth:37; endswith; nocase; http.host; content:"lrvizgxp.lincoplus.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863440/; classtype:trojan-activity;sid:84726540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8587665743/jenzvpg.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863439/; classtype:trojan-activity;sid:84726539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.spc"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863431/; classtype:trojan-activity;sid:84726531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm6"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863432/; classtype:trojan-activity;sid:84726532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863433/; classtype:trojan-activity;sid:84726533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.ppc"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863434/; classtype:trojan-activity;sid:84726534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.mpsl"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863435/; classtype:trojan-activity;sid:84726535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm7"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863436/; classtype:trojan-activity;sid:84726536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.sh4"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863437/; classtype:trojan-activity;sid:84726537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.mips"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863438/; classtype:trojan-activity;sid:84726538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o.xml"; depth:11; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863430/; classtype:trojan-activity;sid:84726530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sex.sh"; depth:12; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863428/; classtype:trojan-activity;sid:84726528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.m68k"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863429/; classtype:trojan-activity;sid:84726529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.x86"; depth:15; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863426/; classtype:trojan-activity;sid:84726526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm5"; depth:16; endswith; nocase; http.host; content:"64.89.162.139"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863427/; classtype:trojan-activity;sid:84726527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.152.35.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863425/; classtype:trojan-activity;sid:84726525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ea103b0c-1067-44fa-883c-b4872f2f96ed"; depth:37; endswith; nocase; http.host; content:"oxcydtg.1x1.cash"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863424/; classtype:trojan-activity;sid:84726524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.10.180.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863423/; classtype:trojan-activity;sid:84726523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.112.233"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863422/; classtype:trojan-activity;sid:84726522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9e28d762-78a6-4478-a19d-f285fd4febc9"; depth:47; endswith; nocase; http.host; content:"kn46xsmt.readthisintro.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863421/; classtype:trojan-activity;sid:84726521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.48.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863420/; classtype:trojan-activity;sid:84726520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a390f682-87b6-43ce-9692-b7c7cf6d0944"; depth:37; endswith; nocase; http.host; content:"bsjmxjbmv.livefootba11.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863419/; classtype:trojan-activity;sid:84726519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"210.10.180.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863418/; classtype:trojan-activity;sid:84726518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/563fbe24-3ecc-4f90-b09a-ea567dac9d27"; depth:37; endswith; nocase; http.host; content:"lkhpttfj.leaguejazire.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863417/; classtype:trojan-activity;sid:84726517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ba163f4a-116c-4d6d-936d-82cbac12aab8"; depth:47; endswith; nocase; http.host; content:"bjuo48bq.ravanroshd.shop"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863416/; classtype:trojan-activity;sid:84726516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.107.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863415/; classtype:trojan-activity;sid:84726515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.250.16.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863414/; classtype:trojan-activity;sid:84726514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86ce6ecb-367c-4c13-b461-19db64aa048a"; depth:37; endswith; nocase; http.host; content:"kdphdmr.rahnemayenegaresh.site"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863413/; classtype:trojan-activity;sid:84726513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.175.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863412/; classtype:trojan-activity;sid:84726512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.210.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863411/; classtype:trojan-activity;sid:84726511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c7b2e1a0-fb3e-459a-b2e2-a7a235b19bdd"; depth:37; endswith; nocase; http.host; content:"uqknomxs.karbordriyaziyat.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863410/; classtype:trojan-activity;sid:84726510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863409/; classtype:trojan-activity;sid:84726509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.175.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863408/; classtype:trojan-activity;sid:84726508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.238.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863407/; classtype:trojan-activity;sid:84726507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c7840707-54a1-4210-b9c2-79a3e77c6bc6"; depth:47; endswith; nocase; http.host; content:"8bk9x8td.ravanshenasinovin.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863406/; classtype:trojan-activity;sid:84726506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.250.16.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863405/; classtype:trojan-activity;sid:84726505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81d4dfb8-434d-4101-8a2b-b34c92fff6b5"; depth:37; endswith; nocase; http.host; content:"djnkywq.raftarsazmani.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863404/; classtype:trojan-activity;sid:84726504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863403/; classtype:trojan-activity;sid:84726503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.237.107.93"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863402/; classtype:trojan-activity;sid:84726502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.233.102.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863401/; classtype:trojan-activity;sid:84726501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb59edae-9ce8-4b70-8814-f9c1489e2130"; depth:37; endswith; nocase; http.host; content:"qeyshvibv.azmoonzare.online"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863400/; classtype:trojan-activity;sid:84726500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.40.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863399/; classtype:trojan-activity;sid:84726499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.40.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863398/; classtype:trojan-activity;sid:84726498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863397/; classtype:trojan-activity;sid:84726497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6c92b240-191d-46a4-8330-115146634057"; depth:37; endswith; nocase; http.host; content:"fdktfbbn.jam-jahani.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863396/; classtype:trojan-activity;sid:84726496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c2613c3f-0f94-436c-950b-bdd680a8515f"; depth:47; endswith; nocase; http.host; content:"pour45yz.ravandarmani.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863395/; classtype:trojan-activity;sid:84726495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.x86"; depth:15; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863394/; classtype:trojan-activity;sid:84726494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.ppc"; depth:15; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863393/; classtype:trojan-activity;sid:84726493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm6"; depth:16; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863389/; classtype:trojan-activity;sid:84726489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm"; depth:15; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863390/; classtype:trojan-activity;sid:84726490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.m68k"; depth:16; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863391/; classtype:trojan-activity;sid:84726491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.spc"; depth:15; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863392/; classtype:trojan-activity;sid:84726492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.mips"; depth:16; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863385/; classtype:trojan-activity;sid:84726485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm5"; depth:16; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863386/; classtype:trojan-activity;sid:84726486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.arm7"; depth:16; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863387/; classtype:trojan-activity;sid:84726487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.mpsl"; depth:16; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863388/; classtype:trojan-activity;sid:84726488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sex.sh"; depth:12; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863384/; classtype:trojan-activity;sid:84726484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zoryn.sh4"; depth:15; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863383/; classtype:trojan-activity;sid:84726483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o.xml"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863382/; classtype:trojan-activity;sid:84726482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863381/; classtype:trojan-activity;sid:84726481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.52.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863380/; classtype:trojan-activity;sid:84726480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.59.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863379/; classtype:trojan-activity;sid:84726479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6578f83e-aef0-4b82-99ba-165bfd563a0f"; depth:37; endswith; nocase; http.host; content:"oivuaiyy.psgnewsiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863378/; classtype:trojan-activity;sid:84726478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/go.exe"; depth:7; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863377/; classtype:trojan-activity;sid:84726477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.70.240.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863376/; classtype:trojan-activity;sid:84726476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.176.107.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863375/; classtype:trojan-activity;sid:84726475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.59.63"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863374/; classtype:trojan-activity;sid:84726474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.28.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863372/; classtype:trojan-activity;sid:84726472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.110.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863373/; classtype:trojan-activity;sid:84726473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.70.240.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863371/; classtype:trojan-activity;sid:84726471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=432d4111-2a57-4935-825a-d1a9c90cb6cb"; depth:47; endswith; nocase; http.host; content:"pipx8iw2.ravanshenasiganji.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863370/; classtype:trojan-activity;sid:84726470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.30.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863369/; classtype:trojan-activity;sid:84726469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.176.107.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863368/; classtype:trojan-activity;sid:84726468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1bad5db-dad5-4719-8b71-f39627bbb275"; depth:37; endswith; nocase; http.host; content:"qlwxqybo.prozhedownload.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863367/; classtype:trojan-activity;sid:84726467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.210.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863366/; classtype:trojan-activity;sid:84726466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.210.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863365/; classtype:trojan-activity;sid:84726465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.71.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863364/; classtype:trojan-activity;sid:84726464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.75.62.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863363/; classtype:trojan-activity;sid:84726463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863361/; classtype:trojan-activity;sid:84726461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.169.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863362/; classtype:trojan-activity;sid:84726462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a174b60a-1cc1-4728-8a1e-0bca24561e58"; depth:37; endswith; nocase; http.host; content:"zjtjokj.quranmohagegin.shop"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863360/; classtype:trojan-activity;sid:84726460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.66.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863359/; classtype:trojan-activity;sid:84726459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.75.62.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863358/; classtype:trojan-activity;sid:84726458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.112.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863357/; classtype:trojan-activity;sid:84726457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.94.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863356/; classtype:trojan-activity;sid:84726456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.52.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863355/; classtype:trojan-activity;sid:84726455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/96193ba5-8a3a-4546-b250-85df46f939f4"; depth:37; endswith; nocase; http.host; content:"jvyzjvqmb.bankefiile.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863354/; classtype:trojan-activity;sid:84726454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66b86068-ca14-4d15-94fa-13ff563634f0"; depth:37; endswith; nocase; http.host; content:"kdthbhbm.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863353/; classtype:trojan-activity;sid:84726453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.158.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863352/; classtype:trojan-activity;sid:84726452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.30.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863351/; classtype:trojan-activity;sid:84726451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsge63sd3/bb.exe"; depth:17; endswith; nocase; http.host; content:"spasopro.at"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863350/; classtype:trojan-activity;sid:84726450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5bfd0e3-9a6f-4d1a-8d24-9031009e4eef"; depth:37; endswith; nocase; http.host; content:"jdxqaihsh.bankefiile.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863349/; classtype:trojan-activity;sid:84726449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ce41ed04-6e0d-493d-8406-3d2cb22ab0bc"; depth:37; endswith; nocase; http.host; content:"bfksnnrp.prozhecart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863348/; classtype:trojan-activity;sid:84726448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1d3745bd-d7aa-420d-a879-dda195b5350f"; depth:47; endswith; nocase; http.host; content:"o0irv3h9.ravabetensani.site"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863347/; classtype:trojan-activity;sid:84726447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.94.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863346/; classtype:trojan-activity;sid:84726446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.170.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863345/; classtype:trojan-activity;sid:84726445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.39.210"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863344/; classtype:trojan-activity;sid:84726444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1d136609-2d79-4699-b44b-8a13abfa77a1"; depth:47; endswith; nocase; http.host; content:"63yoanli.ravanshenasi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863343/; classtype:trojan-activity;sid:84726443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.5.249"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863342/; classtype:trojan-activity;sid:84726442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.233.150.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863341/; classtype:trojan-activity;sid:84726441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.31.81.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863340/; classtype:trojan-activity;sid:84726440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97f72ccb-9bc1-4df0-8ccb-9513f553eff7"; depth:37; endswith; nocase; http.host; content:"rcflwccn.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863339/; classtype:trojan-activity;sid:84726439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.39.210"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863338/; classtype:trojan-activity;sid:84726438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.233.150.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863337/; classtype:trojan-activity;sid:84726437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.5.249"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863336/; classtype:trojan-activity;sid:84726436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.35.78.155"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863335/; classtype:trojan-activity;sid:84726435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d29dd9bb-b33d-4566-bf67-6f3429a5172a"; depth:47; endswith; nocase; http.host; content:"ggc6yxvy.ravanshenakhti.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863334/; classtype:trojan-activity;sid:84726434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.31.81.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863333/; classtype:trojan-activity;sid:84726433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.93.138.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863332/; classtype:trojan-activity;sid:84726432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.146.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863331/; classtype:trojan-activity;sid:84726431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.30.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863330/; classtype:trojan-activity;sid:84726430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/499787d7-5314-47b9-baf6-ae9fd3db0683"; depth:37; endswith; nocase; http.host; content:"eeqagxew.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863329/; classtype:trojan-activity;sid:84726429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=449d5145-fa7f-4892-a0c4-9f6a44b5ffc1"; depth:47; endswith; nocase; http.host; content:"t92hw5pi.nazariyeyadgiri.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863328/; classtype:trojan-activity;sid:84726428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.40.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863327/; classtype:trojan-activity;sid:84726427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.40.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863326/; classtype:trojan-activity;sid:84726426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a9c4c827-2bd1-40a7-aa19-abb15093d431"; depth:37; endswith; nocase; http.host; content:"cwsvmar.qurankarim.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863325/; classtype:trojan-activity;sid:84726425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.83.143"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863324/; classtype:trojan-activity;sid:84726424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.27.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863323/; classtype:trojan-activity;sid:84726423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.30.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863322/; classtype:trojan-activity;sid:84726422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.35.78.155"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863321/; classtype:trojan-activity;sid:84726421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.157.103"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863320/; classtype:trojan-activity;sid:84726420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.160.65"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863319/; classtype:trojan-activity;sid:84726419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.157.103"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863318/; classtype:trojan-activity;sid:84726418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6df0f37a-6ec1-4edb-a16f-4a1b7c198e78"; depth:37; endswith; nocase; http.host; content:"bjihnqisx.bankefile.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863317/; classtype:trojan-activity;sid:84726417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f648a76c-b42c-424b-b9d8-060d8a2e7ad0"; depth:47; endswith; nocase; http.host; content:"ywnrmpf8.rasmfani.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863316/; classtype:trojan-activity;sid:84726416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.138.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863315/; classtype:trojan-activity;sid:84726415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6bb7c077-e0c0-49f3-9828-7b5296dd5f8f"; depth:37; endswith; nocase; http.host; content:"jkkksuzy.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863314/; classtype:trojan-activity;sid:84726414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.83.143"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863313/; classtype:trojan-activity;sid:84726413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.171.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863312/; classtype:trojan-activity;sid:84726412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b244e679-9ccb-4eaf-affc-10f429476cd9"; depth:37; endswith; nocase; http.host; content:"kaiojocv.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863311/; classtype:trojan-activity;sid:84726411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.212.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863310/; classtype:trojan-activity;sid:84726410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.171.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863309/; classtype:trojan-activity;sid:84726409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=06ba3cd0-7bae-411e-95cc-c6809e58aba5"; depth:47; endswith; nocase; http.host; content:"933anmoo.azmoonhayeravani.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863308/; classtype:trojan-activity;sid:84726408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f6bced30-219b-47bd-a756-812cbcc2f235"; depth:47; endswith; nocase; http.host; content:"ljj8nzo0.ravansalamat.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863307/; classtype:trojan-activity;sid:84726407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.43.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863306/; classtype:trojan-activity;sid:84726406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4d6c968c-adb4-4f1a-a4b3-d12720bb3ef5"; depth:37; endswith; nocase; http.host; content:"ramsybxt.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863305/; classtype:trojan-activity;sid:84726405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.20.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863304/; classtype:trojan-activity;sid:84726404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b758971e-9c47-4a35-b457-766d8934041a"; depth:37; endswith; nocase; http.host; content:"nkxkhfp.bet303.app"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863303/; classtype:trojan-activity;sid:84726403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.145.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863302/; classtype:trojan-activity;sid:84726402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.145.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863301/; classtype:trojan-activity;sid:84726401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afb39240-456c-4786-b52a-ee542a939e45"; depth:37; endswith; nocase; http.host; content:"hlgwrpbh.mechanicsayalat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863300/; classtype:trojan-activity;sid:84726400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfee13f3-ae5a-46ed-9261-5be8643867ab"; depth:37; endswith; nocase; http.host; content:"ffynigbdr.barnamenevisi.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863299/; classtype:trojan-activity;sid:84726399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47483aff-5b01-49d9-bb2a-c286b0fe94cd"; depth:37; endswith; nocase; http.host; content:"nlxxwubqf.barnamenevisi.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863298/; classtype:trojan-activity;sid:84726398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863297/; classtype:trojan-activity;sid:84726397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imgp/optimized_msi.png"; depth:23; endswith; nocase; http.host; content:"tmcksa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863296/; classtype:trojan-activity;sid:84726396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_165308.png"; depth:15; endswith; nocase; http.host; content:"robertsanchez.infinityfreeapp.com"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863295/; classtype:trojan-activity;sid:84726395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ninja.exe"; depth:10; endswith; nocase; http.host; content:"agcestksa.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863294/; classtype:trojan-activity;sid:84726394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/unique2/random.exe"; depth:25; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863293/; classtype:trojan-activity;sid:84726393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863292/; classtype:trojan-activity;sid:84726392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.186.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863291/; classtype:trojan-activity;sid:84726391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mix.exe"; depth:8; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863290/; classtype:trojan-activity;sid:84726390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863289/; classtype:trojan-activity;sid:84726389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863288/; classtype:trojan-activity;sid:84726388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f6edb9a78d132c35.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863287/; classtype:trojan-activity;sid:84726387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.mips"; depth:19; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863285/; classtype:trojan-activity;sid:84726385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.mpsl"; depth:17; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863286/; classtype:trojan-activity;sid:84726386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"rupolicce2026.vercel.app"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863284/; classtype:trojan-activity;sid:84726384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nebulaclient462773-4b.jar"; depth:26; endswith; nocase; http.host; content:"nebulaclient.store"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863283/; classtype:trojan-activity;sid:84726383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=97743916-fba3-4189-b5b3-3d05303465fc"; depth:47; endswith; nocase; http.host; content:"98jhjysx.ehtemalatvaamar.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863282/; classtype:trojan-activity;sid:84726382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c3a41c7b-ec39-47e1-95ce-eb70ddeb15d3"; depth:47; endswith; nocase; http.host; content:"znrax5pn.qurandownload.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863281/; classtype:trojan-activity;sid:84726381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed1dfa85-7c77-4dbe-b3e5-0eebddfad571"; depth:37; endswith; nocase; http.host; content:"nibfzvsq.hugugbime.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863280/; classtype:trojan-activity;sid:84726380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863279/; classtype:trojan-activity;sid:84726379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.75.142"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863278/; classtype:trojan-activity;sid:84726378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863277/; classtype:trojan-activity;sid:84726377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.20.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863276/; classtype:trojan-activity;sid:84726376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/453cfc8d-2e6a-4f57-8c09-c3d484a678d4"; depth:37; endswith; nocase; http.host; content:"iacozlci.hugugdaryayi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863275/; classtype:trojan-activity;sid:84726375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.199.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863274/; classtype:trojan-activity;sid:84726374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db594d14-0456-4982-ba21-5ca2cbf5cb10"; depth:37; endswith; nocase; http.host; content:"jksidxrvz.bookdrive.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863273/; classtype:trojan-activity;sid:84726373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cef931d1-8bde-48a5-bfee-f33d899220cf"; depth:37; endswith; nocase; http.host; content:"cmkfhtt.bet303.promo"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863272/; classtype:trojan-activity;sid:84726372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.20.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863271/; classtype:trojan-activity;sid:84726371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.199.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863270/; classtype:trojan-activity;sid:84726370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.69.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863269/; classtype:trojan-activity;sid:84726369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/484be5c9-1685-494b-87eb-466e86857d09"; depth:37; endswith; nocase; http.host; content:"hqvgwxfu.hugugedari.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863268/; classtype:trojan-activity;sid:84726368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.25.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863267/; classtype:trojan-activity;sid:84726367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=54a45800-4f63-4a25-8e56-a5b1f3354a65"; depth:47; endswith; nocase; http.host; content:"zet9r6gg.nahjolbalage.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863266/; classtype:trojan-activity;sid:84726366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.226.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863265/; classtype:trojan-activity;sid:84726365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spy.exe"; depth:8; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863264/; classtype:trojan-activity;sid:84726364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.25.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863263/; classtype:trojan-activity;sid:84726363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.251.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863262/; classtype:trojan-activity;sid:84726362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtk.exe"; depth:8; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863261/; classtype:trojan-activity;sid:84726361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=406d4e27-a2a2-41ca-a250-ccbd2d9c4836"; depth:47; endswith; nocase; http.host; content:"3ze86kcn.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863260/; classtype:trojan-activity;sid:84726360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.188.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863259/; classtype:trojan-activity;sid:84726359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ea765ec-7c07-4245-83a1-ddc5f3fa89d9"; depth:37; endswith; nocase; http.host; content:"bhmgwxvu.hugugmadani3.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863258/; classtype:trojan-activity;sid:84726358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.208.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863257/; classtype:trojan-activity;sid:84726357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1b25d2df-f9c0-4c13-bc63-0a53e3de6018"; depth:47; endswith; nocase; http.host; content:"nzg52z19.questionstest.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863256/; classtype:trojan-activity;sid:84726356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.208.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863255/; classtype:trojan-activity;sid:84726355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.192"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863254/; classtype:trojan-activity;sid:84726354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863253/; classtype:trojan-activity;sid:84726353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.192"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863252/; classtype:trojan-activity;sid:84726352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.176.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863251/; classtype:trojan-activity;sid:84726351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsge63sd3/ok.exe"; depth:17; endswith; nocase; http.host; content:"spasopro.at"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863250/; classtype:trojan-activity;sid:84726350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.235.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863249/; classtype:trojan-activity;sid:84726349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.176.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863248/; classtype:trojan-activity;sid:84726348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.17.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863247/; classtype:trojan-activity;sid:84726347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fda7bb3e-bf97-4309-a400-f2cd1b0109c0"; depth:37; endswith; nocase; http.host; content:"mymrtijp.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863246/; classtype:trojan-activity;sid:84726346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.40.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863245/; classtype:trojan-activity;sid:84726345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.40.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863244/; classtype:trojan-activity;sid:84726344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.79.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863243/; classtype:trojan-activity;sid:84726343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.235.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863242/; classtype:trojan-activity;sid:84726342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.36.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863241/; classtype:trojan-activity;sid:84726341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ff001c6-3aa4-4437-a53d-24bd6b68cd72"; depth:37; endswith; nocase; http.host; content:"yrchbzyin.ecologyardakani.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863240/; classtype:trojan-activity;sid:84726340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.15.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863238/; classtype:trojan-activity;sid:84726338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.38.67.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863239/; classtype:trojan-activity;sid:84726339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.17.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863237/; classtype:trojan-activity;sid:84726337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.226.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863236/; classtype:trojan-activity;sid:84726336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.69.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863235/; classtype:trojan-activity;sid:84726335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16af109d-613e-49dd-afb6-0324c46125c2"; depth:37; endswith; nocase; http.host; content:"amrzjixs.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863234/; classtype:trojan-activity;sid:84726334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.37.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863233/; classtype:trojan-activity;sid:84726333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.arm5"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863228/; classtype:trojan-activity;sid:84726328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.mips"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863229/; classtype:trojan-activity;sid:84726329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.arm7"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863230/; classtype:trojan-activity;sid:84726330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.arm6"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863231/; classtype:trojan-activity;sid:84726331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.arm4"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863232/; classtype:trojan-activity;sid:84726332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/loader.sh"; depth:15; endswith; nocase; http.host; content:"185.227.108.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863227/; classtype:trojan-activity;sid:84726327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.231.145.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863226/; classtype:trojan-activity;sid:84726326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59175a1f-2cd3-42a7-9064-871782a14665"; depth:37; endswith; nocase; http.host; content:"namrqlix.hugugnasiri.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863225/; classtype:trojan-activity;sid:84726325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.15.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863224/; classtype:trojan-activity;sid:84726324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.37.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863223/; classtype:trojan-activity;sid:84726323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.m68k"; depth:18; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863220/; classtype:trojan-activity;sid:84726320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.sh4"; depth:17; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863221/; classtype:trojan-activity;sid:84726321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i486"; depth:18; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863222/; classtype:trojan-activity;sid:84726322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=40ec8981-3017-455d-8b1f-065d84c04839"; depth:47; endswith; nocase; http.host; content:"ghdre2hy.geotechnictahuni.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863218/; classtype:trojan-activity;sid:84726318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c486cbe8-7fd5-4b2c-a94a-b746aa4a81ba"; depth:47; endswith; nocase; http.host; content:"02y48l3v.asibshenasiyahya.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863219/; classtype:trojan-activity;sid:84726319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc"; depth:17; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863214/; classtype:trojan-activity;sid:84726314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm7"; depth:18; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863215/; classtype:trojan-activity;sid:84726315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.sh"; depth:7; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863216/; classtype:trojan-activity;sid:84726316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.sh"; depth:7; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863217/; classtype:trojan-activity;sid:84726317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc440"; depth:20; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863210/; classtype:trojan-activity;sid:84726310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_32"; depth:20; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863211/; classtype:trojan-activity;sid:84726311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm5"; depth:18; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863212/; classtype:trojan-activity;sid:84726312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.sh4"; depth:17; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863213/; classtype:trojan-activity;sid:84726313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm5"; depth:18; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863195/; classtype:trojan-activity;sid:84726295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mips"; depth:18; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863196/; classtype:trojan-activity;sid:84726296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arc"; depth:17; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863197/; classtype:trojan-activity;sid:84726297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc"; depth:17; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863198/; classtype:trojan-activity;sid:84726298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm6"; depth:18; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863199/; classtype:trojan-activity;sid:84726299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_64"; depth:20; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863200/; classtype:trojan-activity;sid:84726300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mips"; depth:18; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863201/; classtype:trojan-activity;sid:84726301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm7"; depth:18; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863202/; classtype:trojan-activity;sid:84726302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.sh"; depth:7; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863203/; classtype:trojan-activity;sid:84726303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_32"; depth:20; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863204/; classtype:trojan-activity;sid:84726304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mipsl"; depth:19; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863205/; classtype:trojan-activity;sid:84726305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm"; depth:17; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863206/; classtype:trojan-activity;sid:84726306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mips"; depth:18; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863207/; classtype:trojan-activity;sid:84726307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arc"; depth:17; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863208/; classtype:trojan-activity;sid:84726308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_64"; depth:20; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863209/; classtype:trojan-activity;sid:84726309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.m68k"; depth:18; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863193/; classtype:trojan-activity;sid:84726293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.sh4"; depth:17; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863194/; classtype:trojan-activity;sid:84726294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i686"; depth:18; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863192/; classtype:trojan-activity;sid:84726292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.m68k"; depth:18; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863190/; classtype:trojan-activity;sid:84726290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mips"; depth:18; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863191/; classtype:trojan-activity;sid:84726291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc440"; depth:20; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863163/; classtype:trojan-activity;sid:84726263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm5"; depth:18; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863164/; classtype:trojan-activity;sid:84726264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm6"; depth:18; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863165/; classtype:trojan-activity;sid:84726265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm5"; depth:18; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863166/; classtype:trojan-activity;sid:84726266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm"; depth:17; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863167/; classtype:trojan-activity;sid:84726267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.spc"; depth:17; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863168/; classtype:trojan-activity;sid:84726268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i686"; depth:18; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863169/; classtype:trojan-activity;sid:84726269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.spc"; depth:17; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863170/; classtype:trojan-activity;sid:84726270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc"; depth:17; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863171/; classtype:trojan-activity;sid:84726271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm"; depth:17; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863172/; classtype:trojan-activity;sid:84726272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm6"; depth:18; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863173/; classtype:trojan-activity;sid:84726273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i686"; depth:18; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863174/; classtype:trojan-activity;sid:84726274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mipsl"; depth:19; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863175/; classtype:trojan-activity;sid:84726275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i486"; depth:18; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863176/; classtype:trojan-activity;sid:84726276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm7"; depth:18; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863177/; classtype:trojan-activity;sid:84726277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc440"; depth:20; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863178/; classtype:trojan-activity;sid:84726278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_32"; depth:20; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863179/; classtype:trojan-activity;sid:84726279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_64"; depth:20; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863180/; classtype:trojan-activity;sid:84726280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc"; depth:17; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863181/; classtype:trojan-activity;sid:84726281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.m68k"; depth:18; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863182/; classtype:trojan-activity;sid:84726282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_32"; depth:20; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863183/; classtype:trojan-activity;sid:84726283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.sh"; depth:7; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863184/; classtype:trojan-activity;sid:84726284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc440"; depth:20; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863185/; classtype:trojan-activity;sid:84726285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mipsl"; depth:19; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863186/; classtype:trojan-activity;sid:84726286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arc"; depth:17; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863187/; classtype:trojan-activity;sid:84726287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i486"; depth:18; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863188/; classtype:trojan-activity;sid:84726288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.spc"; depth:17; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863189/; classtype:trojan-activity;sid:84726289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm"; depth:17; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863155/; classtype:trojan-activity;sid:84726255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mipsl"; depth:19; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863156/; classtype:trojan-activity;sid:84726256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.spc"; depth:17; endswith; nocase; http.host; content:"node.bot.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863157/; classtype:trojan-activity;sid:84726257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i486"; depth:18; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863158/; classtype:trojan-activity;sid:84726258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arc"; depth:17; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863159/; classtype:trojan-activity;sid:84726259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.sh4"; depth:17; endswith; nocase; http.host; content:"grafana.bot.dekma-gay.ru"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863160/; classtype:trojan-activity;sid:84726260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i686"; depth:18; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863161/; classtype:trojan-activity;sid:84726261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm6"; depth:18; endswith; nocase; http.host; content:"node-tls.dekma-gay.ru"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863162/; classtype:trojan-activity;sid:84726262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_64"; depth:20; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863153/; classtype:trojan-activity;sid:84726253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm7"; depth:18; endswith; nocase; http.host; content:"poland.dekma-gay.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863154/; classtype:trojan-activity;sid:84726254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.173.159.215"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863152/; classtype:trojan-activity;sid:84726252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.202.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863151/; classtype:trojan-activity;sid:84726251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.sh4"; depth:17; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863143/; classtype:trojan-activity;sid:84726243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mipsl"; depth:19; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863144/; classtype:trojan-activity;sid:84726244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.spc"; depth:17; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863145/; classtype:trojan-activity;sid:84726245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm5"; depth:18; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863146/; classtype:trojan-activity;sid:84726246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc"; depth:17; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863147/; classtype:trojan-activity;sid:84726247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.m68k"; depth:18; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863148/; classtype:trojan-activity;sid:84726248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arc"; depth:17; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863149/; classtype:trojan-activity;sid:84726249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_32"; depth:20; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863150/; classtype:trojan-activity;sid:84726250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm"; depth:17; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863140/; classtype:trojan-activity;sid:84726240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i686"; depth:18; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863141/; classtype:trojan-activity;sid:84726241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i486"; depth:18; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863142/; classtype:trojan-activity;sid:84726242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mips"; depth:18; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863137/; classtype:trojan-activity;sid:84726237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm6"; depth:18; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863138/; classtype:trojan-activity;sid:84726238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc440"; depth:20; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863139/; classtype:trojan-activity;sid:84726239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.181.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863136/; classtype:trojan-activity;sid:84726236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.169.172"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863135/; classtype:trojan-activity;sid:84726235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80cc8e26-7bc5-4c7d-8101-0a5b92295d09"; depth:37; endswith; nocase; http.host; content:"omzuslys.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863134/; classtype:trojan-activity;sid:84726234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4d9bf206-4f02-4c29-bf31-3db8e617e484"; depth:37; endswith; nocase; http.host; content:"yggwvgi.ramzfile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863133/; classtype:trojan-activity;sid:84726233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.138.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863132/; classtype:trojan-activity;sid:84726232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.181.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863131/; classtype:trojan-activity;sid:84726231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc1b3ebf-91df-413b-91ba-1f82af745ae6"; depth:37; endswith; nocase; http.host; content:"btbwehpkp.drivingbook.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863130/; classtype:trojan-activity;sid:84726230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.169.172"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863129/; classtype:trojan-activity;sid:84726229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.57.51.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863128/; classtype:trojan-activity;sid:84726228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.9.182"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863127/; classtype:trojan-activity;sid:84726227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3f399f2f-2a11-45e1-af84-244e7f064d11"; depth:37; endswith; nocase; http.host; content:"zhrzviveu.downloadquran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863126/; classtype:trojan-activity;sid:84726226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.128.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863125/; classtype:trojan-activity;sid:84726225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.163.134.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863124/; classtype:trojan-activity;sid:84726224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1657364a-1956-4cd2-ae36-55e64ae844a6"; depth:37; endswith; nocase; http.host; content:"ieemaju.akhlageslami.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863123/; classtype:trojan-activity;sid:84726223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.138.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863122/; classtype:trojan-activity;sid:84726222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.75.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863121/; classtype:trojan-activity;sid:84726221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8bb317e6-773c-4c21-a4fa-c6434ad3269a"; depth:37; endswith; nocase; http.host; content:"zyuhgbux.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863120/; classtype:trojan-activity;sid:84726220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.95.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863119/; classtype:trojan-activity;sid:84726219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.137.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863118/; classtype:trojan-activity;sid:84726218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.227.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863117/; classtype:trojan-activity;sid:84726217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.163.134.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863116/; classtype:trojan-activity;sid:84726216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7e8a8c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863103/; classtype:trojan-activity;sid:84726203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caa275"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863104/; classtype:trojan-activity;sid:84726204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/906033"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863105/; classtype:trojan-activity;sid:84726205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70cc1c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863106/; classtype:trojan-activity;sid:84726206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e59d20"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863107/; classtype:trojan-activity;sid:84726207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/861c97"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863108/; classtype:trojan-activity;sid:84726208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d8525d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863109/; classtype:trojan-activity;sid:84726209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50c7a6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863110/; classtype:trojan-activity;sid:84726210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e44d32"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863111/; classtype:trojan-activity;sid:84726211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec5282"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863112/; classtype:trojan-activity;sid:84726212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f0e44b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863113/; classtype:trojan-activity;sid:84726213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f554e9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863114/; classtype:trojan-activity;sid:84726214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0846e8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863115/; classtype:trojan-activity;sid:84726215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82b2c0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863098/; classtype:trojan-activity;sid:84726198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8db4d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863099/; classtype:trojan-activity;sid:84726199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0e1c3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863100/; classtype:trojan-activity;sid:84726200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4dc442"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863101/; classtype:trojan-activity;sid:84726201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/54660b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863102/; classtype:trojan-activity;sid:84726202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ab9a6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863097/; classtype:trojan-activity;sid:84726197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/63cba2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863092/; classtype:trojan-activity;sid:84726192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3f5b35"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863093/; classtype:trojan-activity;sid:84726193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f01921"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863094/; classtype:trojan-activity;sid:84726194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1cc53"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863095/; classtype:trojan-activity;sid:84726195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8715c3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863096/; classtype:trojan-activity;sid:84726196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.75.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863091/; classtype:trojan-activity;sid:84726191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.84.52"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863090/; classtype:trojan-activity;sid:84726190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.137.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863089/; classtype:trojan-activity;sid:84726189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.95.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863088/; classtype:trojan-activity;sid:84726188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.mpsl"; depth:10; endswith; nocase; http.host; content:"31.56.209.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863087/; classtype:trojan-activity;sid:84726187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_450f56fd01ac5677.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863086/; classtype:trojan-activity;sid:84726186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863085/; classtype:trojan-activity;sid:84726185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863079/; classtype:trojan-activity;sid:84726179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863080/; classtype:trojan-activity;sid:84726180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863081/; classtype:trojan-activity;sid:84726181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863082/; classtype:trojan-activity;sid:84726182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863083/; classtype:trojan-activity;sid:84726183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnarmxnxn"; depth:29; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863084/; classtype:trojan-activity;sid:84726184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.sh"; depth:7; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863078/; classtype:trojan-activity;sid:84726178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863074/; classtype:trojan-activity;sid:84726174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863075/; classtype:trojan-activity;sid:84726175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_64"; depth:20; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863076/; classtype:trojan-activity;sid:84726176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm7"; depth:18; endswith; nocase; http.host; content:"45.137.198.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863077/; classtype:trojan-activity;sid:84726177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/675c6a3b-4eee-41cd-9e69-f3256043f7f2"; depth:37; endswith; nocase; http.host; content:"fdmjhbre.jamjahani2026.football"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863073/; classtype:trojan-activity;sid:84726173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863072/; classtype:trojan-activity;sid:84726172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9729fc8e-b337-42c7-b425-00acf0827f4d"; depth:47; endswith; nocase; http.host; content:"kv5kk9gr.angizeshfarahani.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863071/; classtype:trojan-activity;sid:84726171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863070/; classtype:trojan-activity;sid:84726170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=548f0853-1276-43aa-a410-7ecb2ee3a629"; depth:47; endswith; nocase; http.host; content:"6f4t5lvt.fununetadris.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863069/; classtype:trojan-activity;sid:84726169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.238.112.233"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863068/; classtype:trojan-activity;sid:84726168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d5b9d092-02c5-4598-8b1a-8098648447e2"; depth:47; endswith; nocase; http.host; content:"2chci0sm.andisheeslami2.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863067/; classtype:trojan-activity;sid:84726167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_95d2c71c3ff1d697.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863066/; classtype:trojan-activity;sid:84726166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.145.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863065/; classtype:trojan-activity;sid:84726165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.51.208"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863064/; classtype:trojan-activity;sid:84726164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c31a92dd-61d7-4147-9c5d-d9c843c39e7b"; depth:37; endswith; nocase; http.host; content:"gimomouf.red90.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863063/; classtype:trojan-activity;sid:84726163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.189.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863062/; classtype:trojan-activity;sid:84726162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.189.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863061/; classtype:trojan-activity;sid:84726161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.169.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863060/; classtype:trojan-activity;sid:84726160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f6e771b-8281-4eb5-b608-04641391078f"; depth:37; endswith; nocase; http.host; content:"nnvavkl.bet303.promo"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863059/; classtype:trojan-activity;sid:84726159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.51.208"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863058/; classtype:trojan-activity;sid:84726158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.239.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863057/; classtype:trojan-activity;sid:84726157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a0a85d10-ab10-4afc-99ed-21801fc9bc0d"; depth:47; endswith; nocase; http.host; content:"p5k42qtw.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863056/; classtype:trojan-activity;sid:84726156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.39.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863055/; classtype:trojan-activity;sid:84726155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_fb3629ad5ff3ae35.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863054/; classtype:trojan-activity;sid:84726154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/be9cee05-44b4-4661-8e48-7d5b381d51d7"; depth:37; endswith; nocase; http.host; content:"gwofphogw.differentialmamuli.store"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863053/; classtype:trojan-activity;sid:84726153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.77.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863052/; classtype:trojan-activity;sid:84726152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/847b2847-c44b-48ad-ab00-d245f7e7357d"; depth:37; endswith; nocase; http.host; content:"whjdetcc.wrfc8.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863051/; classtype:trojan-activity;sid:84726151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.169.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863050/; classtype:trojan-activity;sid:84726150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e44b2fd8-e901-4483-80be-6b3e50d6b238"; depth:37; endswith; nocase; http.host; content:"qnjutqs.bet303.app"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863049/; classtype:trojan-activity;sid:84726149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.71.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863048/; classtype:trojan-activity;sid:84726148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/552618fb-2f2e-4eb0-98b4-cf081f561638"; depth:37; endswith; nocase; http.host; content:"kwoptitn.restaurantguideaarhus.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863047/; classtype:trojan-activity;sid:84726147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.122.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863046/; classtype:trojan-activity;sid:84726146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca8afdf5-f7f7-4d3f-a73c-fb6e3841160d"; depth:37; endswith; nocase; http.host; content:"yvlenqci.rial.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863045/; classtype:trojan-activity;sid:84726145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.153.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863044/; classtype:trojan-activity;sid:84726144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.242.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863043/; classtype:trojan-activity;sid:84726143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.10.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863042/; classtype:trojan-activity;sid:84726142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f23e8ed9-47b8-409c-99c5-2edaa13aaa46"; depth:47; endswith; nocase; http.host; content:"s8a20vxh.gavaedfagahe.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863041/; classtype:trojan-activity;sid:84726141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.48.151.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863040/; classtype:trojan-activity;sid:84726140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"156.226.92.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863039/; classtype:trojan-activity;sid:84726139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.36.72.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863037/; classtype:trojan-activity;sid:84726137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.156.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863038/; classtype:trojan-activity;sid:84726138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.38.112"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863036/; classtype:trojan-activity;sid:84726136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863025/; classtype:trojan-activity;sid:84726125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863026/; classtype:trojan-activity;sid:84726126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863027/; classtype:trojan-activity;sid:84726127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863028/; classtype:trojan-activity;sid:84726128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863029/; classtype:trojan-activity;sid:84726129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863030/; classtype:trojan-activity;sid:84726130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863031/; classtype:trojan-activity;sid:84726131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863032/; classtype:trojan-activity;sid:84726132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863033/; classtype:trojan-activity;sid:84726133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863034/; classtype:trojan-activity;sid:84726134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863035/; classtype:trojan-activity;sid:84726135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/8b04319774a917eb/init.sh"; depth:27; endswith; nocase; http.host; content:"193.32.162.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863024/; classtype:trojan-activity;sid:84726124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.118.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863023/; classtype:trojan-activity;sid:84726123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16020572.bin"; depth:13; endswith; nocase; http.host; content:"27.124.40.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863022/; classtype:trojan-activity;sid:84726122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monitors.sys"; depth:13; endswith; nocase; http.host; content:"27.124.40.24"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863021/; classtype:trojan-activity;sid:84726121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.31.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863020/; classtype:trojan-activity;sid:84726120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_iktczd.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863019/; classtype:trojan-activity;sid:84726119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_142806.png"; depth:15; endswith; nocase; http.host; content:"gboutros.howto.rocks"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863018/; classtype:trojan-activity;sid:84726118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.52.180.204"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863017/; classtype:trojan-activity;sid:84726117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e53580b1-8be2-4270-a72d-ffa456000476"; depth:37; endswith; nocase; http.host; content:"hzvvlqps.mechanicsayalat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863016/; classtype:trojan-activity;sid:84726116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.36.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863015/; classtype:trojan-activity;sid:84726115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.118.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863014/; classtype:trojan-activity;sid:84726114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.243.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863013/; classtype:trojan-activity;sid:84726113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.10.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863012/; classtype:trojan-activity;sid:84726112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.242.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863011/; classtype:trojan-activity;sid:84726111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.38.112"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863010/; classtype:trojan-activity;sid:84726110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.165.125.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863009/; classtype:trojan-activity;sid:84726109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b7fe9c5-cc6e-4de0-81b8-9bb134e231bf"; depth:37; endswith; nocase; http.host; content:"taiquge.lincoplus.xyz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863008/; classtype:trojan-activity;sid:84726108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=06e93ab9-e7bc-4762-9821-315e0d727aff"; depth:47; endswith; nocase; http.host; content:"1v6le0j1.andisheeslami2.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863007/; classtype:trojan-activity;sid:84726107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.d00"; depth:6; endswith; nocase; http.host; content:"154.198.50.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863006/; classtype:trojan-activity;sid:84726106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dusbng.res"; depth:11; endswith; nocase; http.host; content:"154.198.50.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863005/; classtype:trojan-activity;sid:84726105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.1x1"; depth:6; endswith; nocase; http.host; content:"154.198.50.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863003/; classtype:trojan-activity;sid:84726103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlters.xm"; depth:10; endswith; nocase; http.host; content:"154.198.50.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863004/; classtype:trojan-activity;sid:84726104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.9.8"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863002/; classtype:trojan-activity;sid:84726102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/329611a7-2f4b-4184-948a-d9fde841a071"; depth:37; endswith; nocase; http.host; content:"njwjijvlf.differentialkerayechiyan.store"; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863001/; classtype:trojan-activity;sid:84726101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9b318386-ba10-43fb-9a9e-31da74b70867"; depth:37; endswith; nocase; http.host; content:"tqwyxfee.mechanickhodakarami.shop"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863000/; classtype:trojan-activity;sid:84726100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"178.165.125.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862999/; classtype:trojan-activity;sid:84726099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.183.47.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862998/; classtype:trojan-activity;sid:84726098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phf"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862996/; classtype:trojan-activity;sid:84726096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6blp"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862997/; classtype:trojan-activity;sid:84726097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/devy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862992/; classtype:trojan-activity;sid:84726092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldpg"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862993/; classtype:trojan-activity;sid:84726093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xdd5"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862994/; classtype:trojan-activity;sid:84726094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mffg"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862995/; classtype:trojan-activity;sid:84726095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ocju"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862990/; classtype:trojan-activity;sid:84726090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u5h1"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862991/; classtype:trojan-activity;sid:84726091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olc7"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862988/; classtype:trojan-activity;sid:84726088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ouf8"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862989/; classtype:trojan-activity;sid:84726089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lfg"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862987/; classtype:trojan-activity;sid:84726087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onsn"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862984/; classtype:trojan-activity;sid:84726084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.m65k"; depth:18; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862985/; classtype:trojan-activity;sid:84726085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ylc"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862986/; classtype:trojan-activity;sid:84726086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h1fo"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862983/; classtype:trojan-activity;sid:84726083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9fu"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862982/; classtype:trojan-activity;sid:84726082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meze"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862977/; classtype:trojan-activity;sid:84726077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mok0"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862978/; classtype:trojan-activity;sid:84726078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2dca37"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862979/; classtype:trojan-activity;sid:84726079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5bc63b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862980/; classtype:trojan-activity;sid:84726080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed58c3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862981/; classtype:trojan-activity;sid:84726081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q2mt"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862970/; classtype:trojan-activity;sid:84726070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e8625"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862971/; classtype:trojan-activity;sid:84726071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fd832a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862972/; classtype:trojan-activity;sid:84726072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cd3af"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862973/; classtype:trojan-activity;sid:84726073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f080e1"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862974/; classtype:trojan-activity;sid:84726074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aa259"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862975/; classtype:trojan-activity;sid:84726075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2be1a2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862976/; classtype:trojan-activity;sid:84726076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ygn7"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862968/; classtype:trojan-activity;sid:84726068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaxx"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862969/; classtype:trojan-activity;sid:84726069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvh"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862964/; classtype:trojan-activity;sid:84726064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ph4"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862965/; classtype:trojan-activity;sid:84726065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e7fb51"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862966/; classtype:trojan-activity;sid:84726066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oqc"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862967/; classtype:trojan-activity;sid:84726067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3caeb1"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862962/; classtype:trojan-activity;sid:84726062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdv"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862963/; classtype:trojan-activity;sid:84726063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.pcc"; depth:17; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862955/; classtype:trojan-activity;sid:84726055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c229bf"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862956/; classtype:trojan-activity;sid:84726056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7ea409"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862957/; classtype:trojan-activity;sid:84726057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/909fd4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862958/; classtype:trojan-activity;sid:84726058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/309e07"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862959/; classtype:trojan-activity;sid:84726059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1489d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862960/; classtype:trojan-activity;sid:84726060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b77984"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862961/; classtype:trojan-activity;sid:84726061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/60c20d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862949/; classtype:trojan-activity;sid:84726049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f3ab1"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862950/; classtype:trojan-activity;sid:84726050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/690be1"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862951/; classtype:trojan-activity;sid:84726051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f0b1f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862952/; classtype:trojan-activity;sid:84726052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53814e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862953/; classtype:trojan-activity;sid:84726053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/003259"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862954/; classtype:trojan-activity;sid:84726054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7e4e10"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862936/; classtype:trojan-activity;sid:84726036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/774b97"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862937/; classtype:trojan-activity;sid:84726037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/471d97"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862938/; classtype:trojan-activity;sid:84726038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b57db"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862939/; classtype:trojan-activity;sid:84726039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70e6c0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862940/; classtype:trojan-activity;sid:84726040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e29dea"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862941/; classtype:trojan-activity;sid:84726041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8be722"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862942/; classtype:trojan-activity;sid:84726042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/58a8ee"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862943/; classtype:trojan-activity;sid:84726043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0379ad"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862944/; classtype:trojan-activity;sid:84726044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8c085b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862945/; classtype:trojan-activity;sid:84726045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f57bc8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862946/; classtype:trojan-activity;sid:84726046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fd6142"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862947/; classtype:trojan-activity;sid:84726047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1cbafd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862948/; classtype:trojan-activity;sid:84726048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/147738e5-b1f9-4558-b2de-4121df6ea8ce"; depth:37; endswith; nocase; http.host; content:"slojemw.leaguejazire.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862935/; classtype:trojan-activity;sid:84726035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.9.8"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862934/; classtype:trojan-activity;sid:84726034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"217.183.47.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862933/; classtype:trojan-activity;sid:84726033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.176.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862932/; classtype:trojan-activity;sid:84726032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a21cbc8f-bc4d-4bcb-b758-5b14552d23d8"; depth:37; endswith; nocase; http.host; content:"kuonnjkj.masirpayambari.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862931/; classtype:trojan-activity;sid:84726031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"138.124.123.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862929/; classtype:trojan-activity;sid:84726029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.112.56"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862930/; classtype:trojan-activity;sid:84726030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"138.124.123.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862928/; classtype:trojan-activity;sid:84726028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.158.20"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862927/; classtype:trojan-activity;sid:84726027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pm/nova@trimnt.exe"; depth:19; endswith; nocase; http.host; content:"173.249.202.70"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862926/; classtype:trojan-activity;sid:84726026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.59.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862925/; classtype:trojan-activity;sid:84726025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e758f631-9fed-4513-98c3-29e2e0309139"; depth:37; endswith; nocase; http.host; content:"rlsrlwb.karbordriyaziyat.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862924/; classtype:trojan-activity;sid:84726024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.234.0"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862922/; classtype:trojan-activity;sid:84726022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f5df9931-9242-43f8-8d34-fee161dbb622"; depth:47; endswith; nocase; http.host; content:"4piqgfum.garatequran.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862921/; classtype:trojan-activity;sid:84726021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57/goodthingsformebetterforme.hta"; depth:34; endswith; nocase; http.host; content:"192.227.219.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862920/; classtype:trojan-activity;sid:84726020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57/img_180418.png"; depth:18; endswith; nocase; http.host; content:"192.227.219.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862919/; classtype:trojan-activity;sid:84726019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.158.20"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862918/; classtype:trojan-activity;sid:84726018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.176.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862917/; classtype:trojan-activity;sid:84726017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view.php|3f|.pdf"; depth:17; endswith; nocase; http.host; content:"1029304.loclx.io"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862916/; classtype:trojan-activity;sid:84726016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.59.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862915/; classtype:trojan-activity;sid:84726015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5677e4a6-24e5-4238-8bc7-6aa57fce17e9"; depth:37; endswith; nocase; http.host; content:"akhixcvw.masaelmohandesi.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862914/; classtype:trojan-activity;sid:84726014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/fonts/d.php|3f|f=katyusha2"; depth:34; endswith; nocase; http.host; content:"ibcosociety.com.sa"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862913/; classtype:trojan-activity;sid:84726013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.20.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862912/; classtype:trojan-activity;sid:84726012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4f027f16-2260-4970-8489-294891ab6a32"; depth:37; endswith; nocase; http.host; content:"qlvwxer.karafarini.shop"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862911/; classtype:trojan-activity;sid:84726011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.237.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862910/; classtype:trojan-activity;sid:84726010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/144.exe"; depth:8; endswith; nocase; http.host; content:"scaleyou.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862909/; classtype:trojan-activity;sid:84726009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"scaleyou.com.br"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862908/; classtype:trojan-activity;sid:84726008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862907/; classtype:trojan-activity;sid:84726007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.74.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862905/; classtype:trojan-activity;sid:84726005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.128.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862906/; classtype:trojan-activity;sid:84726006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7d86bf40-0f2f-4096-939e-9be2ef877dee"; depth:37; endswith; nocase; http.host; content:"ifvtbgbf.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862904/; classtype:trojan-activity;sid:84726004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0a4007bd-f3ce-43f0-8bcf-ae0a0c616f42"; depth:47; endswith; nocase; http.host; content:"ldmmsp6b.angizeshfarahani.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862903/; classtype:trojan-activity;sid:84726003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_37b904483beaa60e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862902/; classtype:trojan-activity;sid:84726002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/447b2901-eb9b-40a5-9332-89f3a42c5207"; depth:37; endswith; nocase; http.host; content:"dmwncnnnp.defamogadas.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862901/; classtype:trojan-activity;sid:84726001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.237.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862899/; classtype:trojan-activity;sid:84725999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.52.180.204"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862900/; classtype:trojan-activity;sid:84726000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3d331bf9-0f79-4181-bba2-5dc9b2aa8a6c"; depth:37; endswith; nocase; http.host; content:"bcwkesayq.defamogadas.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862898/; classtype:trojan-activity;sid:84725998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_84c11a4df62a17e9.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862897/; classtype:trojan-activity;sid:84725997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a5480e34-7790-4b3b-8e8f-0d9d9f315492"; depth:37; endswith; nocase; http.host; content:"lkrugvhg.maharatmodiran.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862896/; classtype:trojan-activity;sid:84725996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.23.139.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862894/; classtype:trojan-activity;sid:84725994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.74.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862895/; classtype:trojan-activity;sid:84725995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xdaqrkamfyzgowe.exe"; depth:20; endswith; nocase; http.host; content:"pub-56fcfc5f11f04341a91be50cb1de6a47.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862889/; classtype:trojan-activity;sid:84725989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.php|3f|file=app.apk"; depth:29; endswith; nocase; http.host; content:"www.littleprincesstours.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862890/; classtype:trojan-activity;sid:84725990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bebelo/jfttiwsmshalvieochkzbhn203.bin"; depth:38; endswith; nocase; http.host; content:"sydneyaffordablecremations.com.au"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862891/; classtype:trojan-activity;sid:84725991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d7e0|3f|download_token=56c6150a8910ce6e9060e38ac3662ba6cafba7e87b25de9db6b3594e30ea4c2b"; depth:88; endswith; nocase; http.host; content:"bedrive.ru"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862888/; classtype:trojan-activity;sid:84725988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkk.arm7"; depth:9; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862885/; classtype:trojan-activity;sid:84725985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/asusrt"; depth:10; endswith; nocase; http.host; content:"162.248.101.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862886/; classtype:trojan-activity;sid:84725986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mips64"; depth:10; endswith; nocase; http.host; content:"162.248.101.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862887/; classtype:trojan-activity;sid:84725987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862883/; classtype:trojan-activity;sid:84725983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862884/; classtype:trojan-activity;sid:84725984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c58a06d-5872-4c0e-a13f-999d366b463b"; depth:37; endswith; nocase; http.host; content:"fzrflqf.amoozeshagazade.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862882/; classtype:trojan-activity;sid:84725982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d649e220-94ad-4e3e-8d30-3141d510f59b"; depth:37; endswith; nocase; http.host; content:"rjwfiwgjr.defamogadas.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862881/; classtype:trojan-activity;sid:84725981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.8.55"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862880/; classtype:trojan-activity;sid:84725980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/script.sh"; depth:10; endswith; nocase; http.host; content:"aetherframework.digital"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862879/; classtype:trojan-activity;sid:84725979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.23.139.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862878/; classtype:trojan-activity;sid:84725978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=50171ea8-3e76-41af-b2e8-84c152e18979"; depth:47; endswith; nocase; http.host; content:"1cihg2b5.anodaz.vip"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862876/; classtype:trojan-activity;sid:84725976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5bd40d88-0c5e-478c-9753-3e877905a8e0"; depth:37; endswith; nocase; http.host; content:"mocauhxe.mabanishimi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862877/; classtype:trojan-activity;sid:84725977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.8.55"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862875/; classtype:trojan-activity;sid:84725975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13e33441-5d5f-40f0-a159-333cff5e21d3"; depth:37; endswith; nocase; http.host; content:"iznukhb.hesabdari2.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862874/; classtype:trojan-activity;sid:84725974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.96.28"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862873/; classtype:trojan-activity;sid:84725973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8fa6cda4-73a4-4f89-8dc5-01df568f4daf"; depth:47; endswith; nocase; http.host; content:"zo4t1q36.moarefeslami.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862872/; classtype:trojan-activity;sid:84725972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.90.192.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862871/; classtype:trojan-activity;sid:84725971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.143.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862870/; classtype:trojan-activity;sid:84725970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8c3bdf2f-2503-499f-a36e-311b3ac8b796"; depth:37; endswith; nocase; http.host; content:"chamcmlu.jamjahani.football"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862869/; classtype:trojan-activity;sid:84725969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.2.75"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862868/; classtype:trojan-activity;sid:84725968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.41.181"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862867/; classtype:trojan-activity;sid:84725967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/166436ad-0a7e-45c4-84a8-477b6dc8e43f"; depth:37; endswith; nocase; http.host; content:"bnxtprw.hesabdarieskandari.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862866/; classtype:trojan-activity;sid:84725966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.75"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862865/; classtype:trojan-activity;sid:84725965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dacad267-6321-4089-a5bf-2fa5ceabd0c0"; depth:47; endswith; nocase; http.host; content:"m2bu2yf9.ansuyemarg.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862864/; classtype:trojan-activity;sid:84725964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/535c6fa6-75b3-4d82-873c-eb6088e557d7"; depth:37; endswith; nocase; http.host; content:"kpeahfhd.rial.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862863/; classtype:trojan-activity;sid:84725963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.91.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862862/; classtype:trojan-activity;sid:84725962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/469f8c81-4398-4789-9070-e3c03bcc5684"; depth:37; endswith; nocase; http.host; content:"verccbf.hesabdarinoravesh.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862861/; classtype:trojan-activity;sid:84725961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.113.133"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862860/; classtype:trojan-activity;sid:84725960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0dfef398-6be9-4dc1-8231-f9e6a3f4000b"; depth:37; endswith; nocase; http.host; content:"bgdfvnukx.darsnamejame.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862859/; classtype:trojan-activity;sid:84725959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.243.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862858/; classtype:trojan-activity;sid:84725958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.248"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862857/; classtype:trojan-activity;sid:84725957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6abc696-cf5a-403a-a461-729e05294143"; depth:37; endswith; nocase; http.host; content:"wkgrduot.restaurantguideaarhus.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862856/; classtype:trojan-activity;sid:84725956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.138.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862855/; classtype:trojan-activity;sid:84725955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.113.133"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862854/; classtype:trojan-activity;sid:84725954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.203.202"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862853/; classtype:trojan-activity;sid:84725953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.i686"; depth:9; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862852/; classtype:trojan-activity;sid:84725952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/003331bb-e12e-4b7a-8004-44c2af6cab0c"; depth:37; endswith; nocase; http.host; content:"gpbvnrp.hesabdariosmani.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862851/; classtype:trojan-activity;sid:84725951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.m68k"; depth:9; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862848/; classtype:trojan-activity;sid:84725948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mipsel"; depth:11; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862849/; classtype:trojan-activity;sid:84725949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.sh4"; depth:8; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862850/; classtype:trojan-activity;sid:84725950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.sh4"; depth:8; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862846/; classtype:trojan-activity;sid:84725946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.m68k"; depth:9; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862847/; classtype:trojan-activity;sid:84725947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm5"; depth:9; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862844/; classtype:trojan-activity;sid:84725944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mips"; depth:9; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862845/; classtype:trojan-activity;sid:84725945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.ppc"; depth:8; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862838/; classtype:trojan-activity;sid:84725938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm6"; depth:9; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862839/; classtype:trojan-activity;sid:84725939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm7"; depth:9; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862840/; classtype:trojan-activity;sid:84725940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86"; depth:8; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862841/; classtype:trojan-activity;sid:84725941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.i686"; depth:9; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862842/; classtype:trojan-activity;sid:84725942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mips"; depth:9; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862843/; classtype:trojan-activity;sid:84725943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm"; depth:8; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862829/; classtype:trojan-activity;sid:84725929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cia.sh"; depth:7; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862830/; classtype:trojan-activity;sid:84725930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm7"; depth:9; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862831/; classtype:trojan-activity;sid:84725931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mipsel"; depth:11; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862832/; classtype:trojan-activity;sid:84725932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86_64"; depth:11; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862833/; classtype:trojan-activity;sid:84725933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86_64"; depth:11; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862834/; classtype:trojan-activity;sid:84725934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.ppc"; depth:8; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862835/; classtype:trojan-activity;sid:84725935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm6"; depth:9; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862836/; classtype:trojan-activity;sid:84725936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86"; depth:8; endswith; nocase; http.host; content:"vps36563.maxko-hosting.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862837/; classtype:trojan-activity;sid:84725937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cia.sh"; depth:7; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862826/; classtype:trojan-activity;sid:84725926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm5"; depth:9; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862827/; classtype:trojan-activity;sid:84725927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm"; depth:8; endswith; nocase; http.host; content:"150.40.127.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862828/; classtype:trojan-activity;sid:84725928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3a22839b-00c2-4e26-ab3f-045e79c2c068"; depth:47; endswith; nocase; http.host; content:"xnvdto36.ganuneasasi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862825/; classtype:trojan-activity;sid:84725925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.129.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862824/; classtype:trojan-activity;sid:84725924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.247.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862823/; classtype:trojan-activity;sid:84725923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0407c3be-3de0-448c-b909-1ceadc447ff0"; depth:37; endswith; nocase; http.host; content:"lwywtkki.winxbet.co"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862822/; classtype:trojan-activity;sid:84725922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.129.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862821/; classtype:trojan-activity;sid:84725921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.176.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862820/; classtype:trojan-activity;sid:84725920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/like/forreal/nigger.sh"; depth:23; endswith; nocase; http.host; content:"theordernetwork.qzz.io"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862819/; classtype:trojan-activity;sid:84725919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3363275c-1462-4777-b6de-7e5d86004b47"; depth:37; endswith; nocase; http.host; content:"ewnwfae.hesabdaripishrafte.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862818/; classtype:trojan-activity;sid:84725918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.77.90"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862817/; classtype:trojan-activity;sid:84725917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.155.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862816/; classtype:trojan-activity;sid:84725916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.221.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862815/; classtype:trojan-activity;sid:84725915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=27e72384-1c6b-4aa6-8f8d-987a10d56df3"; depth:47; endswith; nocase; http.host; content:"cxwqtlc8.asibshenasiyahya.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862814/; classtype:trojan-activity;sid:84725914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.153.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862813/; classtype:trojan-activity;sid:84725913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.85.111.175"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862812/; classtype:trojan-activity;sid:84725912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/015eb0df-75e4-405a-9338-1b85fe160be3"; depth:37; endswith; nocase; http.host; content:"viypaevf.wrfc8.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862811/; classtype:trojan-activity;sid:84725911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.39.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862810/; classtype:trojan-activity;sid:84725910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.79.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862809/; classtype:trojan-activity;sid:84725909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862808/; classtype:trojan-activity;sid:84725908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/996bbf24-aced-4517-a0e2-c14bd065c6aa"; depth:37; endswith; nocase; http.host; content:"iqduira.akhlagvaahkam.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862807/; classtype:trojan-activity;sid:84725907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.77.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862806/; classtype:trojan-activity;sid:84725906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f59e91c0-f1e8-4cdd-9489-648314625e8c"; depth:37; endswith; nocase; http.host; content:"mvwrgylee.danestanihavarzeshi.com"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862805/; classtype:trojan-activity;sid:84725905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e521201-3503-40a5-9b31-907edd9b1e02"; depth:37; endswith; nocase; http.host; content:"aolbzrji.red90.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862804/; classtype:trojan-activity;sid:84725904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.77.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862803/; classtype:trojan-activity;sid:84725903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e8072307-699d-479a-b4d8-199582ee7792"; depth:37; endswith; nocase; http.host; content:"sdlclrs.akhlageslami.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862802/; classtype:trojan-activity;sid:84725902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.79.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862801/; classtype:trojan-activity;sid:84725901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.249.189"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862800/; classtype:trojan-activity;sid:84725900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5fa27a5d-774d-439b-92c3-641123e86093"; depth:47; endswith; nocase; http.host; content:"8h9b5pgo.garatequran.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862799/; classtype:trojan-activity;sid:84725899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.167.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862798/; classtype:trojan-activity;sid:84725898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862797/; classtype:trojan-activity;sid:84725897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.80.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862796/; classtype:trojan-activity;sid:84725896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.225.1.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862795/; classtype:trojan-activity;sid:84725895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaafea33-00a7-4ed3-ad29-ddbe9349d2de"; depth:37; endswith; nocase; http.host; content:"xweepogg.jamjahani2026.football"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862794/; classtype:trojan-activity;sid:84725894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.42.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862793/; classtype:trojan-activity;sid:84725893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862792/; classtype:trojan-activity;sid:84725892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.238.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862791/; classtype:trojan-activity;sid:84725891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.80.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862790/; classtype:trojan-activity;sid:84725890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"69.178.5.220"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862789/; classtype:trojan-activity;sid:84725889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.133.65.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862788/; classtype:trojan-activity;sid:84725888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.85.162.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862786/; classtype:trojan-activity;sid:84725886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862787/; classtype:trojan-activity;sid:84725887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.238.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862785/; classtype:trojan-activity;sid:84725885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862784/; classtype:trojan-activity;sid:84725884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1aa243f2-53f4-42f8-b8bd-b4b7550c4e05"; depth:47; endswith; nocase; http.host; content:"rn0mptxh.anodaz.tv"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862783/; classtype:trojan-activity;sid:84725883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35b3877f-263c-47fa-b6bd-3b4a8b10eb4e"; depth:37; endswith; nocase; http.host; content:"yhtdzkc.akhlagheslami.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862782/; classtype:trojan-activity;sid:84725882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8d110c04-d09d-4ae2-8dac-e6d79e94a613"; depth:47; endswith; nocase; http.host; content:"v4qu8nnt.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862781/; classtype:trojan-activity;sid:84725881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7e53717-7e43-4a17-97ad-4f4682d0c1bd"; depth:37; endswith; nocase; http.host; content:"twvrjjcu.hugugtejarat4.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862780/; classtype:trojan-activity;sid:84725880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"69.178.5.220"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862779/; classtype:trojan-activity;sid:84725879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862778/; classtype:trojan-activity;sid:84725878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.102.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862777/; classtype:trojan-activity;sid:84725877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.133.65.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862776/; classtype:trojan-activity;sid:84725876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862775/; classtype:trojan-activity;sid:84725875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.31.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862774/; classtype:trojan-activity;sid:84725874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/881715592/opcteft.exe"; depth:28; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862772/; classtype:trojan-activity;sid:84725872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/39151b85-25d5-4ed9-a3b9-b3c3dd14dd7f"; depth:37; endswith; nocase; http.host; content:"sdkymow.amoozeshtagipour.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862773/; classtype:trojan-activity;sid:84725873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ce10fd15-5483-464e-b530-a4c07d7990d7"; depth:37; endswith; nocase; http.host; content:"gynclfjtx.daneshkhanevade.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862771/; classtype:trojan-activity;sid:84725871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8e9b327-badd-4c07-8566-8adfa7b10843"; depth:37; endswith; nocase; http.host; content:"zntknawd.hugugtatbigi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862770/; classtype:trojan-activity;sid:84725870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.255.239.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862769/; classtype:trojan-activity;sid:84725869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.255.239.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862768/; classtype:trojan-activity;sid:84725868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.116.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862767/; classtype:trojan-activity;sid:84725867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/xd.mpsl"; depth:17; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862766/; classtype:trojan-activity;sid:84725866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.195.218"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862765/; classtype:trojan-activity;sid:84725865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.102.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862764/; classtype:trojan-activity;sid:84725864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16414a28-5fc2-4d99-adab-a46560e53b89"; depth:37; endswith; nocase; http.host; content:"cxhsipt.honarrang.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862763/; classtype:trojan-activity;sid:84725863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b12c1a52-db18-49ab-8217-2701a19e0854"; depth:47; endswith; nocase; http.host; content:"181xlt4g.gavaedfagahe.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862762/; classtype:trojan-activity;sid:84725862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0d5838e-9bd3-4bf3-8e13-9428022b1453"; depth:37; endswith; nocase; http.host; content:"agiqsfnr.hugugnasiri.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862761/; classtype:trojan-activity;sid:84725861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.238.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862760/; classtype:trojan-activity;sid:84725860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.90.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862759/; classtype:trojan-activity;sid:84725859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10x06x2026_x32.exe"; depth:19; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862758/; classtype:trojan-activity;sid:84725858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.79.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862757/; classtype:trojan-activity;sid:84725857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10x06x2026_x64.exe"; depth:19; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862756/; classtype:trojan-activity;sid:84725856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sprd.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862755/; classtype:trojan-activity;sid:84725855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/902ef6d2-2fd0-45d0-9574-f8926262a7ac"; depth:37; endswith; nocase; http.host; content:"ttsnmsv.honareslami.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862754/; classtype:trojan-activity;sid:84725854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862753/; classtype:trojan-activity;sid:84725853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.90.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862752/; classtype:trojan-activity;sid:84725852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2fc13a1c-3120-41d7-8aaa-45c506a491cd"; depth:47; endswith; nocase; http.host; content:"jqfg2zyi.ehtemalatvaamar.xyz"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862751/; classtype:trojan-activity;sid:84725851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b28baf5d-a4b0-4084-a307-343ef10cbca8"; depth:37; endswith; nocase; http.host; content:"lkbctabw.hugugmadanikatouzian.xyz"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862750/; classtype:trojan-activity;sid:84725850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.27.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862749/; classtype:trojan-activity;sid:84725849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862748/; classtype:trojan-activity;sid:84725848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.11.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862747/; classtype:trojan-activity;sid:84725847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862746/; classtype:trojan-activity;sid:84725846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862745/; classtype:trojan-activity;sid:84725845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.202.65.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862744/; classtype:trojan-activity;sid:84725844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862743/; classtype:trojan-activity;sid:84725843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"142.93.165.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862742/; classtype:trojan-activity;sid:84725842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.11.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862741/; classtype:trojan-activity;sid:84725841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b615135a-ea97-47f1-8203-f663721185e9"; depth:37; endswith; nocase; http.host; content:"kfahpou.honardartarikh.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862740/; classtype:trojan-activity;sid:84725840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.27.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862739/; classtype:trojan-activity;sid:84725839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.151.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862738/; classtype:trojan-activity;sid:84725838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.x86"; depth:17; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862728/; classtype:trojan-activity;sid:84725828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.m68k"; depth:18; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862729/; classtype:trojan-activity;sid:84725829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.arm5"; depth:18; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862730/; classtype:trojan-activity;sid:84725830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.mips"; depth:18; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862731/; classtype:trojan-activity;sid:84725831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.arm"; depth:17; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862732/; classtype:trojan-activity;sid:84725832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/sex.sh"; depth:14; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862733/; classtype:trojan-activity;sid:84725833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.arm7"; depth:18; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862734/; classtype:trojan-activity;sid:84725834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.arm6"; depth:18; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862735/; classtype:trojan-activity;sid:84725835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.ppc"; depth:17; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862736/; classtype:trojan-activity;sid:84725836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.spc"; depth:17; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862737/; classtype:trojan-activity;sid:84725837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/o.xml"; depth:13; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862726/; classtype:trojan-activity;sid:84725826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.x86"; depth:17; endswith; nocase; http.host; content:"vs30445.par01fr.vsys.cloud"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862727/; classtype:trojan-activity;sid:84725827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.mpsl"; depth:18; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862724/; classtype:trojan-activity;sid:84725824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/kwari.sh4"; depth:17; endswith; nocase; http.host; content:"185.234.100.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862725/; classtype:trojan-activity;sid:84725825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binary/o.xml"; depth:13; endswith; nocase; http.host; content:"vs30445.par01fr.vsys.cloud"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862723/; classtype:trojan-activity;sid:84725823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b809f6b7-adb0-44ca-a518-97289a5dea36"; depth:37; endswith; nocase; http.host; content:"kuwwcojw.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862722/; classtype:trojan-activity;sid:84725822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.251.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862721/; classtype:trojan-activity;sid:84725821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.202.65.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862720/; classtype:trojan-activity;sid:84725820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/714306f1-8567-4361-b110-6eca0e6efd8e"; depth:37; endswith; nocase; http.host; content:"snvgupcvn.bookkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862719/; classtype:trojan-activity;sid:84725819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e2bbe70d-c19d-4a3d-b9be-cdda5eeecdc6"; depth:37; endswith; nocase; http.host; content:"mojzkvtc.hugugmadani6.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862718/; classtype:trojan-activity;sid:84725818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.122.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862717/; classtype:trojan-activity;sid:84725817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.151.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862716/; classtype:trojan-activity;sid:84725816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.76.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862715/; classtype:trojan-activity;sid:84725815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5fcb8512-5ed3-40a5-91f5-c28f0be4dfa6"; depth:37; endswith; nocase; http.host; content:"wswgllp.honarcinema.online"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862714/; classtype:trojan-activity;sid:84725814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.254.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862713/; classtype:trojan-activity;sid:84725813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6f727837-7f05-48aa-a335-d6563bde504e"; depth:47; endswith; nocase; http.host; content:"b57agvqn.azmoonhayeravani.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862712/; classtype:trojan-activity;sid:84725812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a906dc3d-f9d2-48cc-aeec-4f8307650081"; depth:37; endswith; nocase; http.host; content:"cwwviitu.hugugmadani3.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862711/; classtype:trojan-activity;sid:84725811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5e068018-bbfe-4f52-872f-cb4642a75c53"; depth:47; endswith; nocase; http.host; content:"w2hnzhub.fununetadris.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862710/; classtype:trojan-activity;sid:84725810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.76.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862708/; classtype:trojan-activity;sid:84725808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.122.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862709/; classtype:trojan-activity;sid:84725809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.227.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862707/; classtype:trojan-activity;sid:84725807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.216.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862706/; classtype:trojan-activity;sid:84725806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.136.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862705/; classtype:trojan-activity;sid:84725805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7eca67ba-695e-4cf4-af69-7a4e4f8e1d58"; depth:47; endswith; nocase; http.host; content:"8t4ow8gc.azmoonhayeravani.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862704/; classtype:trojan-activity;sid:84725804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.61.164"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862702/; classtype:trojan-activity;sid:84725802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.254.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862703/; classtype:trojan-activity;sid:84725803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35d22aeb-8409-4429-a5b9-afc42052e503"; depth:37; endswith; nocase; http.host; content:"vbpfixp.hesabdarishabahang.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862701/; classtype:trojan-activity;sid:84725801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.238.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862700/; classtype:trojan-activity;sid:84725800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.40.6"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862699/; classtype:trojan-activity;sid:84725799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bc5bf125-7ddd-4912-aae8-685cdf0e7dc9"; depth:47; endswith; nocase; http.host; content:"a6g6ikpn.geotechnictahuni.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862698/; classtype:trojan-activity;sid:84725798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f588b670-4412-4718-b70f-bb7921c5c0a8"; depth:37; endswith; nocase; http.host; content:"egtxaxxwy.bookkade.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862697/; classtype:trojan-activity;sid:84725797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.216.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862696/; classtype:trojan-activity;sid:84725796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/792a9478-64fd-496b-bffa-d67ac81c9fb2"; depth:37; endswith; nocase; http.host; content:"vbjnuyvt.hugugedari.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862695/; classtype:trojan-activity;sid:84725795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"91.108.240.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862693/; classtype:trojan-activity;sid:84725793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"91.108.240.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862694/; classtype:trojan-activity;sid:84725794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9baf1d78-abc2-439c-a680-07cc64ad5fd4"; depth:37; endswith; nocase; http.host; content:"uywdaxpat.bookdrive.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862692/; classtype:trojan-activity;sid:84725792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7d5c21d-6149-453b-b749-25f8e059240c"; depth:37; endswith; nocase; http.host; content:"mdsbgax.hesabdaripishrafte.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862691/; classtype:trojan-activity;sid:84725791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.46.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862690/; classtype:trojan-activity;sid:84725790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.136.137.73"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862689/; classtype:trojan-activity;sid:84725789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e2e6b3e3-bb6e-40f4-a31d-d32e6e43f8be"; depth:47; endswith; nocase; http.host; content:"uxl15txz.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862688/; classtype:trojan-activity;sid:84725788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d483fc8a-4b53-428e-a7e9-3ddcb0341f09"; depth:47; endswith; nocase; http.host; content:"dk2acd53.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862687/; classtype:trojan-activity;sid:84725787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.93.136.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862686/; classtype:trojan-activity;sid:84725786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.86.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862685/; classtype:trojan-activity;sid:84725785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4af104d3-58c3-4cc2-a01e-4310d4ee6869"; depth:37; endswith; nocase; http.host; content:"pejfezjq.hugugdaryayi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862684/; classtype:trojan-activity;sid:84725784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2c9ff681-8c0f-44fb-a86b-f6e583413d68"; depth:37; endswith; nocase; http.host; content:"ktwyzyj.hesabdaripishrafte.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862683/; classtype:trojan-activity;sid:84725783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4c5babf8-b7d0-4a64-81c7-0b92a4378414"; depth:47; endswith; nocase; http.host; content:"pbmbrhid.gavaedfagahe.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862682/; classtype:trojan-activity;sid:84725782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.84.52"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862681/; classtype:trojan-activity;sid:84725781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12fb1381-cee6-4a47-8f6e-3d30b1ec1260"; depth:37; endswith; nocase; http.host; content:"ivyyokmi.hugugdaryayi.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862680/; classtype:trojan-activity;sid:84725780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.176.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862678/; classtype:trojan-activity;sid:84725778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862679/; classtype:trojan-activity;sid:84725779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.188.115"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862677/; classtype:trojan-activity;sid:84725777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.86.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862676/; classtype:trojan-activity;sid:84725776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.9.35.137"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862675/; classtype:trojan-activity;sid:84725775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4388ea9d-77bf-4de1-9c8d-10b910f34e3e"; depth:47; endswith; nocase; http.host; content:"7m9gr5qr.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862674/; classtype:trojan-activity;sid:84725774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.227.251.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862673/; classtype:trojan-activity;sid:84725773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66b4e0fe-d4e8-4826-aa15-604a6b07ba49"; depth:37; endswith; nocase; http.host; content:"mirqics.hesabdariosmani.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862672/; classtype:trojan-activity;sid:84725772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.238.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862671/; classtype:trojan-activity;sid:84725771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.74.178"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862670/; classtype:trojan-activity;sid:84725770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f270248-9894-4efa-9d6d-2be90ef09192"; depth:37; endswith; nocase; http.host; content:"herxydns.hugugbime.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862669/; classtype:trojan-activity;sid:84725769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.178"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862668/; classtype:trojan-activity;sid:84725768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.101.188.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862667/; classtype:trojan-activity;sid:84725767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d6d47cb9-5c0f-494a-8f81-e6ef03496bed"; depth:47; endswith; nocase; http.host; content:"5wtpqrho.azmoondadrasi.xyz"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862666/; classtype:trojan-activity;sid:84725766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.40.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862664/; classtype:trojan-activity;sid:84725764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862665/; classtype:trojan-activity;sid:84725765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.85.162.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862663/; classtype:trojan-activity;sid:84725763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.238.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862662/; classtype:trojan-activity;sid:84725762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.243.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862661/; classtype:trojan-activity;sid:84725761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3b7354c-6fbb-4ba3-871b-1d51491105ab"; depth:37; endswith; nocase; http.host; content:"kmjlrhh.hesabdarinoravesh.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862660/; classtype:trojan-activity;sid:84725760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/stego.png"; depth:14; endswith; nocase; http.host; content:"corwineagles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862659/; classtype:trojan-activity;sid:84725759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b97da09e-0c17-4b63-b41d-bb4bb4c9ed19"; depth:37; endswith; nocase; http.host; content:"vkuyoujz.hugugbeynolmelal.xyz"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862658/; classtype:trojan-activity;sid:84725758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4a152bc9-6099-45e2-a809-e6ebc408d61c"; depth:47; endswith; nocase; http.host; content:"mf1klp19.gavaedfagahe.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862657/; classtype:trojan-activity;sid:84725757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4140e2f-666c-46dc-8089-9309c3b46a12"; depth:37; endswith; nocase; http.host; content:"qxuedtbmu.bookdrive.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862656/; classtype:trojan-activity;sid:84725756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862655/; classtype:trojan-activity;sid:84725755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.182.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862654/; classtype:trojan-activity;sid:84725754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcd"; depth:4; endswith; nocase; http.host; content:"47.239.166.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862653/; classtype:trojan-activity;sid:84725753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dcd"; depth:4; endswith; nocase; http.host; content:"47.239.166.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862652/; classtype:trojan-activity;sid:84725752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/solur.fla"; depth:10; endswith; nocase; http.host; content:"pub-1ba883191dcb4a4baebb449fba68a356.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862651/; classtype:trojan-activity;sid:84725751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/244a0d94-fcf9-4d68-8aac-1cd337a2a33c"; depth:37; endswith; nocase; http.host; content:"ajwrgnf.hesabdarieskandari.xyz"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862650/; classtype:trojan-activity;sid:84725750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/french/client.exe"; depth:18; endswith; nocase; http.host; content:"cstaipas.pt"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862649/; classtype:trojan-activity;sid:84725749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/client.exe"; depth:14; endswith; nocase; http.host; content:"bunnellmc.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862648/; classtype:trojan-activity;sid:84725748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.180.244.221"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862647/; classtype:trojan-activity;sid:84725747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oheuqq.png"; depth:11; endswith; nocase; http.host; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862646/; classtype:trojan-activity;sid:84725746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naza/stub.ps1"; depth:14; endswith; nocase; http.host; content:"remolcares.us"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862645/; classtype:trojan-activity;sid:84725745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.101.188.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862644/; classtype:trojan-activity;sid:84725744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862643/; classtype:trojan-activity;sid:84725743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/rumpdj.png"; depth:16; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862642/; classtype:trojan-activity;sid:84725742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ken.png"; depth:8; endswith; nocase; http.host; content:"pub-ce02802067934e0eb072f69bf6427bf6.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862641/; classtype:trojan-activity;sid:84725741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flomotg4.zip"; depth:13; endswith; nocase; http.host; content:"devltl.top"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862640/; classtype:trojan-activity;sid:84725740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=apk"; depth:17; endswith; nocase; http.host; content:"tt-mods18.click"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862639/; classtype:trojan-activity;sid:84725739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kk/novaciubpl.dat"; depth:18; endswith; nocase; http.host; content:"153.80.240.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862638/; classtype:trojan-activity;sid:84725738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/city101/nova_logs_3.dat"; depth:24; endswith; nocase; http.host; content:"194.87.71.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862637/; classtype:trojan-activity;sid:84725737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snk02.png"; depth:10; endswith; nocase; http.host; content:"pub-45a83f302a1943ed8d62418c2af947ef.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862636/; classtype:trojan-activity;sid:84725736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgkcx"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862635/; classtype:trojan-activity;sid:84725735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/wp-debug/stub2.ps1"; depth:36; endswith; nocase; http.host; content:"trade-eprex.pro"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862634/; classtype:trojan-activity;sid:84725734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/wp-debug/stub1.ps1"; depth:36; endswith; nocase; http.host; content:"trade-eprex.pro"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862633/; classtype:trojan-activity;sid:84725733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_112444.png"; depth:15; endswith; nocase; http.host; content:"seesaw.rf.gd"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862632/; classtype:trojan-activity;sid:84725732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/wp-debug/aojstub.ps1"; depth:38; endswith; nocase; http.host; content:"trade-eprex.pro"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862631/; classtype:trojan-activity;sid:84725731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/096ddeaa-f7d4-4ba4-8170-c5bb1ba64063"; depth:37; endswith; nocase; http.host; content:"sdgbisna.jamjahani2026.football"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862630/; classtype:trojan-activity;sid:84725730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22858648-41f9-46a9-bb37-ab48c656c976"; depth:37; endswith; nocase; http.host; content:"xtsfgslg.jamjahani2026.football"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862629/; classtype:trojan-activity;sid:84725729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/222c359b-61e3-4b4d-bc64-4d6903eeea7b"; depth:37; endswith; nocase; http.host; content:"yitqjyww.hugu2gt2ejarat.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862628/; classtype:trojan-activity;sid:84725728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.112.250"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862627/; classtype:trojan-activity;sid:84725727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.120.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862626/; classtype:trojan-activity;sid:84725726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.67.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862625/; classtype:trojan-activity;sid:84725725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.55.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862624/; classtype:trojan-activity;sid:84725724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed9c124f-23f4-42e1-aa84-84a7b407b84c"; depth:37; endswith; nocase; http.host; content:"whtfwec.hesabdari3.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862623/; classtype:trojan-activity;sid:84725723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.55.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862622/; classtype:trojan-activity;sid:84725722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.7.55"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862621/; classtype:trojan-activity;sid:84725721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fe9a4f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862617/; classtype:trojan-activity;sid:84725717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c4b5c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862618/; classtype:trojan-activity;sid:84725718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dca252"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862619/; classtype:trojan-activity;sid:84725719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b708f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862620/; classtype:trojan-activity;sid:84725720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b62386"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862608/; classtype:trojan-activity;sid:84725708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/affe19"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862609/; classtype:trojan-activity;sid:84725709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fad9fe"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862610/; classtype:trojan-activity;sid:84725710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b82773"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862611/; classtype:trojan-activity;sid:84725711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b199fb"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862612/; classtype:trojan-activity;sid:84725712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c4bcf4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862613/; classtype:trojan-activity;sid:84725713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29ede0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862614/; classtype:trojan-activity;sid:84725714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862615/; classtype:trojan-activity;sid:84725715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862616/; classtype:trojan-activity;sid:84725716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862605/; classtype:trojan-activity;sid:84725705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pib"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862606/; classtype:trojan-activity;sid:84725706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9vpv"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862607/; classtype:trojan-activity;sid:84725707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862602/; classtype:trojan-activity;sid:84725702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.75.175"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862603/; classtype:trojan-activity;sid:84725703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.243.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862604/; classtype:trojan-activity;sid:84725704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862596/; classtype:trojan-activity;sid:84725696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/734704"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862597/; classtype:trojan-activity;sid:84725697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b7860"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862598/; classtype:trojan-activity;sid:84725698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/572dac"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862599/; classtype:trojan-activity;sid:84725699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/426ece"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862600/; classtype:trojan-activity;sid:84725700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0e01a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862601/; classtype:trojan-activity;sid:84725701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862590/; classtype:trojan-activity;sid:84725690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862591/; classtype:trojan-activity;sid:84725691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67dbbc"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862592/; classtype:trojan-activity;sid:84725692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d92127"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862593/; classtype:trojan-activity;sid:84725693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8d2950"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862594/; classtype:trojan-activity;sid:84725694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4116e6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862595/; classtype:trojan-activity;sid:84725695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm4"; depth:15; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862587/; classtype:trojan-activity;sid:84725687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862588/; classtype:trojan-activity;sid:84725688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f6876"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862589/; classtype:trojan-activity;sid:84725689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/f/refs/heads/main/cmkdrch.txt"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862586/; classtype:trojan-activity;sid:84725686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/teami/refs/heads/main/bkninff.txt"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862585/; classtype:trojan-activity;sid:84725685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9baff3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862583/; classtype:trojan-activity;sid:84725683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bw9y"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862584/; classtype:trojan-activity;sid:84725684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltoi"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862580/; classtype:trojan-activity;sid:84725680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/ty/refs/heads/main/ol.txt"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862581/; classtype:trojan-activity;sid:84725681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08436b03-ffb3-4df3-b54f-3d97111bb6af"; depth:37; endswith; nocase; http.host; content:"xffoobdu.jamjahani2026.football"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862582/; classtype:trojan-activity;sid:84725682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8lnw"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862561/; classtype:trojan-activity;sid:84725661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wwgh"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862562/; classtype:trojan-activity;sid:84725662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/myv"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862563/; classtype:trojan-activity;sid:84725663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862564/; classtype:trojan-activity;sid:84725664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862565/; classtype:trojan-activity;sid:84725665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862566/; classtype:trojan-activity;sid:84725666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862567/; classtype:trojan-activity;sid:84725667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/404c5e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862568/; classtype:trojan-activity;sid:84725668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e354df"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862569/; classtype:trojan-activity;sid:84725669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ad9f8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862570/; classtype:trojan-activity;sid:84725670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38b94a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862571/; classtype:trojan-activity;sid:84725671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80df92"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862572/; classtype:trojan-activity;sid:84725672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/817811"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862573/; classtype:trojan-activity;sid:84725673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29f3ca"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862574/; classtype:trojan-activity;sid:84725674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f50bcd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862575/; classtype:trojan-activity;sid:84725675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5c05da"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862576/; classtype:trojan-activity;sid:84725676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b69c6f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862577/; classtype:trojan-activity;sid:84725677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0146bf"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862578/; classtype:trojan-activity;sid:84725678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9lqt"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862579/; classtype:trojan-activity;sid:84725679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/y/refs/heads/main/adnkhbn.txt"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862558/; classtype:trojan-activity;sid:84725658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/gy/refs/heads/main/eeijogb.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862559/; classtype:trojan-activity;sid:84725659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/ti/refs/heads/main/fadodnk.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862560/; classtype:trojan-activity;sid:84725660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/low"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862552/; classtype:trojan-activity;sid:84725652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4651f3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862553/; classtype:trojan-activity;sid:84725653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baaba3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862554/; classtype:trojan-activity;sid:84725654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db9316"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862555/; classtype:trojan-activity;sid:84725655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862556/; classtype:trojan-activity;sid:84725656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7c6d8627-2492-418e-8e5c-94c3a2a12aee"; depth:47; endswith; nocase; http.host; content:"2nyrkdw3.ayinzendegi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862557/; classtype:trojan-activity;sid:84725657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"5.175.249.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862551/; classtype:trojan-activity;sid:84725651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/c/refs/heads/main/fbcmird.txt"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862550/; classtype:trojan-activity;sid:84725650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/game/refs/heads/main/fdcfpbp.txt"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862548/; classtype:trojan-activity;sid:84725648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/tv/refs/heads/main/ga.txt"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862549/; classtype:trojan-activity;sid:84725649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/m/refs/heads/main/games.txt"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862547/; classtype:trojan-activity;sid:84725647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d316e5b8-ad51-4816-99dc-cb5ba7d2e104"; depth:37; endswith; nocase; http.host; content:"hvqxbpp.hesabdari2.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862546/; classtype:trojan-activity;sid:84725646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1z_o0dybe-elct5xejbcobf38axt8xlwt"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862545/; classtype:trojan-activity;sid:84725645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.42.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862544/; classtype:trojan-activity;sid:84725644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dijoff/ofcdijj.txt"; depth:19; endswith; nocase; http.host; content:"globaltechnosoft.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862543/; classtype:trojan-activity;sid:84725643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.7.55"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862542/; classtype:trojan-activity;sid:84725642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.124.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862541/; classtype:trojan-activity;sid:84725641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/kk/refs/heads/main/w1.txt"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862540/; classtype:trojan-activity;sid:84725640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.91.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862539/; classtype:trojan-activity;sid:84725639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=88b17f80-07f9-4e60-8518-b53f2319ba4f"; depth:47; endswith; nocase; http.host; content:"mwo3lg6u.garatequran.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862538/; classtype:trojan-activity;sid:84725638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.75.175"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862537/; classtype:trojan-activity;sid:84725637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62cdcc81-5732-41a6-bd68-1e42332daf9a"; depth:37; endswith; nocase; http.host; content:"uulyqc.barnamenevisi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862536/; classtype:trojan-activity;sid:84725636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862535/; classtype:trojan-activity;sid:84725635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862533/; classtype:trojan-activity;sid:84725633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862534/; classtype:trojan-activity;sid:84725634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/651b22ff-3253-4f9a-a079-e11dc2e6bb8f"; depth:37; endswith; nocase; http.host; content:"xomvdxaa.red90.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862532/; classtype:trojan-activity;sid:84725632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.79.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862531/; classtype:trojan-activity;sid:84725631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.124.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862530/; classtype:trojan-activity;sid:84725630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/mscomctl.ocx"; depth:19; endswith; nocase; http.host; content:"208.85.20.124"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862529/; classtype:trojan-activity;sid:84725629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parts/it-job-interview-preparation-guide.pdf.lnk"; depth:49; endswith; nocase; http.host; content:"103.101.85.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862523/; classtype:trojan-activity;sid:84725623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862524/; classtype:trojan-activity;sid:84725624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part/setup.pdf"; depth:15; endswith; nocase; http.host; content:"103.101.85.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862525/; classtype:trojan-activity;sid:84725625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part/setup.pdf"; depth:15; endswith; nocase; http.host; content:"103.101.85.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862526/; classtype:trojan-activity;sid:84725626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/visor%2bpdf.exe"; depth:21; endswith; nocase; http.host; content:"151.241.154.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862527/; classtype:trojan-activity;sid:84725627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/part/setup.pdf"; depth:15; endswith; nocase; http.host; content:"slotmy-send.tech"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862528/; classtype:trojan-activity;sid:84725628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parts/it-job-interview-preparation-guide.pdf.lnk"; depth:49; endswith; nocase; http.host; content:"103.101.85.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862520/; classtype:trojan-activity;sid:84725620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloud/screenshot_2026_01_06.lnk"; depth:32; endswith; nocase; http.host; content:"208.85.20.124"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862521/; classtype:trojan-activity;sid:84725621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/parts/it-job-interview-preparation-guide.pdf.lnk"; depth:49; endswith; nocase; http.host; content:"slotmy-send.tech"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862522/; classtype:trojan-activity;sid:84725622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.mips"; depth:10; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862518/; classtype:trojan-activity;sid:84725618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862519/; classtype:trojan-activity;sid:84725619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862492/; classtype:trojan-activity;sid:84725592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862493/; classtype:trojan-activity;sid:84725593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862494/; classtype:trojan-activity;sid:84725594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862495/; classtype:trojan-activity;sid:84725595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarn"; depth:5; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862496/; classtype:trojan-activity;sid:84725596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862497/; classtype:trojan-activity;sid:84725597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862498/; classtype:trojan-activity;sid:84725598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862499/; classtype:trojan-activity;sid:84725599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862500/; classtype:trojan-activity;sid:84725600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862501/; classtype:trojan-activity;sid:84725601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862502/; classtype:trojan-activity;sid:84725602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862503/; classtype:trojan-activity;sid:84725603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862504/; classtype:trojan-activity;sid:84725604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin"; depth:4; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862505/; classtype:trojan-activity;sid:84725605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862506/; classtype:trojan-activity;sid:84725606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sora.mips"; depth:10; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862507/; classtype:trojan-activity;sid:84725607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862508/; classtype:trojan-activity;sid:84725608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862509/; classtype:trojan-activity;sid:84725609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pay"; depth:4; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862510/; classtype:trojan-activity;sid:84725610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862511/; classtype:trojan-activity;sid:84725611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862512/; classtype:trojan-activity;sid:84725612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"82.38.63.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862513/; classtype:trojan-activity;sid:84725613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862514/; classtype:trojan-activity;sid:84725614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862515/; classtype:trojan-activity;sid:84725615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862516/; classtype:trojan-activity;sid:84725616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"paperfoldercenter.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862517/; classtype:trojan-activity;sid:84725617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pspc"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862491/; classtype:trojan-activity;sid:84725591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862481/; classtype:trojan-activity;sid:84725581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pm68k"; depth:11; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862482/; classtype:trojan-activity;sid:84725582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862483/; classtype:trojan-activity;sid:84725583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pppc"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862484/; classtype:trojan-activity;sid:84725584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862485/; classtype:trojan-activity;sid:84725585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862486/; classtype:trojan-activity;sid:84725586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/psh4"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862487/; classtype:trojan-activity;sid:84725587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862488/; classtype:trojan-activity;sid:84725588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862489/; classtype:trojan-activity;sid:84725589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862490/; classtype:trojan-activity;sid:84725590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"betvole9038.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862480/; classtype:trojan-activity;sid:84725580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.x86"; depth:13; endswith; nocase; http.host; content:"betvole9038.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862479/; classtype:trojan-activity;sid:84725579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.arm7"; depth:14; endswith; nocase; http.host; content:"betvole9038.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862478/; classtype:trojan-activity;sid:84725578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862471/; classtype:trojan-activity;sid:84725571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862472/; classtype:trojan-activity;sid:84725572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.aarch64"; depth:17; endswith; nocase; http.host; content:"betvole9038.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862473/; classtype:trojan-activity;sid:84725573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.aarch64"; depth:17; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862474/; classtype:trojan-activity;sid:84725574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.x86"; depth:13; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862475/; classtype:trojan-activity;sid:84725575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.mips"; depth:14; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862476/; classtype:trojan-activity;sid:84725576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.mips"; depth:14; endswith; nocase; http.host; content:"betvole9038.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862477/; classtype:trojan-activity;sid:84725577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.mpsl"; depth:14; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862468/; classtype:trojan-activity;sid:84725568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"betvole9038.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862469/; classtype:trojan-activity;sid:84725569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.arm7"; depth:14; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862470/; classtype:trojan-activity;sid:84725570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.95"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862467/; classtype:trojan-activity;sid:84725567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.mpsl"; depth:14; endswith; nocase; http.host; content:"betvole9038.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862466/; classtype:trojan-activity;sid:84725566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9bc5ca83-bf87-408c-a882-1699a5fe2c44"; depth:37; endswith; nocase; http.host; content:"ovzweeh.amoozeshagazade.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862465/; classtype:trojan-activity;sid:84725565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.19.220.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862464/; classtype:trojan-activity;sid:84725564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862462/; classtype:trojan-activity;sid:84725562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862463/; classtype:trojan-activity;sid:84725563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862449/; classtype:trojan-activity;sid:84725549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862450/; classtype:trojan-activity;sid:84725550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862451/; classtype:trojan-activity;sid:84725551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862452/; classtype:trojan-activity;sid:84725552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862453/; classtype:trojan-activity;sid:84725553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862454/; classtype:trojan-activity;sid:84725554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862455/; classtype:trojan-activity;sid:84725555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862456/; classtype:trojan-activity;sid:84725556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862457/; classtype:trojan-activity;sid:84725557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862458/; classtype:trojan-activity;sid:84725558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862459/; classtype:trojan-activity;sid:84725559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862460/; classtype:trojan-activity;sid:84725560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"5.175.217.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862461/; classtype:trojan-activity;sid:84725561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862442/; classtype:trojan-activity;sid:84725542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862443/; classtype:trojan-activity;sid:84725543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862444/; classtype:trojan-activity;sid:84725544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manual.sh"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862445/; classtype:trojan-activity;sid:84725545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862446/; classtype:trojan-activity;sid:84725546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862447/; classtype:trojan-activity;sid:84725547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862448/; classtype:trojan-activity;sid:84725548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862438/; classtype:trojan-activity;sid:84725538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862439/; classtype:trojan-activity;sid:84725539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862440/; classtype:trojan-activity;sid:84725540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"83.142.209.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862441/; classtype:trojan-activity;sid:84725541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.m68k"; depth:13; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862437/; classtype:trojan-activity;sid:84725537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862436/; classtype:trojan-activity;sid:84725536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.spc"; depth:12; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862428/; classtype:trojan-activity;sid:84725528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.ppc"; depth:12; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862429/; classtype:trojan-activity;sid:84725529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.x86"; depth:12; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862430/; classtype:trojan-activity;sid:84725530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.arm"; depth:12; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862431/; classtype:trojan-activity;sid:84725531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.mpsl"; depth:13; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862432/; classtype:trojan-activity;sid:84725532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.arm7"; depth:13; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862433/; classtype:trojan-activity;sid:84725533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.mips"; depth:13; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862434/; classtype:trojan-activity;sid:84725534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miraint.sh4"; depth:12; endswith; nocase; http.host; content:"104.143.206.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862435/; classtype:trojan-activity;sid:84725535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862427/; classtype:trojan-activity;sid:84725527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.91.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862426/; classtype:trojan-activity;sid:84725526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.97.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862425/; classtype:trojan-activity;sid:84725525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.72.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862424/; classtype:trojan-activity;sid:84725524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b10cd247-3542-4d49-a4fc-bb82266acdb7"; depth:37; endswith; nocase; http.host; content:"oejoixm.amlakshahri.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862423/; classtype:trojan-activity;sid:84725523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.111.83"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862422/; classtype:trojan-activity;sid:84725522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.168.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862421/; classtype:trojan-activity;sid:84725521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.46.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862420/; classtype:trojan-activity;sid:84725520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.180.244.221"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862419/; classtype:trojan-activity;sid:84725519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.137.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862418/; classtype:trojan-activity;sid:84725518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c22a2419-2180-4923-8e82-56dfc958ace6"; depth:37; endswith; nocase; http.host; content:"iamcklbz.wrfc8.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862417/; classtype:trojan-activity;sid:84725517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5891a50d-b63d-489d-bc73-f267441530da"; depth:47; endswith; nocase; http.host; content:"rattc2jn.asibshenasiyahya.shop"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862416/; classtype:trojan-activity;sid:84725516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.10.133.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862415/; classtype:trojan-activity;sid:84725515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.107.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862414/; classtype:trojan-activity;sid:84725514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f3ac497b-3054-475d-bd3d-13be3a36c397"; depth:37; endswith; nocase; http.host; content:"lzwtxwrr.winxbet.co"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862413/; classtype:trojan-activity;sid:84725513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00789edf-5d65-4b90-b895-ea40e0c166a9"; depth:37; endswith; nocase; http.host; content:"zhfxkf.bankefile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862412/; classtype:trojan-activity;sid:84725512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.133.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862411/; classtype:trojan-activity;sid:84725511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dd2e02e8-a6db-4728-bd85-793004fdf72e"; depth:47; endswith; nocase; http.host; content:"m47hkbcd.ganuneasasi.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862410/; classtype:trojan-activity;sid:84725510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=cbdf8e24-4d55-469a-a591-39a41b123482"; depth:47; endswith; nocase; http.host; content:"sk4a8369.anodaz.store"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862409/; classtype:trojan-activity;sid:84725509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862408/; classtype:trojan-activity;sid:84725508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.60.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862407/; classtype:trojan-activity;sid:84725507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.10.133.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862406/; classtype:trojan-activity;sid:84725506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.74.248"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862405/; classtype:trojan-activity;sid:84725505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.60.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862404/; classtype:trojan-activity;sid:84725504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.3.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862403/; classtype:trojan-activity;sid:84725503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=422d788c-5d29-40c6-bf26-d0ff8fc4f52d"; depth:47; endswith; nocase; http.host; content:"veb0im5p.ansuyemarg.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862402/; classtype:trojan-activity;sid:84725502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.3.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862401/; classtype:trojan-activity;sid:84725501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a983f1c-37e7-4ad1-aa8a-d70c965c97d0"; depth:37; endswith; nocase; http.host; content:"qmnldei.akhlagheslami.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862400/; classtype:trojan-activity;sid:84725500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_rdmeoy.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862399/; classtype:trojan-activity;sid:84725499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eba59a2f-961b-46d5-90b4-732768098de7"; depth:37; endswith; nocase; http.host; content:"dguldnys.restaurantguideaarhus.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862398/; classtype:trojan-activity;sid:84725498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862397/; classtype:trojan-activity;sid:84725497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.72.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862396/; classtype:trojan-activity;sid:84725496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/babyfacexload.png"; depth:18; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862395/; classtype:trojan-activity;sid:84725495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yufile.png"; depth:11; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862394/; classtype:trojan-activity;sid:84725494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msiljune.png"; depth:23; endswith; nocase; http.host; content:"www.basefile.click"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862393/; classtype:trojan-activity;sid:84725493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//common/caches/edu.png"; depth:23; endswith; nocase; http.host; content:"kpmmg.org"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862392/; classtype:trojan-activity;sid:84725492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.72.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862391/; classtype:trojan-activity;sid:84725491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.196.190"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862390/; classtype:trojan-activity;sid:84725490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.138.255"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862389/; classtype:trojan-activity;sid:84725489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70beae92-77ab-4f02-9ba3-0fb960a454b4"; depth:37; endswith; nocase; http.host; content:"ykjqdm.bankefile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862388/; classtype:trojan-activity;sid:84725488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0eb66ccc-0b73-4497-9735-1e0291733343"; depth:47; endswith; nocase; http.host; content:"rqwkms23.anodaz.store"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862387/; classtype:trojan-activity;sid:84725487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.140.0"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862386/; classtype:trojan-activity;sid:84725486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.182.226.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862385/; classtype:trojan-activity;sid:84725485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxx.exe"; depth:8; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862384/; classtype:trojan-activity;sid:84725484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9cd38751-cfc3-49c5-acbd-5f8214fcc2dc"; depth:37; endswith; nocase; http.host; content:"vzyeissn.rial.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862383/; classtype:trojan-activity;sid:84725483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.191.201"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862382/; classtype:trojan-activity;sid:84725482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9e7ee33a-24c1-4343-a8a3-7081b413cb2a"; depth:37; endswith; nocase; http.host; content:"sjowpfe.akhlageslami.xyz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862381/; classtype:trojan-activity;sid:84725481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.99.183.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862380/; classtype:trojan-activity;sid:84725480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.152.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862379/; classtype:trojan-activity;sid:84725479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0c89567-a44e-483e-a019-2bf07dbd4511"; depth:37; endswith; nocase; http.host; content:"ouqzmwvg.jamjahani.football"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862378/; classtype:trojan-activity;sid:84725478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.140.0"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862377/; classtype:trojan-activity;sid:84725477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.238.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862376/; classtype:trojan-activity;sid:84725476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.77.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862375/; classtype:trojan-activity;sid:84725475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.99.183.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862374/; classtype:trojan-activity;sid:84725474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.182.226.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862373/; classtype:trojan-activity;sid:84725473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=602784c0-dcaa-49fd-8922-d54858c7ea10"; depth:47; endswith; nocase; http.host; content:"azj9wm5k.fununetadris.shop"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862372/; classtype:trojan-activity;sid:84725472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0d8fe01-aef2-4f6d-b392-852ed6d3eb68"; depth:37; endswith; nocase; http.host; content:"llonnk.bankefile.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862371/; classtype:trojan-activity;sid:84725471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.191.201"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862370/; classtype:trojan-activity;sid:84725470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.230.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862369/; classtype:trojan-activity;sid:84725469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.152.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862368/; classtype:trojan-activity;sid:84725468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.138.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862367/; classtype:trojan-activity;sid:84725467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1ffca209-7e8d-42dc-ad26-034e720d2cc4"; depth:47; endswith; nocase; http.host; content:"gng97m36.angizeshfarahani.store"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862366/; classtype:trojan-activity;sid:84725466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eab7ce51-a214-4476-a255-93d714b542a9"; depth:37; endswith; nocase; http.host; content:"lzkgofe.akhlagvaahkam.xyz"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862365/; classtype:trojan-activity;sid:84725465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d7e0|3f|download_token=8fd14012ea855aa9faf80c8eb1af722badb53202b93e2f60115069ac45612e91"; depth:88; endswith; nocase; http.host; content:"bedrive.ru"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862364/; classtype:trojan-activity;sid:84725464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.9.35.137"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862363/; classtype:trojan-activity;sid:84725463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmgqynobzwpgityvchgpflviegq39.bin"; depth:34; endswith; nocase; http.host; content:"192.3.136.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862361/; classtype:trojan-activity;sid:84725461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arres.qxd"; depth:10; endswith; nocase; http.host; content:"192.3.136.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862362/; classtype:trojan-activity;sid:84725462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.hta"; depth:6; endswith; nocase; http.host; content:"friendly-trifle-f3e6f0.netlify.app"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862360/; classtype:trojan-activity;sid:84725460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.254.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862359/; classtype:trojan-activity;sid:84725459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.232.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862358/; classtype:trojan-activity;sid:84725458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.149.40.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862357/; classtype:trojan-activity;sid:84725457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/49adf6ae-a534-4549-bde2-926adadbe2e2"; depth:37; endswith; nocase; http.host; content:"xqbzvgfy.red90.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862356/; classtype:trojan-activity;sid:84725456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.196.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862355/; classtype:trojan-activity;sid:84725455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.118.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862354/; classtype:trojan-activity;sid:84725454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.196.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862353/; classtype:trojan-activity;sid:84725453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/059aa6ee-63dc-4255-a31f-2411cf06e87d"; depth:37; endswith; nocase; http.host; content:"yovejfu.amlakshahri.xyz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862352/; classtype:trojan-activity;sid:84725452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.248.111"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862351/; classtype:trojan-activity;sid:84725451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.254.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862350/; classtype:trojan-activity;sid:84725450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.55.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862349/; classtype:trojan-activity;sid:84725449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.55.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862348/; classtype:trojan-activity;sid:84725448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.248.111"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862347/; classtype:trojan-activity;sid:84725447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.137.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862346/; classtype:trojan-activity;sid:84725446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.169.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862345/; classtype:trojan-activity;sid:84725445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94bcbf70-07df-476e-b9a9-519732a2b8b4"; depth:37; endswith; nocase; http.host; content:"krezxpiv.jamjahani2026.football"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862344/; classtype:trojan-activity;sid:84725444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-blkcg"; depth:20; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862342/; classtype:trojan-activity;sid:84725442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"2026ruproishestviyi.vercel.app"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862343/; classtype:trojan-activity;sid:84725443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d7e0|3f|download_token=39b398d20f8fb10382d430e67c7c9de8aee2e70b95f4c135360967a0b8b53b0d"; depth:88; endswith; nocase; http.host; content:"bedrive.ru"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862341/; classtype:trojan-activity;sid:84725441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"gosuslugi-help.vercel.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862337/; classtype:trojan-activity;sid:84725437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"max-files.vercel.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862338/; classtype:trojan-activity;sid:84725438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"infohelprus.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862339/; classtype:trojan-activity;sid:84725439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"photomaxost.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862340/; classtype:trojan-activity;sid:84725440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-netns-rt"; depth:23; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862335/; classtype:trojan-activity;sid:84725435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-rcu"; depth:18; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862336/; classtype:trojan-activity;sid:84725436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-irq-bal"; depth:22; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862325/; classtype:trojan-activity;sid:84725425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-netns"; depth:20; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862326/; classtype:trojan-activity;sid:84725426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-softirq"; depth:22; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862327/; classtype:trojan-activity;sid:84725427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-writeback"; depth:24; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862328/; classtype:trojan-activity;sid:84725428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-irq"; depth:18; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862329/; classtype:trojan-activity;sid:84725429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-mm"; depth:17; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862330/; classtype:trojan-activity;sid:84725430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-events"; depth:21; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862331/; classtype:trojan-activity;sid:84725431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-scsi"; depth:19; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862332/; classtype:trojan-activity;sid:84725432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd-crypto"; depth:21; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862333/; classtype:trojan-activity;sid:84725433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworkerd"; depth:14; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862334/; classtype:trojan-activity;sid:84725434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/init.sh"; depth:8; endswith; nocase; http.host; content:"176.65.139.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862324/; classtype:trojan-activity;sid:84725424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.168.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862323/; classtype:trojan-activity;sid:84725423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.186.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862322/; classtype:trojan-activity;sid:84725422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8140b622-c1c2-4fe9-8bb8-6be031e0c442"; depth:37; endswith; nocase; http.host; content:"tdfzyex.amoozeshagazade.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862321/; classtype:trojan-activity;sid:84725421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steg/stego_payloadxxx.png"; depth:26; endswith; nocase; http.host; content:"salsabil.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862320/; classtype:trojan-activity;sid:84725420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g/static/s/js/client.exe"; depth:25; endswith; nocase; http.host; content:"fmrio.com"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862319/; classtype:trojan-activity;sid:84725419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kk/hope.dat"; depth:12; endswith; nocase; http.host; content:"jamesautomobile.online"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862318/; classtype:trojan-activity;sid:84725418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hld/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"kaza.com.hk"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862317/; classtype:trojan-activity;sid:84725417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaypierec.pfm"; depth:14; endswith; nocase; http.host; content:"pub-61119fe0dab842b58c9c358838f9b0da.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862316/; classtype:trojan-activity;sid:84725416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4325.exe"; depth:9; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862315/; classtype:trojan-activity;sid:84725415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.186.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862314/; classtype:trojan-activity;sid:84725414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862313/; classtype:trojan-activity;sid:84725413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.168.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862312/; classtype:trojan-activity;sid:84725412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.26.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862311/; classtype:trojan-activity;sid:84725411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.215.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862309/; classtype:trojan-activity;sid:84725409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.34.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862310/; classtype:trojan-activity;sid:84725410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.34.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862308/; classtype:trojan-activity;sid:84725408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa879b30-c23c-44d3-b492-947d4f5a5740"; depth:37; endswith; nocase; http.host; content:"pfyfyt.bankefiile.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862307/; classtype:trojan-activity;sid:84725407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0583d6f-51c2-4100-97a8-7bd9a9dfb3f2"; depth:37; endswith; nocase; http.host; content:"nljdiefg.jamjahani.football"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862306/; classtype:trojan-activity;sid:84725406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.221.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862305/; classtype:trojan-activity;sid:84725405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b467e003-6aee-4a73-ae1c-4f448c5aa68a"; depth:47; endswith; nocase; http.host; content:"lq8j82kc.shirbetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862304/; classtype:trojan-activity;sid:84725404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.235.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862303/; classtype:trojan-activity;sid:84725403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6a25707c-7070-4d6a-8fa6-454cf440bbb3"; depth:47; endswith; nocase; http.host; content:"3yl7mt55.andisheeslami2.xyz"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862302/; classtype:trojan-activity;sid:84725402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.203.55.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862301/; classtype:trojan-activity;sid:84725401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.77.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862300/; classtype:trojan-activity;sid:84725400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862299/; classtype:trojan-activity;sid:84725399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.215.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862298/; classtype:trojan-activity;sid:84725398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.217.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862297/; classtype:trojan-activity;sid:84725397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.156.87.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862295/; classtype:trojan-activity;sid:84725395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cares.png"; depth:10; endswith; nocase; http.host; content:"corwineagles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862296/; classtype:trojan-activity;sid:84725396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update"; depth:7; endswith; nocase; http.host; content:"45.94.31.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862294/; classtype:trojan-activity;sid:84725394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcbh/mcbh.dat"; depth:14; endswith; nocase; http.host; content:"hdhz.it.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862293/; classtype:trojan-activity;sid:84725393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaglejetclient4.exe"; depth:20; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862292/; classtype:trojan-activity;sid:84725392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.225.1.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862291/; classtype:trojan-activity;sid:84725391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/bin.dat"; depth:10; endswith; nocase; http.host; content:"comserlivuior.store"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862290/; classtype:trojan-activity;sid:84725390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bin.dat"; depth:10; endswith; nocase; http.host; content:"comserlivuior.store"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862289/; classtype:trojan-activity;sid:84725389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/bin.dat"; depth:10; endswith; nocase; http.host; content:"comserlivuior.store"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862288/; classtype:trojan-activity;sid:84725388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b/bin.dat"; depth:10; endswith; nocase; http.host; content:"comserlivuior.store"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862287/; classtype:trojan-activity;sid:84725387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a4c37e8b-56df-4af3-b72e-ed3d06ed1eb5"; depth:37; endswith; nocase; http.host; content:"xtktlprb.rial.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862286/; classtype:trojan-activity;sid:84725386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grc/bin.dat"; depth:12; endswith; nocase; http.host; content:"usjcx.site"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862285/; classtype:trojan-activity;sid:84725385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuyu/rumpyu.png"; depth:16; endswith; nocase; http.host; content:"tradedsglobal.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862283/; classtype:trojan-activity;sid:84725383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msilatino.png"; depth:24; endswith; nocase; http.host; content:"tradedsglobal.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862284/; classtype:trojan-activity;sid:84725384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steg/stego_pussycat.png"; depth:24; endswith; nocase; http.host; content:"salsabil.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862282/; classtype:trojan-activity;sid:84725382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xyz1.exe"; depth:9; endswith; nocase; http.host; content:"sandyadamspodcast.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862281/; classtype:trojan-activity;sid:84725381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5d59516b-dece-4d3f-b936-36271d5ef5d9"; depth:47; endswith; nocase; http.host; content:"1yusfrvk.pishbinibet.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862280/; classtype:trojan-activity;sid:84725380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/level/stub.ps1"; depth:15; endswith; nocase; http.host; content:"pingdisp.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862279/; classtype:trojan-activity;sid:84725379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7517b32-8001-43d1-8bdc-97e1ab0b288b"; depth:37; endswith; nocase; http.host; content:"ithfkpx.amoozeshtagipour.shop"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862278/; classtype:trojan-activity;sid:84725378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.77.19"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862277/; classtype:trojan-activity;sid:84725377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.93.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862276/; classtype:trojan-activity;sid:84725376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.203.55.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862275/; classtype:trojan-activity;sid:84725375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wealthy4500/pc/raw/refs/heads/main/zoominstaller.msi"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862274/; classtype:trojan-activity;sid:84725374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wealthy4500/desk/refs/heads/main/okkefhr.txt"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862273/; classtype:trojan-activity;sid:84725373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wealthy4500/desk/refs/heads/main/mcdfmff.txt"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862272/; classtype:trojan-activity;sid:84725372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ysxpq"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862271/; classtype:trojan-activity;sid:84725371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labito.png"; depth:11; endswith; nocase; http.host; content:"pub-ce02802067934e0eb072f69bf6427bf6.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862270/; classtype:trojan-activity;sid:84725370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.139.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862269/; classtype:trojan-activity;sid:84725369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm7"; depth:9; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862268/; classtype:trojan-activity;sid:84725368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc2"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862267/; classtype:trojan-activity;sid:84725367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_64"; depth:7; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862264/; classtype:trojan-activity;sid:84725364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm32"; depth:10; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862265/; classtype:trojan-activity;sid:84725365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x0z"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862266/; classtype:trojan-activity;sid:84725366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862263/; classtype:trojan-activity;sid:84725363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64b82e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862262/; classtype:trojan-activity;sid:84725362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qpf"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862258/; classtype:trojan-activity;sid:84725358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wz7t"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862259/; classtype:trojan-activity;sid:84725359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qsob"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862260/; classtype:trojan-activity;sid:84725360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jrre"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862261/; classtype:trojan-activity;sid:84725361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qvz1"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862242/; classtype:trojan-activity;sid:84725342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ida"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862243/; classtype:trojan-activity;sid:84725343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mfmn"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862244/; classtype:trojan-activity;sid:84725344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0bd3"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862245/; classtype:trojan-activity;sid:84725345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mfl"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862246/; classtype:trojan-activity;sid:84725346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/my6"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862247/; classtype:trojan-activity;sid:84725347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mxl"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862248/; classtype:trojan-activity;sid:84725348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c9d703"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862249/; classtype:trojan-activity;sid:84725349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0fb7eb"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862250/; classtype:trojan-activity;sid:84725350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43c3ea"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862251/; classtype:trojan-activity;sid:84725351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d65f43"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862252/; classtype:trojan-activity;sid:84725352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef53ac"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862253/; classtype:trojan-activity;sid:84725353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb5811"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862254/; classtype:trojan-activity;sid:84725354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cdc8f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862255/; classtype:trojan-activity;sid:84725355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87516e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862256/; classtype:trojan-activity;sid:84725356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mspn"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862257/; classtype:trojan-activity;sid:84725357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"nickart.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862241/; classtype:trojan-activity;sid:84725341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1nk"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862237/; classtype:trojan-activity;sid:84725337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/120aaa"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862238/; classtype:trojan-activity;sid:84725338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c235ec"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862239/; classtype:trojan-activity;sid:84725339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05dcab"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862240/; classtype:trojan-activity;sid:84725340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ybvexgfibpzeuwar8f-jxnjljj9tjubu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862236/; classtype:trojan-activity;sid:84725336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1j4v6vivmg6u5ayhp00s0vbatiqdktc0v"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862235/; classtype:trojan-activity;sid:84725335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1aewama0wm7r784ywjz_mtklw4kgckwxy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862234/; classtype:trojan-activity;sid:84725334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k__k_wyqnky1fcdp3ics5n6p-rgtfhdy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862233/; classtype:trojan-activity;sid:84725333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dhot3wrrghjcwefhhajebepw8jy0n8fu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862232/; classtype:trojan-activity;sid:84725332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cp3rggonp5qrfs67hi61ctzysft97zan"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862231/; classtype:trojan-activity;sid:84725331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gqu2gdfdl5ypuwfw2n8kdgsaj_bs81vc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862230/; classtype:trojan-activity;sid:84725330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.149.40.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862229/; classtype:trojan-activity;sid:84725329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.227.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862228/; classtype:trojan-activity;sid:84725328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kxjea0riyrxmxhbys2wddsb9qlow0ldg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862227/; classtype:trojan-activity;sid:84725327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1c4mp9pub8cc-16cuvi88makoktfun90m"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862225/; classtype:trojan-activity;sid:84725325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yig7doblhf_blelcpynpr5f64mr8zomk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862226/; classtype:trojan-activity;sid:84725326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hljqauzc4jreupoxnmmywjfz2ehbran_"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862223/; classtype:trojan-activity;sid:84725323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rnvkfnj9ig1e3_fjq8jsquybgrvu9vl6"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862224/; classtype:trojan-activity;sid:84725324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1a2f7rkedjutv3t_7hit5ya-ooy0sjp-r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862222/; classtype:trojan-activity;sid:84725322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.138.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862221/; classtype:trojan-activity;sid:84725321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ozt9sdo_ntvrzam0kx4dbzxtcrm_lul2"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862220/; classtype:trojan-activity;sid:84725320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.247.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862219/; classtype:trojan-activity;sid:84725319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ao1zfhbzdmkzuhxgxnktxoifaom8fv5w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862217/; classtype:trojan-activity;sid:84725317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1dnh5j9_yoqhlkfcaopf98ufseqh5kcrs"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862218/; classtype:trojan-activity;sid:84725318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1x3dfl4d_tjtezrbujqc_ksbaswpazkhh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862215/; classtype:trojan-activity;sid:84725315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1mq_porvryuqzw86idajmfvqyp4c9nuer"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862216/; classtype:trojan-activity;sid:84725316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f07bfc62-7aca-4ff9-9955-b23f60bd3705"; depth:37; endswith; nocase; http.host; content:"uecvehp.amoozeshagazade.shop"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862214/; classtype:trojan-activity;sid:84725314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/befuzolxv.png"; depth:14; endswith; nocase; http.host; content:"pub-267b3d8f426d4d9ca10e514a1933f21b.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862213/; classtype:trojan-activity;sid:84725313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dawci87cncfu.png"; depth:17; endswith; nocase; http.host; content:"pub-27c93f4f89e1465b9c1287f8d108b525.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862212/; classtype:trojan-activity;sid:84725312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ooyrgc5d/raw"; depth:13; endswith; nocase; http.host; content:"pastefy.app"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862211/; classtype:trojan-activity;sid:84725311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gonnawilma"; depth:11; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862210/; classtype:trojan-activity;sid:84725310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stub.ps1"; depth:9; endswith; nocase; http.host; content:"remolcares.us"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862209/; classtype:trojan-activity;sid:84725309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/johns.png"; depth:10; endswith; nocase; http.host; content:"141.11.17.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862205/; classtype:trojan-activity;sid:84725305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xwor.png"; depth:9; endswith; nocase; http.host; content:"zihnyunrui.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862206/; classtype:trojan-activity;sid:84725306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sking.png"; depth:10; endswith; nocase; http.host; content:"zihnyunrui.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862207/; classtype:trojan-activity;sid:84725307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xobs.png"; depth:9; endswith; nocase; http.host; content:"zihnyunrui.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862208/; classtype:trojan-activity;sid:84725308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/john_msi.png"; depth:13; endswith; nocase; http.host; content:"141.11.17.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862204/; classtype:trojan-activity;sid:84725304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qwertyuiop.png"; depth:15; endswith; nocase; http.host; content:"www.vame.be"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862203/; classtype:trojan-activity;sid:84725303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxcvbnm.png"; depth:12; endswith; nocase; http.host; content:"www.vame.be"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862201/; classtype:trojan-activity;sid:84725301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wffd/update.ps1"; depth:16; endswith; nocase; http.host; content:"www.vame.be"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862202/; classtype:trojan-activity;sid:84725302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.217.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862200/; classtype:trojan-activity;sid:84725300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b0022ad-4930-4176-91b3-4a4e8038c4c9"; depth:37; endswith; nocase; http.host; content:"firdgorl.restaurantguideaarhus.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862199/; classtype:trojan-activity;sid:84725299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/1.jpg"; depth:10; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862198/; classtype:trojan-activity;sid:84725298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.169.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862197/; classtype:trojan-activity;sid:84725297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.169.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862196/; classtype:trojan-activity;sid:84725296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2fd1588d-6e99-4243-929e-b31156d6195d"; depth:47; endswith; nocase; http.host; content:"s4x5yd7i.anodaz.store"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862195/; classtype:trojan-activity;sid:84725295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.178.249.120"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862194/; classtype:trojan-activity;sid:84725294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.29.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862193/; classtype:trojan-activity;sid:84725293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.178.249.120"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862192/; classtype:trojan-activity;sid:84725292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.121.158"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862191/; classtype:trojan-activity;sid:84725291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/950da333-99fc-4797-a8dd-616967cabf88"; depth:37; endswith; nocase; http.host; content:"xmwofxxy.winxbet.co"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862190/; classtype:trojan-activity;sid:84725290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/720d6b14-6cf6-4a4b-b0da-0ea60d867c7c"; depth:37; endswith; nocase; http.host; content:"oxzqss.azmoonzare.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862189/; classtype:trojan-activity;sid:84725289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d00a3c77-6835-47c0-8ee5-51319a66cb45"; depth:47; endswith; nocase; http.host; content:"0xln2imp.yekbetiran.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862188/; classtype:trojan-activity;sid:84725288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=933a6553-1820-422c-9c36-cdca534fd415"; depth:47; endswith; nocase; http.host; content:"rkbvh5p1.parspoker.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862187/; classtype:trojan-activity;sid:84725287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862186/; classtype:trojan-activity;sid:84725286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/optimized_msiyu.png"; depth:25; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862185/; classtype:trojan-activity;sid:84725285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sass/djoku.png"; depth:15; endswith; nocase; http.host; content:"brenmayasociados.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862184/; classtype:trojan-activity;sid:84725284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ckfinder/php.exe"; depth:17; endswith; nocase; http.host; content:"muaklekcoop.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862183/; classtype:trojan-activity;sid:84725283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f32adadf-efc9-46c9-883b-a07606c53221"; depth:37; endswith; nocase; http.host; content:"pjekei.azmoonzare.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862182/; classtype:trojan-activity;sid:84725282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e8f85459-1443-47a2-b93d-a9af1e6b8a53"; depth:37; endswith; nocase; http.host; content:"vohgvv.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862181/; classtype:trojan-activity;sid:84725281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/40b076fe-4da3-42ea-8578-7c2d33546338"; depth:37; endswith; nocase; http.host; content:"cbawrwwb.wrfc8.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862180/; classtype:trojan-activity;sid:84725280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.209.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862179/; classtype:trojan-activity;sid:84725279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.114.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862178/; classtype:trojan-activity;sid:84725278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.249.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862177/; classtype:trojan-activity;sid:84725277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22/weneedbestthingswithbetterplacestocomebackgoodfor.js"; depth:56; endswith; nocase; http.host; content:"198.12.83.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862176/; classtype:trojan-activity;sid:84725276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dashboard/myfiles/sinduu9/ziahamgfe4bx1od.exe"; depth:46; endswith; nocase; http.host; content:"dogalhayat.space"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862175/; classtype:trojan-activity;sid:84725275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22/enc/weneedbestsolutionsforme.hta"; depth:36; endswith; nocase; http.host; content:"198.12.83.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862174/; classtype:trojan-activity;sid:84725274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/city101/nova_logs_2.dat"; depth:24; endswith; nocase; http.host; content:"178.17.58.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862173/; classtype:trojan-activity;sid:84725273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/400/img_015511.png"; depth:19; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862172/; classtype:trojan-activity;sid:84725272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/400/howdougetmebackwithbestthingsforme.hta"; depth:43; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862171/; classtype:trojan-activity;sid:84725271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/300/img_014511.png"; depth:19; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862170/; classtype:trojan-activity;sid:84725270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/300/becomeperfecthistimeforbestproperthings.hta"; depth:48; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862169/; classtype:trojan-activity;sid:84725269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lmylvuimexof5vqctgyd9pwgzhzzewnb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862168/; classtype:trojan-activity;sid:84725268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.129.231.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862166/; classtype:trojan-activity;sid:84725266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.129.231.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862167/; classtype:trojan-activity;sid:84725267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8249396e-0f6c-4aa6-aae3-49da6ef5c803"; depth:47; endswith; nocase; http.host; content:"eaty6go0.anodaz.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862165/; classtype:trojan-activity;sid:84725265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"193.142.146.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862164/; classtype:trojan-activity;sid:84725264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"193.142.146.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862163/; classtype:trojan-activity;sid:84725263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"141.98.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862162/; classtype:trojan-activity;sid:84725262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"79.124.8.44"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862160/; classtype:trojan-activity;sid:84725260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"79.124.8.44"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862161/; classtype:trojan-activity;sid:84725261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"94.141.122.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862157/; classtype:trojan-activity;sid:84725257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"203.159.90.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862158/; classtype:trojan-activity;sid:84725258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"94.141.122.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862159/; classtype:trojan-activity;sid:84725259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"203.159.90.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862156/; classtype:trojan-activity;sid:84725256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.52.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862154/; classtype:trojan-activity;sid:84725254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.52.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862155/; classtype:trojan-activity;sid:84725255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.52.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862153/; classtype:trojan-activity;sid:84725253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.52.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862151/; classtype:trojan-activity;sid:84725251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862152/; classtype:trojan-activity;sid:84725252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.246.87.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862150/; classtype:trojan-activity;sid:84725250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.114.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862149/; classtype:trojan-activity;sid:84725249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2d45fa7c-834d-4c88-bf6b-20ff31067b40"; depth:47; endswith; nocase; http.host; content:"3sdhx6qp.pokerbazi.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862148/; classtype:trojan-activity;sid:84725248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.175.241"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862147/; classtype:trojan-activity;sid:84725247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18fc17d8-afe0-4b19-8a7f-f913d0d0498f"; depth:37; endswith; nocase; http.host; content:"uknwgsop.red90.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862146/; classtype:trojan-activity;sid:84725246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862145/; classtype:trojan-activity;sid:84725245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862141/; classtype:trojan-activity;sid:84725241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862142/; classtype:trojan-activity;sid:84725242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862143/; classtype:trojan-activity;sid:84725243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862144/; classtype:trojan-activity;sid:84725244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862139/; classtype:trojan-activity;sid:84725239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862140/; classtype:trojan-activity;sid:84725240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.157.66.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862138/; classtype:trojan-activity;sid:84725238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862137/; classtype:trojan-activity;sid:84725237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"45.156.87.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862136/; classtype:trojan-activity;sid:84725236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mipsel"; depth:11; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862135/; classtype:trojan-activity;sid:84725235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm5"; depth:9; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862128/; classtype:trojan-activity;sid:84725228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.m68k"; depth:9; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862129/; classtype:trojan-activity;sid:84725229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm"; depth:8; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862130/; classtype:trojan-activity;sid:84725230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.sh4"; depth:8; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862131/; classtype:trojan-activity;sid:84725231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.sparc"; depth:10; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862132/; classtype:trojan-activity;sid:84725232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.ppc"; depth:8; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862133/; classtype:trojan-activity;sid:84725233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.i686"; depth:9; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862134/; classtype:trojan-activity;sid:84725234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm7"; depth:9; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862124/; classtype:trojan-activity;sid:84725224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86"; depth:8; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862125/; classtype:trojan-activity;sid:84725225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.mips"; depth:9; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862126/; classtype:trojan-activity;sid:84725226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.x86_64"; depth:11; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862127/; classtype:trojan-activity;sid:84725227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fbi.arm6"; depth:9; endswith; nocase; http.host; content:"45.154.98.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862123/; classtype:trojan-activity;sid:84725223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"77.91.96.41"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862122/; classtype:trojan-activity;sid:84725222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"91.214.78.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862121/; classtype:trojan-activity;sid:84725221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y"; depth:2; endswith; nocase; http.host; content:"204.76.203.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862120/; classtype:trojan-activity;sid:84725220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ckfinder/core/js/hilton.exe"; depth:28; endswith; nocase; http.host; content:"muaklekcoop.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862118/; classtype:trojan-activity;sid:84725218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ckfinder/core/js/acr-g1upd-639159296668701809.exe"; depth:50; endswith; nocase; http.host; content:"muaklekcoop.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862119/; classtype:trojan-activity;sid:84725219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ckfinder/core/js/phpjquery.php"; depth:31; endswith; nocase; http.host; content:"muaklekcoop.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862117/; classtype:trojan-activity;sid:84725217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.175.241"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862116/; classtype:trojan-activity;sid:84725216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.206.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862115/; classtype:trojan-activity;sid:84725215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.255.251.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862114/; classtype:trojan-activity;sid:84725214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.201.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862113/; classtype:trojan-activity;sid:84725213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.55.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862112/; classtype:trojan-activity;sid:84725212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bd930980-0370-4700-88fc-ae872d578401"; depth:37; endswith; nocase; http.host; content:"jxsofena.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862111/; classtype:trojan-activity;sid:84725211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yspex-8wakpiny-q6e6wm84offf01b-n"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862110/; classtype:trojan-activity;sid:84725210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kjs-qdepciqsa2idkz75zpqeglx9fhch"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862109/; classtype:trojan-activity;sid:84725209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.201.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862108/; classtype:trojan-activity;sid:84725208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arc"; depth:9; endswith; nocase; http.host; content:"142.93.47.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862107/; classtype:trojan-activity;sid:84725207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"uuyplunruss.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862105/; classtype:trojan-activity;sid:84725205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"wwwwwess.vercel.app"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862106/; classtype:trojan-activity;sid:84725206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862101/; classtype:trojan-activity;sid:84725201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862102/; classtype:trojan-activity;sid:84725202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"rosdtp-site.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862103/; classtype:trojan-activity;sid:84725203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"ruproishestvie2026.vercel.app"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862104/; classtype:trojan-activity;sid:84725204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/test_sys"; depth:14; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862098/; classtype:trojan-activity;sid:84725198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/test_conn"; depth:15; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862099/; classtype:trojan-activity;sid:84725199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862100/; classtype:trojan-activity;sid:84725200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/test_min"; depth:14; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862096/; classtype:trojan-activity;sid:84725196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bot.debug"; depth:15; endswith; nocase; http.host; content:"94.26.106.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862097/; classtype:trojan-activity;sid:84725197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"94.156.152.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862093/; classtype:trojan-activity;sid:84725193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbc"; depth:4; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862094/; classtype:trojan-activity;sid:84725194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"16.171.16.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862095/; classtype:trojan-activity;sid:84725195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flsz"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862092/; classtype:trojan-activity;sid:84725192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lr6"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862088/; classtype:trojan-activity;sid:84725188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ej9g"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862089/; classtype:trojan-activity;sid:84725189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9qr"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862090/; classtype:trojan-activity;sid:84725190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/siox"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862091/; classtype:trojan-activity;sid:84725191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gml"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862076/; classtype:trojan-activity;sid:84725176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tw0"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862077/; classtype:trojan-activity;sid:84725177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coy"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862078/; classtype:trojan-activity;sid:84725178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bffy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862079/; classtype:trojan-activity;sid:84725179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iqp"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862080/; classtype:trojan-activity;sid:84725180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/677n"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862081/; classtype:trojan-activity;sid:84725181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nps"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862082/; classtype:trojan-activity;sid:84725182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aebfb6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862083/; classtype:trojan-activity;sid:84725183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ecfb54"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862084/; classtype:trojan-activity;sid:84725184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e35df"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862085/; classtype:trojan-activity;sid:84725185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41622b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862086/; classtype:trojan-activity;sid:84725186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfo"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862087/; classtype:trojan-activity;sid:84725187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e03a9e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862073/; classtype:trojan-activity;sid:84725173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0f9833"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862074/; classtype:trojan-activity;sid:84725174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6w5"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862075/; classtype:trojan-activity;sid:84725175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9vb"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862070/; classtype:trojan-activity;sid:84725170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8pvt"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862071/; classtype:trojan-activity;sid:84725171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4pby"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862072/; classtype:trojan-activity;sid:84725172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mod1"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862069/; classtype:trojan-activity;sid:84725169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862068/; classtype:trojan-activity;sid:84725168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aei"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862064/; classtype:trojan-activity;sid:84725164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msjk"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862065/; classtype:trojan-activity;sid:84725165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1aa4b9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862066/; classtype:trojan-activity;sid:84725166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbe298"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862067/; classtype:trojan-activity;sid:84725167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jkk"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862063/; classtype:trojan-activity;sid:84725163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/06e11c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862061/; classtype:trojan-activity;sid:84725161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/976318"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862062/; classtype:trojan-activity;sid:84725162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2j9"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862058/; classtype:trojan-activity;sid:84725158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xewa"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862059/; classtype:trojan-activity;sid:84725159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/din"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862060/; classtype:trojan-activity;sid:84725160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vft2"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862027/; classtype:trojan-activity;sid:84725127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qi9"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862028/; classtype:trojan-activity;sid:84725128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5c4"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862029/; classtype:trojan-activity;sid:84725129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmk"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862030/; classtype:trojan-activity;sid:84725130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vaz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862031/; classtype:trojan-activity;sid:84725131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdxq"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862032/; classtype:trojan-activity;sid:84725132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayi"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862033/; classtype:trojan-activity;sid:84725133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggx"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862034/; classtype:trojan-activity;sid:84725134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lxz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862035/; classtype:trojan-activity;sid:84725135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yue"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862036/; classtype:trojan-activity;sid:84725136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l0s"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862037/; classtype:trojan-activity;sid:84725137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ttx"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862038/; classtype:trojan-activity;sid:84725138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ewrm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862039/; classtype:trojan-activity;sid:84725139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tzo"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862040/; classtype:trojan-activity;sid:84725140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyo"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862041/; classtype:trojan-activity;sid:84725141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aug"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862042/; classtype:trojan-activity;sid:84725142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ii4"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862043/; classtype:trojan-activity;sid:84725143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jzj"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862044/; classtype:trojan-activity;sid:84725144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a2153f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862045/; classtype:trojan-activity;sid:84725145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07815c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862046/; classtype:trojan-activity;sid:84725146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ee8f35"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862047/; classtype:trojan-activity;sid:84725147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/85ad92"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862048/; classtype:trojan-activity;sid:84725148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4c6ac2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862049/; classtype:trojan-activity;sid:84725149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/73490f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862050/; classtype:trojan-activity;sid:84725150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3b0f2b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862051/; classtype:trojan-activity;sid:84725151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a5dfa2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862052/; classtype:trojan-activity;sid:84725152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cc697"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862053/; classtype:trojan-activity;sid:84725153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fd5b2f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862054/; classtype:trojan-activity;sid:84725154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5d305"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862055/; classtype:trojan-activity;sid:84725155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f95318"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862056/; classtype:trojan-activity;sid:84725156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keaq"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862057/; classtype:trojan-activity;sid:84725157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oie"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862026/; classtype:trojan-activity;sid:84725126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vemy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862024/; classtype:trojan-activity;sid:84725124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fewy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862025/; classtype:trojan-activity;sid:84725125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0zz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862023/; classtype:trojan-activity;sid:84725123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4oe"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862022/; classtype:trojan-activity;sid:84725122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j3k"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862021/; classtype:trojan-activity;sid:84725121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voei"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862020/; classtype:trojan-activity;sid:84725120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wtfh"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862018/; classtype:trojan-activity;sid:84725118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/262b70"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862019/; classtype:trojan-activity;sid:84725119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r2w"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862017/; classtype:trojan-activity;sid:84725117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvbr"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862014/; classtype:trojan-activity;sid:84725114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/citm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862015/; classtype:trojan-activity;sid:84725115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcb12b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862016/; classtype:trojan-activity;sid:84725116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bc148ba5-6631-462f-85df-4aace6ca2d8c"; depth:47; endswith; nocase; http.host; content:"rg6u6kf7.pokeray.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862013/; classtype:trojan-activity;sid:84725113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.255.251.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862012/; classtype:trojan-activity;sid:84725112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.157.66.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862011/; classtype:trojan-activity;sid:84725111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f356d43a-1e50-4a2d-8b36-bdb1e3ab177a"; depth:47; endswith; nocase; http.host; content:"yfzhr93v.parsbet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862010/; classtype:trojan-activity;sid:84725110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acd4bcba-cdef-4f85-a261-cfacac334a2c"; depth:37; endswith; nocase; http.host; content:"hremhf.jamjahani2026.football"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862009/; classtype:trojan-activity;sid:84725109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5565362f-e772-40c7-8b86-d0c8aae74143"; depth:37; endswith; nocase; http.host; content:"nllxfcjp.shartbandi.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862008/; classtype:trojan-activity;sid:84725108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.15.124.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862007/; classtype:trojan-activity;sid:84725107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.186.230.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862006/; classtype:trojan-activity;sid:84725106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.206.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862005/; classtype:trojan-activity;sid:84725105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.133.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862004/; classtype:trojan-activity;sid:84725104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/733d7611-f486-4f26-b6f1-a2b83e62d0c3"; depth:37; endswith; nocase; http.host; content:"qnsvnvkk.shartbandi.casino"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862003/; classtype:trojan-activity;sid:84725103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.228.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862002/; classtype:trojan-activity;sid:84725102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.230.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862001/; classtype:trojan-activity;sid:84725101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5d5f69a8-2e22-4213-9dab-6f1a94dc31fa"; depth:37; endswith; nocase; http.host; content:"vvoplgpy.bet303.poker"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862000/; classtype:trojan-activity;sid:84725100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.173.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861999/; classtype:trojan-activity;sid:84725099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.56.232.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861998/; classtype:trojan-activity;sid:84725098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/archive/archived.zip"; depth:21; endswith; nocase; http.host; content:"avemod.cc"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861997/; classtype:trojan-activity;sid:84725097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.161.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861996/; classtype:trojan-activity;sid:84725096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.173.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861995/; classtype:trojan-activity;sid:84725095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.56.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861993/; classtype:trojan-activity;sid:84725093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.190.203.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861994/; classtype:trojan-activity;sid:84725094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861992/; classtype:trojan-activity;sid:84725092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861991/; classtype:trojan-activity;sid:84725091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5e9f2c30-6af3-4b5c-a727-f216c548770f"; depth:47; endswith; nocase; http.host; content:"8zktknmf.shirbetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861990/; classtype:trojan-activity;sid:84725090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6050a730-332e-48f6-98fd-0e9f5f541034"; depth:37; endswith; nocase; http.host; content:"vqfqrqgv.red90.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861989/; classtype:trojan-activity;sid:84725089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.56.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861988/; classtype:trojan-activity;sid:84725088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861987/; classtype:trojan-activity;sid:84725087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.1.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861986/; classtype:trojan-activity;sid:84725086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2a97e74d-840f-49a0-af2c-861841aa78a2"; depth:37; endswith; nocase; http.host; content:"hylfko.pishbinibet.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861985/; classtype:trojan-activity;sid:84725085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861984/; classtype:trojan-activity;sid:84725084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.99.178.233"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861983/; classtype:trojan-activity;sid:84725083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.121.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861982/; classtype:trojan-activity;sid:84725082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861981/; classtype:trojan-activity;sid:84725081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12f626fb-8127-4690-84d2-fadcd4386738"; depth:37; endswith; nocase; http.host; content:"lxhcemuk.wrfc8.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861980/; classtype:trojan-activity;sid:84725080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861979/; classtype:trojan-activity;sid:84725079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861978/; classtype:trojan-activity;sid:84725078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.77.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861977/; classtype:trojan-activity;sid:84725077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.99.178.233"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861976/; classtype:trojan-activity;sid:84725076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861975/; classtype:trojan-activity;sid:84725075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.74.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861974/; classtype:trojan-activity;sid:84725074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.225.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861973/; classtype:trojan-activity;sid:84725073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8fbe3a9-741c-4aa9-bbaa-6a2e227d5b47"; depth:37; endswith; nocase; http.host; content:"qpemifog.winxbet.co"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861972/; classtype:trojan-activity;sid:84725072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.119.63"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861971/; classtype:trojan-activity;sid:84725071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.119.63"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861970/; classtype:trojan-activity;sid:84725070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.225.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861969/; classtype:trojan-activity;sid:84725069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861968/; classtype:trojan-activity;sid:84725068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.7.179"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861967/; classtype:trojan-activity;sid:84725067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861965/; classtype:trojan-activity;sid:84725065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.58.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861966/; classtype:trojan-activity;sid:84725066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f0f03b7-4382-4f14-85bb-03ec041c1ff9"; depth:37; endswith; nocase; http.host; content:"izlayynu.winsportiran.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861964/; classtype:trojan-activity;sid:84725064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.1.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861963/; classtype:trojan-activity;sid:84725063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.253.55.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861962/; classtype:trojan-activity;sid:84725062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9862427e-73c0-4cd8-9570-4569b5993a25"; depth:37; endswith; nocase; http.host; content:"yhsgyl.pishbinisite.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861961/; classtype:trojan-activity;sid:84725061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dc5e2406-7d6e-46fc-ab40-f2368a7c0751"; depth:47; endswith; nocase; http.host; content:"o6k7lcz5.shartbazi.net"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861960/; classtype:trojan-activity;sid:84725060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861959/; classtype:trojan-activity;sid:84725059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.1.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861958/; classtype:trojan-activity;sid:84725058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.253.55.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861957/; classtype:trojan-activity;sid:84725057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.242.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861956/; classtype:trojan-activity;sid:84725056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.69.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861955/; classtype:trojan-activity;sid:84725055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bd331615-0107-4848-be95-6c8b24c5bf78"; depth:37; endswith; nocase; http.host; content:"jqjvvqpy.one1x.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861954/; classtype:trojan-activity;sid:84725054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861953/; classtype:trojan-activity;sid:84725053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=166d075a-0b85-4891-83ae-bf76d2675a63"; depth:47; endswith; nocase; http.host; content:"5ronk1lr.pointsbetiran.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861952/; classtype:trojan-activity;sid:84725052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.28.193.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861951/; classtype:trojan-activity;sid:84725051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.39.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861950/; classtype:trojan-activity;sid:84725050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.228.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861949/; classtype:trojan-activity;sid:84725049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.242.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861948/; classtype:trojan-activity;sid:84725048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0fcb22b1-9baa-46bf-a8a9-54a7092002ce"; depth:37; endswith; nocase; http.host; content:"dxssnlzn.penalty.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861947/; classtype:trojan-activity;sid:84725047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.39.77"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861946/; classtype:trojan-activity;sid:84725046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.193.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861945/; classtype:trojan-activity;sid:84725045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.179.228.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861944/; classtype:trojan-activity;sid:84725044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=928ef172-bb63-412e-8f45-0af70dc5c2f4"; depth:47; endswith; nocase; http.host; content:"7kblrgq1.shartbazi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861943/; classtype:trojan-activity;sid:84725043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d39f034-147c-4d7f-9d7e-1403923bc909"; depth:37; endswith; nocase; http.host; content:"mnhunimj.persian.sex"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861942/; classtype:trojan-activity;sid:84725042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.193.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861941/; classtype:trojan-activity;sid:84725041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1e3941d2-207e-459e-ad04-bfb5908da817"; depth:37; endswith; nocase; http.host; content:"bjyqjg.onlineshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861940/; classtype:trojan-activity;sid:84725040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=14a90149-ffb8-4c79-9dff-7ea24eb569a6"; depth:47; endswith; nocase; http.host; content:"w02eza6e.plinkoirani.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861939/; classtype:trojan-activity;sid:84725039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.179.228.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861938/; classtype:trojan-activity;sid:84725038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/881715592/czxvnud.exe"; depth:28; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861937/; classtype:trojan-activity;sid:84725037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2caebf3d-fd07-41d6-87e8-af5879e28b16"; depth:37; endswith; nocase; http.host; content:"epxigqr.tagat120art.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861936/; classtype:trojan-activity;sid:84725036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861935/; classtype:trojan-activity;sid:84725035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861934/; classtype:trojan-activity;sid:84725034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da94216c-de8f-4925-8b6e-193ae9287f0d"; depth:37; endswith; nocase; http.host; content:"swzbdpb.poker-online.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861933/; classtype:trojan-activity;sid:84725033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.250.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861932/; classtype:trojan-activity;sid:84725032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.226.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861931/; classtype:trojan-activity;sid:84725031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.250.241"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861930/; classtype:trojan-activity;sid:84725030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.209.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861929/; classtype:trojan-activity;sid:84725029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.7.232"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861928/; classtype:trojan-activity;sid:84725028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/207cc6bd-0b75-486d-9164-1a03c16032f2"; depth:37; endswith; nocase; http.host; content:"wwwydzo.penaltibazi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861926/; classtype:trojan-activity;sid:84725026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=938bd58f-afa9-4379-8e53-79d881e70d75"; depth:47; endswith; nocase; http.host; content:"56c1ukt9.shart303.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861927/; classtype:trojan-activity;sid:84725027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.226.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861925/; classtype:trojan-activity;sid:84725025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.17.16.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861924/; classtype:trojan-activity;sid:84725024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0c1d2236-2607-4456-890d-2fb6d354d0d5"; depth:37; endswith; nocase; http.host; content:"ppwbda.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861923/; classtype:trojan-activity;sid:84725023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/progressive_8127.75.4792_install.exe"; depth:37; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861922/; classtype:trojan-activity;sid:84725022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.66.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861921/; classtype:trojan-activity;sid:84725021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.58.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861920/; classtype:trojan-activity;sid:84725020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.7.232"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861919/; classtype:trojan-activity;sid:84725019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.72.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861918/; classtype:trojan-activity;sid:84725018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8eb8c65d-3942-4a87-abf0-3f63a46597a2"; depth:37; endswith; nocase; http.host; content:"srninwh.one1xbet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861917/; classtype:trojan-activity;sid:84725017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.66.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861916/; classtype:trojan-activity;sid:84725016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861915/; classtype:trojan-activity;sid:84725015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.236.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861914/; classtype:trojan-activity;sid:84725014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.58.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861913/; classtype:trojan-activity;sid:84725013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.120.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861912/; classtype:trojan-activity;sid:84725012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.231.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861911/; classtype:trojan-activity;sid:84725011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8f09fdab-6b61-4f39-850e-f7c8727313c2"; depth:37; endswith; nocase; http.host; content:"hqtzavl.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861910/; classtype:trojan-activity;sid:84725010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.6"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861908/; classtype:trojan-activity;sid:84725008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.8"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861909/; classtype:trojan-activity;sid:84725009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.2"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861905/; classtype:trojan-activity;sid:84725005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.13"; depth:22; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861906/; classtype:trojan-activity;sid:84725006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.7"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861907/; classtype:trojan-activity;sid:84725007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.10"; depth:22; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861904/; classtype:trojan-activity;sid:84725004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.5"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861899/; classtype:trojan-activity;sid:84724999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.11"; depth:22; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861900/; classtype:trojan-activity;sid:84725000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.4"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861901/; classtype:trojan-activity;sid:84725001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.1"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861902/; classtype:trojan-activity;sid:84725002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.9"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861903/; classtype:trojan-activity;sid:84725003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.3.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861898/; classtype:trojan-activity;sid:84724998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.23.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861897/; classtype:trojan-activity;sid:84724997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/godisdead.3"; depth:21; endswith; nocase; http.host; content:"152.236.7.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861896/; classtype:trojan-activity;sid:84724996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.48.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861895/; classtype:trojan-activity;sid:84724995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.3.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861894/; classtype:trojan-activity;sid:84724994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.136.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861893/; classtype:trojan-activity;sid:84724993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80dd9442-9199-4419-a093-8583419d7c23"; depth:37; endswith; nocase; http.host; content:"scvnivk.sabaad724.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861892/; classtype:trojan-activity;sid:84724992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.24.84.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861891/; classtype:trojan-activity;sid:84724991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=487bda20-f4f6-48d6-8d83-6b8dd0a39e6f"; depth:47; endswith; nocase; http.host; content:"jcrlq1o7.sabzbet.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861890/; classtype:trojan-activity;sid:84724990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"80.27.83.195"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861889/; classtype:trojan-activity;sid:84724989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861888/; classtype:trojan-activity;sid:84724988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861887/; classtype:trojan-activity;sid:84724987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.232.161.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861886/; classtype:trojan-activity;sid:84724986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41e0e0ac-c290-4a2f-b3c2-3af73a9d6851"; depth:37; endswith; nocase; http.host; content:"tmeypq.perfectgame.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861885/; classtype:trojan-activity;sid:84724985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.206.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861884/; classtype:trojan-activity;sid:84724984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.137.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861883/; classtype:trojan-activity;sid:84724983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.83.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861882/; classtype:trojan-activity;sid:84724982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.137.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861881/; classtype:trojan-activity;sid:84724981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.236.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861880/; classtype:trojan-activity;sid:84724980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ece8d56-2f95-4220-85a8-74a2eb1387b5"; depth:37; endswith; nocase; http.host; content:"rywwahl.romabet90.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861879/; classtype:trojan-activity;sid:84724979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/badger_x64_stealth_rtl.bin"; depth:27; endswith; nocase; http.host; content:"176.65.134.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861878/; classtype:trojan-activity;sid:84724978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.43.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861877/; classtype:trojan-activity;sid:84724977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.216.4"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861876/; classtype:trojan-activity;sid:84724976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.93.137.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861875/; classtype:trojan-activity;sid:84724975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.75.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861874/; classtype:trojan-activity;sid:84724974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.236.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861873/; classtype:trojan-activity;sid:84724973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_140606.png"; depth:15; endswith; nocase; http.host; content:"canigrup.top"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861872/; classtype:trojan-activity;sid:84724972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgi-contents/uizbfzgbzsevdbsrfnfservvfhbrjvrnbegjngbvfneevffgwmvnf/ehfbsdf.exe"; depth:79; endswith; nocase; http.host; content:"mnoledglin.top"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861871/; classtype:trojan-activity;sid:84724971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"canigrup.top"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861870/; classtype:trojan-activity;sid:84724970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.18.5/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"git.nightcord.online"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861869/; classtype:trojan-activity;sid:84724969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.206.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861868/; classtype:trojan-activity;sid:84724968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.75.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861867/; classtype:trojan-activity;sid:84724967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.bat"; depth:6; endswith; nocase; http.host; content:"deltaexecutorvip.xyz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861866/; classtype:trojan-activity;sid:84724966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delta.hta"; depth:10; endswith; nocase; http.host; content:"deltahub.vip"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861865/; classtype:trojan-activity;sid:84724965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89480ade-f160-42d4-a780-9e59d8d6ea48"; depth:37; endswith; nocase; http.host; content:"xepjlus.riverpoker1.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861864/; classtype:trojan-activity;sid:84724964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=92b40ead-ec25-4ecf-85a5-f34deb3d55af"; depth:47; endswith; nocase; http.host; content:"1tzunno5.onexboro.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861863/; classtype:trojan-activity;sid:84724963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861862/; classtype:trojan-activity;sid:84724962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.158.170.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861861/; classtype:trojan-activity;sid:84724961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsge63sd3/plugins/clip64.dll"; depth:29; endswith; nocase; http.host; content:"spasopro.at"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861860/; classtype:trojan-activity;sid:84724960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsge63sd3/plugins/clip.dll"; depth:27; endswith; nocase; http.host; content:"spasopro.at"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861858/; classtype:trojan-activity;sid:84724958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsge63sd3/okey.exe"; depth:19; endswith; nocase; http.host; content:"spasopro.at"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861859/; classtype:trojan-activity;sid:84724959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsge63sd3/plugins/cred.dll"; depth:27; endswith; nocase; http.host; content:"spasopro.at"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861856/; classtype:trojan-activity;sid:84724956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lsge63sd3/plugins/cred64.dll"; depth:29; endswith; nocase; http.host; content:"spasopro.at"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861857/; classtype:trojan-activity;sid:84724957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amadey.exe"; depth:11; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861855/; classtype:trojan-activity;sid:84724955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tkr.exe"; depth:8; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861854/; classtype:trojan-activity;sid:84724954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.153.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861853/; classtype:trojan-activity;sid:84724953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5d7b4297-0d2f-4348-be83-9cd079265887"; depth:37; endswith; nocase; http.host; content:"lrucuzu.rika90.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861852/; classtype:trojan-activity;sid:84724952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.47.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861851/; classtype:trojan-activity;sid:84724951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mon.txt"; depth:8; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861849/; classtype:trojan-activity;sid:84724949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/min.txt"; depth:8; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861850/; classtype:trojan-activity;sid:84724950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uas.txt"; depth:8; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861848/; classtype:trojan-activity;sid:84724948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cohernece.txt"; depth:14; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861846/; classtype:trojan-activity;sid:84724946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/access.txt"; depth:11; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861847/; classtype:trojan-activity;sid:84724947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.192.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861845/; classtype:trojan-activity;sid:84724945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2949ed60-087c-44d5-979f-bb9873a2d26f"; depth:47; endswith; nocase; http.host; content:"z08omixf.mrbet90.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861844/; classtype:trojan-activity;sid:84724944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.150.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861843/; classtype:trojan-activity;sid:84724943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.153.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861842/; classtype:trojan-activity;sid:84724942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.27.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861841/; classtype:trojan-activity;sid:84724941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"vdsina.vg"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861840/; classtype:trojan-activity;sid:84724940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861837/; classtype:trojan-activity;sid:84724937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861838/; classtype:trojan-activity;sid:84724938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861839/; classtype:trojan-activity;sid:84724939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861835/; classtype:trojan-activity;sid:84724935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861836/; classtype:trojan-activity;sid:84724936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861834/; classtype:trojan-activity;sid:84724934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861833/; classtype:trojan-activity;sid:84724933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861832/; classtype:trojan-activity;sid:84724932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861828/; classtype:trojan-activity;sid:84724928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861829/; classtype:trojan-activity;sid:84724929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861830/; classtype:trojan-activity;sid:84724930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861831/; classtype:trojan-activity;sid:84724931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.160.201"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861827/; classtype:trojan-activity;sid:84724927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f6b4922-b233-4e9b-b469-393373ca1fb4"; depth:37; endswith; nocase; http.host; content:"gabuys.perspolisbet90.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861826/; classtype:trojan-activity;sid:84724926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.14.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861825/; classtype:trojan-activity;sid:84724925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.47.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861824/; classtype:trojan-activity;sid:84724924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a18ec94a-90da-4864-8986-944d03b2b633"; depth:37; endswith; nocase; http.host; content:"vsnsopv.winsportiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861823/; classtype:trojan-activity;sid:84724923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.30.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861822/; classtype:trojan-activity;sid:84724922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.221.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861821/; classtype:trojan-activity;sid:84724921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.195.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861820/; classtype:trojan-activity;sid:84724920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8587665743/3hhqcyw.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861819/; classtype:trojan-activity;sid:84724919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ldr.exe"; depth:8; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861818/; classtype:trojan-activity;sid:84724918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.35.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861817/; classtype:trojan-activity;sid:84724917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.14.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861816/; classtype:trojan-activity;sid:84724916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861815/; classtype:trojan-activity;sid:84724915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c4fc525c-861c-4b5a-a377-7516bfebdc59"; depth:37; endswith; nocase; http.host; content:"prmozcj.persian.sex"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861814/; classtype:trojan-activity;sid:84724914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.233.102.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861813/; classtype:trojan-activity;sid:84724913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.35.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861812/; classtype:trojan-activity;sid:84724912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.246.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861811/; classtype:trojan-activity;sid:84724911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.93.90"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861810/; classtype:trojan-activity;sid:84724910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a4c952b-ee26-4678-98fe-c5b9b2ad153c"; depth:37; endswith; nocase; http.host; content:"ckejpbj.one1xbet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861809/; classtype:trojan-activity;sid:84724909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.30.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861808/; classtype:trojan-activity;sid:84724908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.246.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861807/; classtype:trojan-activity;sid:84724907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.231.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861806/; classtype:trojan-activity;sid:84724906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf40f3eb-4043-4f99-877b-1dafe1e51c7a"; depth:37; endswith; nocase; http.host; content:"ysqxkgi.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861805/; classtype:trojan-activity;sid:84724905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.107.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861804/; classtype:trojan-activity;sid:84724904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.195.127"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861803/; classtype:trojan-activity;sid:84724903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=369dc9fd-645e-42d5-902f-6bdc2f3a4be2"; depth:47; endswith; nocase; http.host; content:"jegtdzjo.parsbet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861802/; classtype:trojan-activity;sid:84724902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.231.120.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861801/; classtype:trojan-activity;sid:84724901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.107.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861800/; classtype:trojan-activity;sid:84724900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.159.67"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861799/; classtype:trojan-activity;sid:84724899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.43.223"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861798/; classtype:trojan-activity;sid:84724898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30743d71-2368-4d04-b271-c8075873675c"; depth:37; endswith; nocase; http.host; content:"disxya.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861797/; classtype:trojan-activity;sid:84724897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77ada079-00cf-42e6-826c-3da48cdcbe3d"; depth:37; endswith; nocase; http.host; content:"izmxgmj.pasoor11.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861796/; classtype:trojan-activity;sid:84724896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.16.164.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861795/; classtype:trojan-activity;sid:84724895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e110cf6c-7c0e-446f-91df-e70389bc52e8"; depth:37; endswith; nocase; http.host; content:"oxtumf.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861794/; classtype:trojan-activity;sid:84724894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/000111333.exe"; depth:14; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861793/; classtype:trojan-activity;sid:84724893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k5l5rvpx/admin.png"; depth:19; endswith; nocase; http.host; content:"i.postimg.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861792/; classtype:trojan-activity;sid:84724892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a0596716-da22-4555-ab1d-928dfaa04c68"; depth:37; endswith; nocase; http.host; content:"uktbpnp.sabaad724.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861791/; classtype:trojan-activity;sid:84724891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.118.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861790/; classtype:trojan-activity;sid:84724890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.225.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861789/; classtype:trojan-activity;sid:84724889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.126.223.40"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861788/; classtype:trojan-activity;sid:84724888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861787/; classtype:trojan-activity;sid:84724887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861780/; classtype:trojan-activity;sid:84724880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.arm7"; depth:33; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861781/; classtype:trojan-activity;sid:84724881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861782/; classtype:trojan-activity;sid:84724882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861783/; classtype:trojan-activity;sid:84724883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861784/; classtype:trojan-activity;sid:84724884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861785/; classtype:trojan-activity;sid:84724885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861786/; classtype:trojan-activity;sid:84724886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861774/; classtype:trojan-activity;sid:84724874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861775/; classtype:trojan-activity;sid:84724875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861776/; classtype:trojan-activity;sid:84724876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861777/; classtype:trojan-activity;sid:84724877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.arm6"; depth:33; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861778/; classtype:trojan-activity;sid:84724878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.mips"; depth:33; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861779/; classtype:trojan-activity;sid:84724879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.mipsel"; depth:35; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861772/; classtype:trojan-activity;sid:84724872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861773/; classtype:trojan-activity;sid:84724873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.m68k"; depth:33; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861771/; classtype:trojan-activity;sid:84724871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.sh4"; depth:32; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861764/; classtype:trojan-activity;sid:84724864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.arm"; depth:32; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861765/; classtype:trojan-activity;sid:84724865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.spc"; depth:32; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861766/; classtype:trojan-activity;sid:84724866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.ppc"; depth:32; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861767/; classtype:trojan-activity;sid:84724867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.x86_64"; depth:35; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861768/; classtype:trojan-activity;sid:84724868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.arm5"; depth:33; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861769/; classtype:trojan-activity;sid:84724869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cloudflare/sassy.cloudflare.cat.sh"; depth:35; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861770/; classtype:trojan-activity;sid:84724870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18ca20e3-4229-4aa8-beb0-c3caf066a755"; depth:37; endswith; nocase; http.host; content:"uckrcup.romabet90.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861763/; classtype:trojan-activity;sid:84724863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.195.127"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861762/; classtype:trojan-activity;sid:84724862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.92.64"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861761/; classtype:trojan-activity;sid:84724861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20c6da9d-651a-45d7-ad10-ad0f433143a3"; depth:37; endswith; nocase; http.host; content:"brbyxsj.riverpoker1.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861760/; classtype:trojan-activity;sid:84724860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.16.164.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861759/; classtype:trojan-activity;sid:84724859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b74de582-d317-4490-91fb-44d429df55e9"; depth:37; endswith; nocase; http.host; content:"qenkzpp.rika90.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861758/; classtype:trojan-activity;sid:84724858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.126.223.40"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861757/; classtype:trojan-activity;sid:84724857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.210.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861756/; classtype:trojan-activity;sid:84724856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.246.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861755/; classtype:trojan-activity;sid:84724855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.224.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861754/; classtype:trojan-activity;sid:84724854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.101.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861753/; classtype:trojan-activity;sid:84724853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.48.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861752/; classtype:trojan-activity;sid:84724852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0304bf64-bb0e-4049-bc13-b0f75076c3ec"; depth:37; endswith; nocase; http.host; content:"ylcfeow.penalty.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861751/; classtype:trojan-activity;sid:84724851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.221.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861750/; classtype:trojan-activity;sid:84724850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.48.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861749/; classtype:trojan-activity;sid:84724849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coraline_4.7.zip"; depth:17; endswith; nocase; http.host; content:"coraline-cheats.pw"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861748/; classtype:trojan-activity;sid:84724848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_220302.png"; depth:15; endswith; nocase; http.host; content:"gadomamada.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861746/; classtype:trojan-activity;sid:84724846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_122530.png"; depth:15; endswith; nocase; http.host; content:"magina.online"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861747/; classtype:trojan-activity;sid:84724847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_101603.png"; depth:15; endswith; nocase; http.host; content:"estirarsobrelivro.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861745/; classtype:trojan-activity;sid:84724845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_111454.png"; depth:15; endswith; nocase; http.host; content:"magina.online"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861741/; classtype:trojan-activity;sid:84724841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/index.php|3f|a=dl|7c|26|7c|token=8caaf953d89478b8a7191eb32295c117a310b53ac9059d4ad69a1e397ec3b2d4|7c|26|7c|rv=2c2a57da1627f1222495400c5625c3bd|7c|26|7c|src=anascopr.net|7c|26|7c|mode=cloudflare"; depth:198; endswith; nocase; http.host; content:"chinabowl.club"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861742/; classtype:trojan-activity;sid:84724842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_114115.png"; depth:15; endswith; nocase; http.host; content:"grandvegasbet.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861743/; classtype:trojan-activity;sid:84724843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beta/voltrix.zip"; depth:17; endswith; nocase; http.host; content:"voltrix.tv"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861744/; classtype:trojan-activity;sid:84724844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_091731.png"; depth:15; endswith; nocase; http.host; content:"magina.online"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861739/; classtype:trojan-activity;sid:84724839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msi_111308.png"; depth:15; endswith; nocase; http.host; content:"gadomamada.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861740/; classtype:trojan-activity;sid:84724840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.224.180.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861738/; classtype:trojan-activity;sid:84724838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3e69f766-07e6-4e99-ae17-d092feccd26d"; depth:47; endswith; nocase; http.host; content:"09ddpfx9.parspoker.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861737/; classtype:trojan-activity;sid:84724837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf05d5da-a63a-403a-a9eb-9e332551fbef"; depth:37; endswith; nocase; http.host; content:"mjtcvp.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861736/; classtype:trojan-activity;sid:84724836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d361d500-0d6f-47f6-8fc6-081c7b4eb9fc"; depth:37; endswith; nocase; http.host; content:"tfqpaye.one1x.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861735/; classtype:trojan-activity;sid:84724835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8863f8f5-8265-4cc4-8da6-61e4f4ff6ad3"; depth:47; endswith; nocase; http.host; content:"a98nkya7.onexprobet.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861734/; classtype:trojan-activity;sid:84724834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861733/; classtype:trojan-activity;sid:84724833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c85f197-1386-4776-8c30-d77e2ab4bd25"; depth:37; endswith; nocase; http.host; content:"zonpvb.perfectgame.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861732/; classtype:trojan-activity;sid:84724832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4269e1ce-4f6e-4c59-9888-09a8096244a0"; depth:37; endswith; nocase; http.host; content:"xtrqgv.perspolisbet90.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861731/; classtype:trojan-activity;sid:84724831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.169.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861730/; classtype:trojan-activity;sid:84724830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.221.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861729/; classtype:trojan-activity;sid:84724829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.112.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861728/; classtype:trojan-activity;sid:84724828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.50.192"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861727/; classtype:trojan-activity;sid:84724827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.160.201"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861726/; classtype:trojan-activity;sid:84724826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.74.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861725/; classtype:trojan-activity;sid:84724825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.134.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861724/; classtype:trojan-activity;sid:84724824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.103.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861723/; classtype:trojan-activity;sid:84724823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.245.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861722/; classtype:trojan-activity;sid:84724822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f8d2/kaizen.arm7"; depth:19; endswith; nocase; http.host; content:"83.142.209.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861721/; classtype:trojan-activity;sid:84724821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.50.192"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861720/; classtype:trojan-activity;sid:84724820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6b86327e-364f-4ae0-9c01-8b73e9e7462f"; depth:37; endswith; nocase; http.host; content:"sedxjax.winxbet.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861719/; classtype:trojan-activity;sid:84724819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.112.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861718/; classtype:trojan-activity;sid:84724818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.103.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861717/; classtype:trojan-activity;sid:84724817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.245.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861716/; classtype:trojan-activity;sid:84724816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.157.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861715/; classtype:trojan-activity;sid:84724815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.116.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861714/; classtype:trojan-activity;sid:84724814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3fe7804-3515-4863-845e-23f26b42e01e"; depth:37; endswith; nocase; http.host; content:"blkfazi.xenicalby6.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861713/; classtype:trojan-activity;sid:84724813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.190.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861712/; classtype:trojan-activity;sid:84724812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.103.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861711/; classtype:trojan-activity;sid:84724811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861710/; classtype:trojan-activity;sid:84724810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.249.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861709/; classtype:trojan-activity;sid:84724809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.116.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861708/; classtype:trojan-activity;sid:84724808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.195.207"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861707/; classtype:trojan-activity;sid:84724807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.132.166.240"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861706/; classtype:trojan-activity;sid:84724806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.105.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861705/; classtype:trojan-activity;sid:84724805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861704/; classtype:trojan-activity;sid:84724804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d8bb903c-9c39-49f5-8442-c3bfb19425dd"; depth:47; endswith; nocase; http.host; content:"w18yfaze.yekbetiran.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861703/; classtype:trojan-activity;sid:84724803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.13.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861702/; classtype:trojan-activity;sid:84724802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.13.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861701/; classtype:trojan-activity;sid:84724801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.157.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861700/; classtype:trojan-activity;sid:84724800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.190.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861699/; classtype:trojan-activity;sid:84724799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.172.53"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861698/; classtype:trojan-activity;sid:84724798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/39c740be-8d6a-424b-8dc0-f7e2101520ec"; depth:37; endswith; nocase; http.host; content:"zlbcjre.wrfc8.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861697/; classtype:trojan-activity;sid:84724797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/networke.ps1"; depth:13; endswith; nocase; http.host; content:"45.221.99.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861696/; classtype:trojan-activity;sid:84724796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.175.205.141"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861695/; classtype:trojan-activity;sid:84724795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f8ddbcd6-75e1-4339-b3c3-e8cddeef7ed0"; depth:37; endswith; nocase; http.host; content:"gfmuomz.pinbahiis.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861694/; classtype:trojan-activity;sid:84724794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/7"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861688/; classtype:trojan-activity;sid:84724788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/4"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861689/; classtype:trojan-activity;sid:84724789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/6"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861690/; classtype:trojan-activity;sid:84724790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/1"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861691/; classtype:trojan-activity;sid:84724791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/5"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861692/; classtype:trojan-activity;sid:84724792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/3"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861693/; classtype:trojan-activity;sid:84724793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/8"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861687/; classtype:trojan-activity;sid:84724787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2624e321-771c-4fb3-bcc8-cfcd27b89afc"; depth:37; endswith; nocase; http.host; content:"jbwjdp.rial.bet"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861686/; classtype:trojan-activity;sid:84724786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.251.233"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861685/; classtype:trojan-activity;sid:84724785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.103.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861684/; classtype:trojan-activity;sid:84724784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.166.240"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861683/; classtype:trojan-activity;sid:84724783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.172.53"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861682/; classtype:trojan-activity;sid:84724782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.251.233"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861681/; classtype:trojan-activity;sid:84724781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.99.180.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861680/; classtype:trojan-activity;sid:84724780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.58.115"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861679/; classtype:trojan-activity;sid:84724779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"23.146.240.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861678/; classtype:trojan-activity;sid:84724778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.216.4"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861677/; classtype:trojan-activity;sid:84724777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.139.62.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861676/; classtype:trojan-activity;sid:84724776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.234.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861675/; classtype:trojan-activity;sid:84724775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.121.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861674/; classtype:trojan-activity;sid:84724774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861673/; classtype:trojan-activity;sid:84724773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47c8a229-b46a-43b7-8ac4-9173a4ac9d5d"; depth:37; endswith; nocase; http.host; content:"salppir.red90.casino"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861672/; classtype:trojan-activity;sid:84724772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.206.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861671/; classtype:trojan-activity;sid:84724771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.33.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861669/; classtype:trojan-activity;sid:84724769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.96.28"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861670/; classtype:trojan-activity;sid:84724770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipfs/qmbpifgvvgu4rsccjkunzwtmdxzeos2scdeqquqzg6guat"; depth:52; endswith; nocase; http.host; content:"ipfs.io"; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861668/; classtype:trojan-activity;sid:84724768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861667/; classtype:trojan-activity;sid:84724767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.90.102"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861666/; classtype:trojan-activity;sid:84724766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.139.62.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861665/; classtype:trojan-activity;sid:84724765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.99.180.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861664/; classtype:trojan-activity;sid:84724764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.255.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861663/; classtype:trojan-activity;sid:84724763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.238.19"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861662/; classtype:trojan-activity;sid:84724762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83c2ad72-0a43-40fd-a729-6c9afe24cf65"; depth:37; endswith; nocase; http.host; content:"whyldsf.rc395.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861661/; classtype:trojan-activity;sid:84724761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.33.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861660/; classtype:trojan-activity;sid:84724760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.238.19"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861659/; classtype:trojan-activity;sid:84724759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.243.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861658/; classtype:trojan-activity;sid:84724758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"82.114.178.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861657/; classtype:trojan-activity;sid:84724757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4df9d346-ce49-486b-8b7a-4c2087cd8f89"; depth:47; endswith; nocase; http.host; content:"e3giv37r.pokerpars.poker"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861656/; classtype:trojan-activity;sid:84724756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dedewidth1234.png"; depth:18; endswith; nocase; http.host; content:"pub-340aa1a9ccc64f6b871a4c31ff93a5a6.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861655/; classtype:trojan-activity;sid:84724755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hndve/"; depth:7; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861653/; classtype:trojan-activity;sid:84724753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dnlrp"; depth:6; endswith; nocase; http.host; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861654/; classtype:trojan-activity;sid:84724754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pktrg"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861652/; classtype:trojan-activity;sid:84724752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcslb"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861650/; classtype:trojan-activity;sid:84724750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsptg"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861651/; classtype:trojan-activity;sid:84724751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xiyks"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861649/; classtype:trojan-activity;sid:84724749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22/img_102554.png"; depth:18; endswith; nocase; http.host; content:"104.168.70.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861648/; classtype:trojan-activity;sid:84724748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/180/img_185101.png"; depth:19; endswith; nocase; http.host; content:"31.77.57.234"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861646/; classtype:trojan-activity;sid:84724746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwdra"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861647/; classtype:trojan-activity;sid:84724747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ndynuw"; depth:7; endswith; nocase; http.host; content:"getabre.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861644/; classtype:trojan-activity;sid:84724744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lasaas.png"; depth:11; endswith; nocase; http.host; content:"pub-e2490b2d81b147ac978f21eab73fe8c4.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861645/; classtype:trojan-activity;sid:84724745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22/wedidbestthingswithbetterplaceformygirl.hta"; depth:47; endswith; nocase; http.host; content:"104.168.70.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861642/; classtype:trojan-activity;sid:84724742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wdutlv"; depth:7; endswith; nocase; http.host; content:"getabre.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861643/; classtype:trojan-activity;sid:84724743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/180/wegivenbestthingsforbetterplaceforme.hta"; depth:45; endswith; nocase; http.host; content:"31.77.57.234"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861640/; classtype:trojan-activity;sid:84724740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.pcmag.compicksthe-best-cloud-storage-and-file-sharing-servicestest_uuid=05zuputsjijl9et37twfqcl|7c|26|7c|test_variant=app.php"; depth:135; endswith; nocase; http.host; content:"31.77.57.234"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861641/; classtype:trojan-activity;sid:84724741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqxoi"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861639/; classtype:trojan-activity;sid:84724739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"2026rupolice.vercel.app"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861638/; classtype:trojan-activity;sid:84724738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"news24-ebon.vercel.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861636/; classtype:trojan-activity;sid:84724736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filai.png"; depth:10; endswith; nocase; http.host; content:"pub-ad9c25de14a347bf8934835d655aafc1.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861637/; classtype:trojan-activity;sid:84724737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wrkwf"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861635/; classtype:trojan-activity;sid:84724735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%d0%90%d0%9a%d0%a2%d0%a3%d0%90%d0%9b%d0%ac%d0%9d%d0%ab%d0%99_%d0%a1%d0%9f%d0%98%d0%a1%d0%9e%d0%9a.apk"; depth:102; endswith; nocase; http.host; content:"spiskisvo.xyz"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861634/; classtype:trojan-activity;sid:84724734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.pcmag.compicksthe-best-cloud-storage-and-file-sharing-servicestest_uuid=05zuputsjijl9et37twfqcl|7c|26|7c|test_variant=evc.php"; depth:135; endswith; nocase; http.host; content:"104.168.70.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861633/; classtype:trojan-activity;sid:84724733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/favour4.exe"; depth:12; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861632/; classtype:trojan-activity;sid:84724732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doppee7.exe"; depth:12; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861631/; classtype:trojan-activity;sid:84724731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freda4.exe"; depth:11; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861630/; classtype:trojan-activity;sid:84724730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.71.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861629/; classtype:trojan-activity;sid:84724729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.151.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861628/; classtype:trojan-activity;sid:84724728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.120.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861627/; classtype:trojan-activity;sid:84724727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5e565f30-6b82-4f4b-94d0-1d30c4d9b952"; depth:37; endswith; nocase; http.host; content:"xwwitjs.rayonbet.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861626/; classtype:trojan-activity;sid:84724726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0de789be-5fb4-489b-8d8c-ed7d86ef8f64"; depth:37; endswith; nocase; http.host; content:"demfmb.restaurantguideaarhus.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861625/; classtype:trojan-activity;sid:84724725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.239.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861624/; classtype:trojan-activity;sid:84724724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.120.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861623/; classtype:trojan-activity;sid:84724723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.243.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861622/; classtype:trojan-activity;sid:84724722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.193.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861621/; classtype:trojan-activity;sid:84724721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/651872e1-b1e3-40fe-b5c5-c7ebf5606378"; depth:37; endswith; nocase; http.host; content:"gwjjko.onlineshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861620/; classtype:trojan-activity;sid:84724720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.39.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861619/; classtype:trojan-activity;sid:84724719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.151.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861618/; classtype:trojan-activity;sid:84724718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.55.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861617/; classtype:trojan-activity;sid:84724717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd0aa4a3-065d-484a-98b3-9b525437ebed"; depth:37; endswith; nocase; http.host; content:"gyayod.pishbinisite.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861616/; classtype:trojan-activity;sid:84724716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.244.48"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861615/; classtype:trojan-activity;sid:84724715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.80.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861614/; classtype:trojan-activity;sid:84724714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9eb34cf2-5092-4f61-ab95-79609a94c94e"; depth:37; endswith; nocase; http.host; content:"gdenwcw.rabonaabet.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861613/; classtype:trojan-activity;sid:84724713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861612/; classtype:trojan-activity;sid:84724712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.193.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861611/; classtype:trojan-activity;sid:84724711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.133.220"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861610/; classtype:trojan-activity;sid:84724710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.39.88"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861609/; classtype:trojan-activity;sid:84724709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9247b3b2-a7dc-49f7-ba03-da92b2eb1bc5"; depth:37; endswith; nocase; http.host; content:"cafdfe.pishbinihoshmand.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861608/; classtype:trojan-activity;sid:84724708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.162.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861607/; classtype:trojan-activity;sid:84724707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4f7da9a9-0aa7-43fc-8999-a76506fd56c1"; depth:47; endswith; nocase; http.host; content:"dgxbf5rv.onexfa.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861606/; classtype:trojan-activity;sid:84724706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.133.220"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861605/; classtype:trojan-activity;sid:84724705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72544e76-576d-4a90-947d-a5351c4655ad"; depth:37; endswith; nocase; http.host; content:"lplhoo.pishbinigame.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861604/; classtype:trojan-activity;sid:84724704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.80.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861603/; classtype:trojan-activity;sid:84724703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/883fbe81-134a-49e9-8a0d-e4788ebb3b50"; depth:37; endswith; nocase; http.host; content:"mbigpi.pishbinifoori.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861602/; classtype:trojan-activity;sid:84724702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.47.190.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861601/; classtype:trojan-activity;sid:84724701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.247.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861600/; classtype:trojan-activity;sid:84724700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.173.199.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861599/; classtype:trojan-activity;sid:84724699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.115.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861598/; classtype:trojan-activity;sid:84724698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.83.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861597/; classtype:trojan-activity;sid:84724697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ce721b9-466e-42a7-a6bd-afa08478c385"; depth:37; endswith; nocase; http.host; content:"jgjuwx.pishbiniclass.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861596/; classtype:trojan-activity;sid:84724696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.249.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861595/; classtype:trojan-activity;sid:84724695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.19.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861594/; classtype:trojan-activity;sid:84724694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/248ff6ad-4ec9-42ac-80af-9e754b90def2"; depth:37; endswith; nocase; http.host; content:"rcyrnur.pokerprado.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861593/; classtype:trojan-activity;sid:84724693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.88.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861591/; classtype:trojan-activity;sid:84724691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.19.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861592/; classtype:trojan-activity;sid:84724692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.247.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861590/; classtype:trojan-activity;sid:84724690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.210.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861589/; classtype:trojan-activity;sid:84724689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.145.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861588/; classtype:trojan-activity;sid:84724688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.134.0"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861587/; classtype:trojan-activity;sid:84724687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9422b0fc-c3d6-4ede-9c00-9af152d86ef6"; depth:47; endswith; nocase; http.host; content:"r2qz0qa2.poker-online.bet"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861586/; classtype:trojan-activity;sid:84724686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.113.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861584/; classtype:trojan-activity;sid:84724684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.69.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861585/; classtype:trojan-activity;sid:84724685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/639f1d09-6a0c-44fa-ab2c-e494aec3ab9b"; depth:37; endswith; nocase; http.host; content:"rmipclt.penality.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861583/; classtype:trojan-activity;sid:84724683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.248.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861582/; classtype:trojan-activity;sid:84724682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.121.158"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861581/; classtype:trojan-activity;sid:84724681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcp"; depth:4; endswith; nocase; http.host; content:"165.154.199.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861580/; classtype:trojan-activity;sid:84724680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/2"; depth:7; endswith; nocase; http.host; content:"213.111.144.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861579/; classtype:trojan-activity;sid:84724679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.39.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861578/; classtype:trojan-activity;sid:84724678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.92.241"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861577/; classtype:trojan-activity;sid:84724677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.173.159.215"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861576/; classtype:trojan-activity;sid:84724676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8570bba4-df3f-4581-9a6c-f4bb23099132"; depth:37; endswith; nocase; http.host; content:"emyynld.pasur21.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861575/; classtype:trojan-activity;sid:84724675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.134.0"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861574/; classtype:trojan-activity;sid:84724674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.141.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861573/; classtype:trojan-activity;sid:84724673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disssh4"; depth:8; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861572/; classtype:trojan-activity;sid:84724672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissx86"; depth:8; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861571/; classtype:trojan-activity;sid:84724671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissarm6"; depth:9; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861568/; classtype:trojan-activity;sid:84724668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissmips"; depth:9; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861569/; classtype:trojan-activity;sid:84724669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissarm5"; depth:9; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861570/; classtype:trojan-activity;sid:84724670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissarm7"; depth:9; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861566/; classtype:trojan-activity;sid:84724666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissmpsl"; depth:9; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861567/; classtype:trojan-activity;sid:84724667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"45.156.87.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861565/; classtype:trojan-activity;sid:84724665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"45.156.87.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861564/; classtype:trojan-activity;sid:84724664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.exe"; depth:9; endswith; nocase; http.host; content:"89.40.31.72"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861563/; classtype:trojan-activity;sid:84724663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss"; depth:3; endswith; nocase; http.host; content:"172.94.9.168"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861562/; classtype:trojan-activity;sid:84724662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861560/; classtype:trojan-activity;sid:84724660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissarm4"; depth:9; endswith; nocase; http.host; content:"151.243.109.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861561/; classtype:trojan-activity;sid:84724661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//r/nsec-fetch-dest"; depth:19; endswith; nocase; http.host; content:"189.183.104.194"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861559/; classtype:trojan-activity;sid:84724659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//r/n/r/n"; depth:9; endswith; nocase; http.host; content:"177.152.150.32"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861558/; classtype:trojan-activity;sid:84724658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"38.60.206.224"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861556/; classtype:trojan-activity;sid:84724656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"104.251.181.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861554/; classtype:trojan-activity;sid:84724654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.156.87.133"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861555/; classtype:trojan-activity;sid:84724655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.187.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861551/; classtype:trojan-activity;sid:84724651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.189.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861552/; classtype:trojan-activity;sid:84724652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.184.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861553/; classtype:trojan-activity;sid:84724653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"104.251.180.109"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861543/; classtype:trojan-activity;sid:84724643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"31.42.176.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861544/; classtype:trojan-activity;sid:84724644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"104.251.180.112"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861545/; classtype:trojan-activity;sid:84724645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"213.111.144.43"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861546/; classtype:trojan-activity;sid:84724646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.156.87.91"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861547/; classtype:trojan-activity;sid:84724647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.188.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861548/; classtype:trojan-activity;sid:84724648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.187.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861549/; classtype:trojan-activity;sid:84724649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.54.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861550/; classtype:trojan-activity;sid:84724650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.184.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861542/; classtype:trojan-activity;sid:84724642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"213.111.144.43"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861541/; classtype:trojan-activity;sid:84724641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.187.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861534/; classtype:trojan-activity;sid:84724634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.188.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861535/; classtype:trojan-activity;sid:84724635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.187.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861536/; classtype:trojan-activity;sid:84724636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.54.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861537/; classtype:trojan-activity;sid:84724637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.189.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861538/; classtype:trojan-activity;sid:84724638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"31.42.176.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861539/; classtype:trojan-activity;sid:84724639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"104.251.181.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861540/; classtype:trojan-activity;sid:84724640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.156.87.91"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861533/; classtype:trojan-activity;sid:84724633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.armv4l"; depth:18; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861532/; classtype:trojan-activity;sid:84724632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.armv6l"; depth:18; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861523/; classtype:trojan-activity;sid:84724623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.powerpc"; depth:19; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861524/; classtype:trojan-activity;sid:84724624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.armv5l"; depth:18; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861525/; classtype:trojan-activity;sid:84724625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.x86_64"; depth:18; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861526/; classtype:trojan-activity;sid:84724626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.mipsel"; depth:18; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861527/; classtype:trojan-activity;sid:84724627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.armv7l"; depth:18; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861528/; classtype:trojan-activity;sid:84724628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.arc"; depth:15; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861529/; classtype:trojan-activity;sid:84724629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.i486"; depth:16; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861530/; classtype:trojan-activity;sid:84724630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.sh4"; depth:15; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861531/; classtype:trojan-activity;sid:84724631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctst"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861522/; classtype:trojan-activity;sid:84724622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wgl"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861521/; classtype:trojan-activity;sid:84724621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hke"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861517/; classtype:trojan-activity;sid:84724617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/glv"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861518/; classtype:trojan-activity;sid:84724618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pv7"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861519/; classtype:trojan-activity;sid:84724619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa4z"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861520/; classtype:trojan-activity;sid:84724620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z7jy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861516/; classtype:trojan-activity;sid:84724616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xkxm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861513/; classtype:trojan-activity;sid:84724613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ktzt"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861514/; classtype:trojan-activity;sid:84724614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.mips"; depth:16; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861515/; classtype:trojan-activity;sid:84724615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bwr"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861512/; classtype:trojan-activity;sid:84724612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.sparc"; depth:17; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861509/; classtype:trojan-activity;sid:84724609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.aarch64"; depth:19; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861510/; classtype:trojan-activity;sid:84724610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updaterros.m68k"; depth:16; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861511/; classtype:trojan-activity;sid:84724611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jvkg"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861503/; classtype:trojan-activity;sid:84724603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a9kw"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861504/; classtype:trojan-activity;sid:84724604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pab"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861505/; classtype:trojan-activity;sid:84724605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/12.tok"; depth:16; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861506/; classtype:trojan-activity;sid:84724606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfxe"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861507/; classtype:trojan-activity;sid:84724607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dzrg"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861508/; classtype:trojan-activity;sid:84724608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan"; depth:6; endswith; nocase; http.host; content:"185.122.171.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861502/; classtype:trojan-activity;sid:84724602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861501/; classtype:trojan-activity;sid:84724601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861491/; classtype:trojan-activity;sid:84724591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861492/; classtype:trojan-activity;sid:84724592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861493/; classtype:trojan-activity;sid:84724593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861494/; classtype:trojan-activity;sid:84724594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861495/; classtype:trojan-activity;sid:84724595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861496/; classtype:trojan-activity;sid:84724596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861497/; classtype:trojan-activity;sid:84724597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861498/; classtype:trojan-activity;sid:84724598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861499/; classtype:trojan-activity;sid:84724599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861500/; classtype:trojan-activity;sid:84724600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.39.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861490/; classtype:trojan-activity;sid:84724590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot"; depth:4; endswith; nocase; http.host; content:"176.65.142.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861489/; classtype:trojan-activity;sid:84724589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.220.145.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861488/; classtype:trojan-activity;sid:84724588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.141.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861487/; classtype:trojan-activity;sid:84724587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.207.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861486/; classtype:trojan-activity;sid:84724586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f69295ed-5a4d-48a2-8dc7-23385cdc2f36"; depth:37; endswith; nocase; http.host; content:"nkfjdum.pasoor11.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861485/; classtype:trojan-activity;sid:84724585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1512a7e8-6e50-461e-8b65-d6807fd7ebbd"; depth:37; endswith; nocase; http.host; content:"hxmhpw.pishbinibet.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861484/; classtype:trojan-activity;sid:84724584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/053d3da2-9033-4467-b64a-0aaee7f984f7"; depth:37; endswith; nocase; http.host; content:"sfdwdmq.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861483/; classtype:trojan-activity;sid:84724583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/release/"; depth:9; endswith; nocase; http.host; content:"64.118.132.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861482/; classtype:trojan-activity;sid:84724582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.242.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861481/; classtype:trojan-activity;sid:84724581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861480/; classtype:trojan-activity;sid:84724580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshisss.sh"; depth:12; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861479/; classtype:trojan-activity;sid:84724579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kim/kim.bin"; depth:12; endswith; nocase; http.host; content:"www.normativatecnica.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861478/; classtype:trojan-activity;sid:84724578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps/ps.js"; depth:9; endswith; nocase; http.host; content:"ksb.com.de"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861477/; classtype:trojan-activity;sid:84724577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ag/unexplain.psd"; depth:17; endswith; nocase; http.host; content:"ali-alomaritrading.cam"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861476/; classtype:trojan-activity;sid:84724576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.229.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861475/; classtype:trojan-activity;sid:84724575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.160.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861474/; classtype:trojan-activity;sid:84724574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=aff12a77-472e-4235-aaed-0c450b6fbb56"; depth:47; endswith; nocase; http.host; content:"ojnkoxdg.pokerbazi.poker"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861473/; classtype:trojan-activity;sid:84724573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.41.140"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861472/; classtype:trojan-activity;sid:84724572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861471/; classtype:trojan-activity;sid:84724571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c4cae652-cd4f-4891-9e7b-3c666782c98f"; depth:37; endswith; nocase; http.host; content:"hnainyw.ninjafruitcubes.bet"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861470/; classtype:trojan-activity;sid:84724570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.100.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861468/; classtype:trojan-activity;sid:84724568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.93.90"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861469/; classtype:trojan-activity;sid:84724569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/teleport"; depth:12; endswith; nocase; http.host; content:"162.248.101.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861467/; classtype:trojan-activity;sid:84724567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.39.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861466/; classtype:trojan-activity;sid:84724566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.113.0"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861465/; classtype:trojan-activity;sid:84724565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.160.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861464/; classtype:trojan-activity;sid:84724564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.100.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861463/; classtype:trojan-activity;sid:84724563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.52.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861462/; classtype:trojan-activity;sid:84724562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.18.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861461/; classtype:trojan-activity;sid:84724561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.113.0"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861460/; classtype:trojan-activity;sid:84724560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e186776-1a0a-42f1-836b-4055caead275"; depth:37; endswith; nocase; http.host; content:"kodhfeq.one1xbet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861459/; classtype:trojan-activity;sid:84724559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/13.tok"; depth:16; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861458/; classtype:trojan-activity;sid:84724558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.229.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861457/; classtype:trojan-activity;sid:84724557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disconnected.sh"; depth:16; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861456/; classtype:trojan-activity;sid:84724556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/7.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861455/; classtype:trojan-activity;sid:84724555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/8.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861445/; classtype:trojan-activity;sid:84724545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/11.tok"; depth:16; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861446/; classtype:trojan-activity;sid:84724546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/3.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861447/; classtype:trojan-activity;sid:84724547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/6.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861448/; classtype:trojan-activity;sid:84724548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/4.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861449/; classtype:trojan-activity;sid:84724549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/1.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861450/; classtype:trojan-activity;sid:84724550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/5.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861451/; classtype:trojan-activity;sid:84724551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/9.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861452/; classtype:trojan-activity;sid:84724552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/2.tok"; depth:15; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861453/; classtype:trojan-activity;sid:84724553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eat/some/10.tok"; depth:16; endswith; nocase; http.host; content:"152.236.5.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861454/; classtype:trojan-activity;sid:84724554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861444/; classtype:trojan-activity;sid:84724544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.18.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861443/; classtype:trojan-activity;sid:84724543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.116.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861442/; classtype:trojan-activity;sid:84724542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.29.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861440/; classtype:trojan-activity;sid:84724540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.28.63.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861441/; classtype:trojan-activity;sid:84724541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.178.11"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861439/; classtype:trojan-activity;sid:84724539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861438/; classtype:trojan-activity;sid:84724538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.134.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861437/; classtype:trojan-activity;sid:84724537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.98.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861436/; classtype:trojan-activity;sid:84724536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/021d6c05-e7af-45f2-9a47-50743e6ca3b1"; depth:37; endswith; nocase; http.host; content:"wsiflnb.persian.sex"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861435/; classtype:trojan-activity;sid:84724535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.218.61.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861434/; classtype:trojan-activity;sid:84724534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.28.63.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861433/; classtype:trojan-activity;sid:84724533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.71.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861432/; classtype:trojan-activity;sid:84724532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59022224-c1d4-46a0-b0dd-c39cc67116bd"; depth:37; endswith; nocase; http.host; content:"mnnwpo.jamjahani2026.football"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861431/; classtype:trojan-activity;sid:84724531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.186.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861430/; classtype:trojan-activity;sid:84724530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.98.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861429/; classtype:trojan-activity;sid:84724529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.96.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861428/; classtype:trojan-activity;sid:84724528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.116.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861427/; classtype:trojan-activity;sid:84724527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.71.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861426/; classtype:trojan-activity;sid:84724526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.239.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861425/; classtype:trojan-activity;sid:84724525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.14.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861424/; classtype:trojan-activity;sid:84724524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.96.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861423/; classtype:trojan-activity;sid:84724523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e3e52bd6-abab-4e18-aaf9-1864b69ab397"; depth:47; endswith; nocase; http.host; content:"jjcuameq.parspoker90.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861422/; classtype:trojan-activity;sid:84724522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861421/; classtype:trojan-activity;sid:84724521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb1a945f-bcc3-4aff-b4d5-aaee9e739d5e"; depth:37; endswith; nocase; http.host; content:"scsadmm.penaltibazi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861420/; classtype:trojan-activity;sid:84724520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861419/; classtype:trojan-activity;sid:84724519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3eb1a9f9-e004-41f6-85a6-0e7af64ed35a"; depth:47; endswith; nocase; http.host; content:"aoeseeuk.winpars.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861418/; classtype:trojan-activity;sid:84724518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.3.229"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861417/; classtype:trojan-activity;sid:84724517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"125.41.105.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861416/; classtype:trojan-activity;sid:84724516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.75.127"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861415/; classtype:trojan-activity;sid:84724515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.148.221.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861414/; classtype:trojan-activity;sid:84724514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.218.61.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861413/; classtype:trojan-activity;sid:84724513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.67.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861412/; classtype:trojan-activity;sid:84724512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.241.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861411/; classtype:trojan-activity;sid:84724511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.13.60"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861410/; classtype:trojan-activity;sid:84724510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.3.229"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861409/; classtype:trojan-activity;sid:84724509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.151.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861408/; classtype:trojan-activity;sid:84724508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861407/; classtype:trojan-activity;sid:84724507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/76379832-7a8a-48bc-beed-8bf865190d25"; depth:37; endswith; nocase; http.host; content:"gialird.pishbini11.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861406/; classtype:trojan-activity;sid:84724506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.83.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861405/; classtype:trojan-activity;sid:84724505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861404/; classtype:trojan-activity;sid:84724504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.59.79.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861403/; classtype:trojan-activity;sid:84724503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.138.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861402/; classtype:trojan-activity;sid:84724502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.117.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861401/; classtype:trojan-activity;sid:84724501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.57.41.140"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861400/; classtype:trojan-activity;sid:84724500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.111.195"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861399/; classtype:trojan-activity;sid:84724499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.111.195"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861398/; classtype:trojan-activity;sid:84724498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.59.79.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861397/; classtype:trojan-activity;sid:84724497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79c9b48d-7e93-465b-8816-a5da0113d8b6"; depth:37; endswith; nocase; http.host; content:"byiuatd.pinnaclebetting.bet"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861396/; classtype:trojan-activity;sid:84724496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.216.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861395/; classtype:trojan-activity;sid:84724495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01df1e5a-28b6-4423-a90d-562ea5dbbca9"; depth:37; endswith; nocase; http.host; content:"naszmks.pinbahiis.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861394/; classtype:trojan-activity;sid:84724494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"149.71.39.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861393/; classtype:trojan-activity;sid:84724493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.21.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861392/; classtype:trojan-activity;sid:84724492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/98838503-9036-4eee-bd73-e04e93e221ca"; depth:37; endswith; nocase; http.host; content:"xgcstm.yasbet90.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861391/; classtype:trojan-activity;sid:84724491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.242.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861390/; classtype:trojan-activity;sid:84724490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.113.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861389/; classtype:trojan-activity;sid:84724489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df04f85c-8809-4c98-9aef-0cb7a8efe043"; depth:37; endswith; nocase; http.host; content:"lokino.perfectgameiran.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861388/; classtype:trojan-activity;sid:84724488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.172.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861387/; classtype:trojan-activity;sid:84724487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.14.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861386/; classtype:trojan-activity;sid:84724486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861385/; classtype:trojan-activity;sid:84724485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.177.10.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861384/; classtype:trojan-activity;sid:84724484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.103.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861383/; classtype:trojan-activity;sid:84724483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"149.71.39.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861382/; classtype:trojan-activity;sid:84724482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861380/; classtype:trojan-activity;sid:84724480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.216.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861381/; classtype:trojan-activity;sid:84724481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=be2b69c0-546f-4f0c-b143-f34911b2ba09"; depth:47; endswith; nocase; http.host; content:"q62sm4y0.parsgoal90.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861379/; classtype:trojan-activity;sid:84724479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/548c6fb3-aea6-4c67-8535-cbe5eae544eb"; depth:37; endswith; nocase; http.host; content:"plyxcbx.wrfc8.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861378/; classtype:trojan-activity;sid:84724478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.242.6"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861377/; classtype:trojan-activity;sid:84724477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.i6"; depth:9; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861375/; classtype:trojan-activity;sid:84724475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.i5"; depth:9; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861376/; classtype:trojan-activity;sid:84724476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861373/; classtype:trojan-activity;sid:84724473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.103.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861374/; classtype:trojan-activity;sid:84724474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zok"; depth:4; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861372/; classtype:trojan-activity;sid:84724472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.225.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861371/; classtype:trojan-activity;sid:84724471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.113.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861370/; classtype:trojan-activity;sid:84724470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.21.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861369/; classtype:trojan-activity;sid:84724469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.123.4"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861368/; classtype:trojan-activity;sid:84724468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.8.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861367/; classtype:trojan-activity;sid:84724467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.225.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861366/; classtype:trojan-activity;sid:84724466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba8cbffa-a66a-425a-b2a0-6cef190a72a8"; depth:37; endswith; nocase; http.host; content:"pblgwhm.x50wheel.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861365/; classtype:trojan-activity;sid:84724465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.123.4"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861364/; classtype:trojan-activity;sid:84724464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.231.231.221"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861363/; classtype:trojan-activity;sid:84724463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.173.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861362/; classtype:trojan-activity;sid:84724462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.8.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861361/; classtype:trojan-activity;sid:84724461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.248.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861360/; classtype:trojan-activity;sid:84724460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.54.95.49"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861359/; classtype:trojan-activity;sid:84724459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/476edb17-af55-41b7-b1b1-1031ae7db70e"; depth:37; endswith; nocase; http.host; content:"oknmhjx.xenicalby6.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861358/; classtype:trojan-activity;sid:84724458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.173.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861357/; classtype:trojan-activity;sid:84724457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.248.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861356/; classtype:trojan-activity;sid:84724456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/079debf7-5af8-45e9-931f-d5f40c7e37f2"; depth:37; endswith; nocase; http.host; content:"nnwhxh.pik.bet"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861355/; classtype:trojan-activity;sid:84724455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.114.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861354/; classtype:trojan-activity;sid:84724454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"24.54.95.49"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861353/; classtype:trojan-activity;sid:84724453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ccfc2d2-d321-4996-a489-e4d238708dbb"; depth:37; endswith; nocase; http.host; content:"deglis.perspolisbet.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861352/; classtype:trojan-activity;sid:84724452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.94.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861351/; classtype:trojan-activity;sid:84724451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.244.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861350/; classtype:trojan-activity;sid:84724450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a7d66692-744f-43c6-934b-00ab440ef5f6"; depth:37; endswith; nocase; http.host; content:"akvljg.perspolisbet90.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861349/; classtype:trojan-activity;sid:84724449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7bafc7d1-4304-4eba-87fe-09270e041e20"; depth:47; endswith; nocase; http.host; content:"nlwgc0c9.yekbetiran.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861348/; classtype:trojan-activity;sid:84724448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14b2f418-16ae-46d6-96df-632a666d6fed"; depth:37; endswith; nocase; http.host; content:"frowben.yasbetapp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861347/; classtype:trojan-activity;sid:84724447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.194.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861346/; classtype:trojan-activity;sid:84724446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.133.221.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861345/; classtype:trojan-activity;sid:84724445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.114.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861344/; classtype:trojan-activity;sid:84724444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ffae4a0-a86f-48c5-9ce3-3ac989576823"; depth:37; endswith; nocase; http.host; content:"gsoxdy.vezaratshart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861343/; classtype:trojan-activity;sid:84724443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"147.45.209.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861342/; classtype:trojan-activity;sid:84724442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/09e345db-c3c0-488b-99e6-bf7d4edd4628"; depth:37; endswith; nocase; http.host; content:"pvvvvn.perfectgame.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861341/; classtype:trojan-activity;sid:84724441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.75.14.107"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861340/; classtype:trojan-activity;sid:84724440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.88.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861339/; classtype:trojan-activity;sid:84724439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a001e2c9-70b4-4f77-8503-366bdda8ab4a"; depth:37; endswith; nocase; http.host; content:"sewgqnm.winxbet.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861338/; classtype:trojan-activity;sid:84724438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"147.45.209.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861337/; classtype:trojan-activity;sid:84724437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.186.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861336/; classtype:trojan-activity;sid:84724436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861335/; classtype:trojan-activity;sid:84724435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.235.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861334/; classtype:trojan-activity;sid:84724434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.194.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861333/; classtype:trojan-activity;sid:84724433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a794a49b-d184-4af2-a23e-a319e88bbcfd"; depth:37; endswith; nocase; http.host; content:"lohgcyy.winsportiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861332/; classtype:trojan-activity;sid:84724432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.226.203.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861331/; classtype:trojan-activity;sid:84724431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.88.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861330/; classtype:trojan-activity;sid:84724430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=85d7b6e5-ac5d-4e59-9d64-9b0e4b30b594"; depth:47; endswith; nocase; http.host; content:"e40nbbpq.winmastersbetiran.com"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861329/; classtype:trojan-activity;sid:84724429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.235.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861328/; classtype:trojan-activity;sid:84724428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.16.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861327/; classtype:trojan-activity;sid:84724427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.215.201.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861326/; classtype:trojan-activity;sid:84724426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l.exe"; depth:6; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861325/; classtype:trojan-activity;sid:84724425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.44.137.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861324/; classtype:trojan-activity;sid:84724424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.68.112"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861323/; classtype:trojan-activity;sid:84724423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.226.203.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861322/; classtype:trojan-activity;sid:84724422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.138.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861321/; classtype:trojan-activity;sid:84724421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32a26452-8744-4b4d-bf14-45c91273590b"; depth:37; endswith; nocase; http.host; content:"xeledkz.olabahiskayit.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861320/; classtype:trojan-activity;sid:84724420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.16.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861319/; classtype:trojan-activity;sid:84724419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.79.239"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861318/; classtype:trojan-activity;sid:84724418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.215.201.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861317/; classtype:trojan-activity;sid:84724417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.68.112"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861316/; classtype:trojan-activity;sid:84724416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.231.231.221"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861315/; classtype:trojan-activity;sid:84724415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.79.239"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861314/; classtype:trojan-activity;sid:84724414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.44.137.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861313/; classtype:trojan-activity;sid:84724413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.100.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861312/; classtype:trojan-activity;sid:84724412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861311/; classtype:trojan-activity;sid:84724411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=00183947-2f1b-4c64-bbae-a9454ceec829"; depth:47; endswith; nocase; http.host; content:"xf4v3zjk.parspoker.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861310/; classtype:trojan-activity;sid:84724410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861309/; classtype:trojan-activity;sid:84724409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.106.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861308/; classtype:trojan-activity;sid:84724408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.133.221.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861307/; classtype:trojan-activity;sid:84724407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/207aff48-98af-419a-90c1-2a51478c7023"; depth:37; endswith; nocase; http.host; content:"ngieimu.kvbel.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861306/; classtype:trojan-activity;sid:84724406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.132.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861305/; classtype:trojan-activity;sid:84724405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.196.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861304/; classtype:trojan-activity;sid:84724404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861303/; classtype:trojan-activity;sid:84724403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43516c7b-0f0a-43fe-9759-04c062ca6542"; depth:37; endswith; nocase; http.host; content:"zfomko.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861302/; classtype:trojan-activity;sid:84724402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.23.100.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861301/; classtype:trojan-activity;sid:84724401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861300/; classtype:trojan-activity;sid:84724400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.106.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861299/; classtype:trojan-activity;sid:84724399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.86.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861298/; classtype:trojan-activity;sid:84724398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.21.120.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861297/; classtype:trojan-activity;sid:84724397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.109.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861296/; classtype:trojan-activity;sid:84724396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/837f2a29-bebf-4ec0-bbde-1df037eb0354"; depth:37; endswith; nocase; http.host; content:"rbbhubp.kbshavanese.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861295/; classtype:trojan-activity;sid:84724395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.53.78"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861294/; classtype:trojan-activity;sid:84724394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.30.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861293/; classtype:trojan-activity;sid:84724393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.0.7"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861292/; classtype:trojan-activity;sid:84724392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.148.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861291/; classtype:trojan-activity;sid:84724391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.251"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861290/; classtype:trojan-activity;sid:84724390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.109.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861289/; classtype:trojan-activity;sid:84724389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.21.120.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861288/; classtype:trojan-activity;sid:84724388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.30.168"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861287/; classtype:trojan-activity;sid:84724387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.0.7"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861286/; classtype:trojan-activity;sid:84724386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.237.106.195"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861285/; classtype:trojan-activity;sid:84724385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.148.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861284/; classtype:trojan-activity;sid:84724384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d974017e-43a8-43bf-b31b-804c70fad1a3"; depth:37; endswith; nocase; http.host; content:"ojpqxkm.one1x.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861283/; classtype:trojan-activity;sid:84724383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.15.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861282/; classtype:trojan-activity;sid:84724382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861281/; classtype:trojan-activity;sid:84724381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.99.106"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861280/; classtype:trojan-activity;sid:84724380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.71.226"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861279/; classtype:trojan-activity;sid:84724379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861278/; classtype:trojan-activity;sid:84724378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861277/; classtype:trojan-activity;sid:84724377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.tcs.comwhat-we-dotcs-research-and-innovation-group-comapnies.php/"; depth:75; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861267/; classtype:trojan-activity;sid:84724367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/509/ews/createbestventreforbestpeopelsforme.hta"; depth:48; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861268/; classtype:trojan-activity;sid:84724368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.microsoft.comen-usmicrosoft-365wordms.officeurl=word|7c|26|7c|ocid=cmmiqc2gd00plans-and-pricing.php"; depth:109; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861269/; classtype:trojan-activity;sid:84724369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59/img_005019.png"; depth:18; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861270/; classtype:trojan-activity;sid:84724370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66/img_230815.png"; depth:18; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861271/; classtype:trojan-activity;sid:84724371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/115/greatnoteswithbestviewthings.hta"; depth:37; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861272/; classtype:trojan-activity;sid:84724372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpsexpertinsights.comdata-security-and-privacytop-secure-file-sharing-storage-services-airline.php"; depth:101; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861273/; classtype:trojan-activity;sid:84724373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/406/wedeservebetterfeatureforgoldennetworkbuty.hta"; depth:51; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861274/; classtype:trojan-activity;sid:84724374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59/fundingforbetterfuturegetmebestthings.hta"; depth:45; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861275/; classtype:trojan-activity;sid:84724375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/107/glutatheyongoodforhealthme.hta"; depth:35; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861276/; classtype:trojan-activity;sid:84724376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/509/goodthingswithbetterwaysgivenformebest.js"; depth:46; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861264/; classtype:trojan-activity;sid:84724364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68/img_231637.png"; depth:18; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861265/; classtype:trojan-activity;sid:84724365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/406/img_101655.png"; depth:19; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861266/; classtype:trojan-activity;sid:84724366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.89.90.71"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861263/; classtype:trojan-activity;sid:84724363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.199.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861262/; classtype:trojan-activity;sid:84724362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.99.106"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861261/; classtype:trojan-activity;sid:84724361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861260/; classtype:trojan-activity;sid:84724360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=910458e1-bfbe-4992-a5ca-db2e9863a6a3"; depth:47; endswith; nocase; http.host; content:"chzldmh3.parsbet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861259/; classtype:trojan-activity;sid:84724359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5b96c8b8-553e-4961-9ac2-19e7cb57ca41"; depth:37; endswith; nocase; http.host; content:"pbustxk.penalty.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861258/; classtype:trojan-activity;sid:84724358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.55.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861257/; classtype:trojan-activity;sid:84724357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.13.60"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861256/; classtype:trojan-activity;sid:84724356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861255/; classtype:trojan-activity;sid:84724355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.38.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861254/; classtype:trojan-activity;sid:84724354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voicatch/voicath/raw/refs/heads/main/macosx.zip.part2"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861253/; classtype:trojan-activity;sid:84724353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voicatch/voicath/raw/refs/heads/main/macosx.zip.part1"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861252/; classtype:trojan-activity;sid:84724352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voicatch/voicath/refs/heads/main/file.vbs"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861251/; classtype:trojan-activity;sid:84724351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voicatch/voicath/raw/refs/heads/main/file.vbs"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861250/; classtype:trojan-activity;sid:84724350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/ssn2eg"; depth:12; endswith; nocase; http.host; content:"as.al"; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861249/; classtype:trojan-activity;sid:84724349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1c3ypqyioszuyr4eszuaplydvr2utpnlu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861248/; classtype:trojan-activity;sid:84724348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/807/img_222216.png"; depth:19; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861247/; classtype:trojan-activity;sid:84724347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e1583cb-671b-4768-9f39-b8f1906589d7"; depth:37; endswith; nocase; http.host; content:"mybjuv.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861246/; classtype:trojan-activity;sid:84724346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"87.232.123.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861245/; classtype:trojan-activity;sid:84724345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"87.232.123.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861243/; classtype:trojan-activity;sid:84724343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=14fkurqnz1ju1vngnvxdkrqlhpuuowloe"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861244/; classtype:trojan-activity;sid:84724344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.55.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861242/; classtype:trojan-activity;sid:84724342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9adfe7fa-3f43-4a7e-be03-899e3f5a3b4a"; depth:37; endswith; nocase; http.host; content:"pbtgvx.pablobet90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861241/; classtype:trojan-activity;sid:84724341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.196.130"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861240/; classtype:trojan-activity;sid:84724340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc2e6594-4590-49c7-b608-bff1d8bcd277"; depth:37; endswith; nocase; http.host; content:"twvjaye.penalti.website"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861239/; classtype:trojan-activity;sid:84724339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2fcb2b8c-ae9a-4163-afe8-65a0ff051b3a"; depth:37; endswith; nocase; http.host; content:"aencte.oxidbet.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861238/; classtype:trojan-activity;sid:84724338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbac5e20-ddbb-4b2a-a502-8341621c0f0f"; depth:37; endswith; nocase; http.host; content:"zoasav.onlineshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861237/; classtype:trojan-activity;sid:84724337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.92.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861236/; classtype:trojan-activity;sid:84724336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.252.234.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861235/; classtype:trojan-activity;sid:84724335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.95.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861234/; classtype:trojan-activity;sid:84724334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.113.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861233/; classtype:trojan-activity;sid:84724333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.120.19"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861232/; classtype:trojan-activity;sid:84724332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.147.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861231/; classtype:trojan-activity;sid:84724331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.147.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861230/; classtype:trojan-activity;sid:84724330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"122.233.28.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861229/; classtype:trojan-activity;sid:84724329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.113.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861228/; classtype:trojan-activity;sid:84724328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.252.234.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861227/; classtype:trojan-activity;sid:84724327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/115ccc47-a990-4938-84e7-b00df6d6deaa"; depth:37; endswith; nocase; http.host; content:"zexrhdz.penaltibazi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861226/; classtype:trojan-activity;sid:84724326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.95.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861225/; classtype:trojan-activity;sid:84724325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"122.233.28.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861224/; classtype:trojan-activity;sid:84724324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.187.206.255"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861223/; classtype:trojan-activity;sid:84724323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.207.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861222/; classtype:trojan-activity;sid:84724322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.103.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861221/; classtype:trojan-activity;sid:84724321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861220/; classtype:trojan-activity;sid:84724320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6a41da"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861214/; classtype:trojan-activity;sid:84724314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5dd7bf"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861215/; classtype:trojan-activity;sid:84724315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2a30e9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861216/; classtype:trojan-activity;sid:84724316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2bd1d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861217/; classtype:trojan-activity;sid:84724317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/631474"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861218/; classtype:trojan-activity;sid:84724318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/928fd9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861219/; classtype:trojan-activity;sid:84724319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36ff62"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861209/; classtype:trojan-activity;sid:84724309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/552589"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861210/; classtype:trojan-activity;sid:84724310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/91e87a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861211/; classtype:trojan-activity;sid:84724311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ebade"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861212/; classtype:trojan-activity;sid:84724312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2e2e37"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861213/; classtype:trojan-activity;sid:84724313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42ac6c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861208/; classtype:trojan-activity;sid:84724308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/626343"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861207/; classtype:trojan-activity;sid:84724307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oxe"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861206/; classtype:trojan-activity;sid:84724306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vvar"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861200/; classtype:trojan-activity;sid:84724300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e14641"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861201/; classtype:trojan-activity;sid:84724301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bkeo"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861202/; classtype:trojan-activity;sid:84724302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zzk"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861203/; classtype:trojan-activity;sid:84724303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a8611e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861204/; classtype:trojan-activity;sid:84724304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b1e187"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861205/; classtype:trojan-activity;sid:84724305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ise4"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861199/; classtype:trojan-activity;sid:84724299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcf"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861196/; classtype:trojan-activity;sid:84724296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xzwb"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861197/; classtype:trojan-activity;sid:84724297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vquq"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861198/; classtype:trojan-activity;sid:84724298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cjz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861190/; classtype:trojan-activity;sid:84724290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16466a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861191/; classtype:trojan-activity;sid:84724291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a1b70"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861192/; classtype:trojan-activity;sid:84724292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7afd8f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861193/; classtype:trojan-activity;sid:84724293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/964d78"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861194/; classtype:trojan-activity;sid:84724294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v4b"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861195/; classtype:trojan-activity;sid:84724295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gwe"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861174/; classtype:trojan-activity;sid:84724274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uoc"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861175/; classtype:trojan-activity;sid:84724275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zhjh"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861176/; classtype:trojan-activity;sid:84724276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tpa"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861177/; classtype:trojan-activity;sid:84724277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/celn"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861178/; classtype:trojan-activity;sid:84724278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6987"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861179/; classtype:trojan-activity;sid:84724279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lqcy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861180/; classtype:trojan-activity;sid:84724280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfq"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861181/; classtype:trojan-activity;sid:84724281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guo"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861182/; classtype:trojan-activity;sid:84724282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0a338"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861183/; classtype:trojan-activity;sid:84724283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qyb"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861184/; classtype:trojan-activity;sid:84724284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c25933"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861185/; classtype:trojan-activity;sid:84724285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cab2e5"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861186/; classtype:trojan-activity;sid:84724286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/297a79"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861187/; classtype:trojan-activity;sid:84724287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae418a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861188/; classtype:trojan-activity;sid:84724288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cd571"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861189/; classtype:trojan-activity;sid:84724289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7f1fc5"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861163/; classtype:trojan-activity;sid:84724263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95d387"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861164/; classtype:trojan-activity;sid:84724264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/add984"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861165/; classtype:trojan-activity;sid:84724265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4a14f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861166/; classtype:trojan-activity;sid:84724266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35754f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861167/; classtype:trojan-activity;sid:84724267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5e939d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861168/; classtype:trojan-activity;sid:84724268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64afa1"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861169/; classtype:trojan-activity;sid:84724269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2d6571"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861170/; classtype:trojan-activity;sid:84724270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/544196"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861171/; classtype:trojan-activity;sid:84724271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1502e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861172/; classtype:trojan-activity;sid:84724272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59iu"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861173/; classtype:trojan-activity;sid:84724273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qxxm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861159/; classtype:trojan-activity;sid:84724259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/owby"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861160/; classtype:trojan-activity;sid:84724260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1b"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861161/; classtype:trojan-activity;sid:84724261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbvp"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861162/; classtype:trojan-activity;sid:84724262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k"; depth:2; endswith; nocase; http.host; content:"46.151.182.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861157/; classtype:trojan-activity;sid:84724257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mig"; depth:4; endswith; nocase; http.host; content:"46.151.182.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861158/; classtype:trojan-activity;sid:84724258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/loner.exe"; depth:17; endswith; nocase; http.host; content:"delte-mobrey.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861156/; classtype:trojan-activity;sid:84724256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot"; depth:4; endswith; nocase; http.host; content:"83.142.209.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861155/; classtype:trojan-activity;sid:84724255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861147/; classtype:trojan-activity;sid:84724247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861148/; classtype:trojan-activity;sid:84724248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861149/; classtype:trojan-activity;sid:84724249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861150/; classtype:trojan-activity;sid:84724250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861151/; classtype:trojan-activity;sid:84724251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861152/; classtype:trojan-activity;sid:84724252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.103.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861153/; classtype:trojan-activity;sid:84724253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861154/; classtype:trojan-activity;sid:84724254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861142/; classtype:trojan-activity;sid:84724242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861143/; classtype:trojan-activity;sid:84724243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861144/; classtype:trojan-activity;sid:84724244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861145/; classtype:trojan-activity;sid:84724245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861146/; classtype:trojan-activity;sid:84724246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"46.151.182.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861141/; classtype:trojan-activity;sid:84724241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"64.89.161.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861140/; classtype:trojan-activity;sid:84724240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"46.151.182.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861139/; classtype:trojan-activity;sid:84724239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"46.151.182.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861137/; classtype:trojan-activity;sid:84724237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"64.89.161.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861138/; classtype:trojan-activity;sid:84724238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"46.151.182.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861136/; classtype:trojan-activity;sid:84724236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"64.89.161.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861135/; classtype:trojan-activity;sid:84724235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"46.151.182.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861134/; classtype:trojan-activity;sid:84724234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861133/; classtype:trojan-activity;sid:84724233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68e88e56-2bf0-44c0-bcc7-a67c7f67fbe5"; depth:37; endswith; nocase; http.host; content:"ikbnssq.persian.sex"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861132/; classtype:trojan-activity;sid:84724232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1356cba2-f652-4725-9bbd-7613eb73acad"; depth:47; endswith; nocase; http.host; content:"0fqk0ho2.mrbet90.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861131/; classtype:trojan-activity;sid:84724231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exploit.sh"; depth:11; endswith; nocase; http.host; content:"64.118.132.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861130/; classtype:trojan-activity;sid:84724230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.54.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861129/; classtype:trojan-activity;sid:84724229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8276bb73-9f2b-436a-b772-ddd75e62ab36"; depth:47; endswith; nocase; http.host; content:"t748i6is.volleyball.vip"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861128/; classtype:trojan-activity;sid:84724228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f040cfda-acbd-4736-82ca-703afe65cb48"; depth:37; endswith; nocase; http.host; content:"zebswzz.one1xbet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861127/; classtype:trojan-activity;sid:84724227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.71.226"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861126/; classtype:trojan-activity;sid:84724226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.54.110"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861125/; classtype:trojan-activity;sid:84724225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861124/; classtype:trojan-activity;sid:84724224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.125.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861123/; classtype:trojan-activity;sid:84724223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"202.95.11.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861122/; classtype:trojan-activity;sid:84724222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"202.95.11.181"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861121/; classtype:trojan-activity;sid:84724221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"202.95.11.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861120/; classtype:trojan-activity;sid:84724220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2a12a36d-9fe6-4c21-b683-f561b77eaf4c"; depth:37; endswith; nocase; http.host; content:"flnntj.persianabet.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861119/; classtype:trojan-activity;sid:84724219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.205.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861118/; classtype:trojan-activity;sid:84724218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.83.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861117/; classtype:trojan-activity;sid:84724217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66115c0a-2dbf-43d6-bceb-042fb60a3663"; depth:37; endswith; nocase; http.host; content:"idwpuur.ninjafruitcubes.bet"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861116/; classtype:trojan-activity;sid:84724216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ea72eeb-793c-4d36-b9ef-a5056a389cb8"; depth:37; endswith; nocase; http.host; content:"hfgzvf.perfectgameiran.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861115/; classtype:trojan-activity;sid:84724215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb3e3aa2-ba39-4e8e-81e6-de566f08faf7"; depth:37; endswith; nocase; http.host; content:"syheuby.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861114/; classtype:trojan-activity;sid:84724214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.238.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861113/; classtype:trojan-activity;sid:84724213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.30"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861112/; classtype:trojan-activity;sid:84724212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.75.14.107"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861111/; classtype:trojan-activity;sid:84724211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.100.188"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861110/; classtype:trojan-activity;sid:84724210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.238.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861109/; classtype:trojan-activity;sid:84724209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagey973.png"; depth:14; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861108/; classtype:trojan-activity;sid:84724208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/speachhouse.exe"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861107/; classtype:trojan-activity;sid:84724207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imageps293.png"; depth:15; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861106/; classtype:trojan-activity;sid:84724206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientmmmmmmmmmm.exe"; depth:21; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861100/; classtype:trojan-activity;sid:84724200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imageiiiii88.png"; depth:17; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861101/; classtype:trojan-activity;sid:84724201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagenyueteuppol45.png"; depth:23; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861102/; classtype:trojan-activity;sid:84724202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sallah.exe"; depth:11; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861103/; classtype:trojan-activity;sid:84724203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientmay.exe"; depth:14; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861104/; classtype:trojan-activity;sid:84724204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67890.exe"; depth:10; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861105/; classtype:trojan-activity;sid:84724205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imageqqqqqq111.png"; depth:19; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861099/; classtype:trojan-activity;sid:84724199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ijklmnopqrxtu.exe"; depth:18; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861096/; classtype:trojan-activity;sid:84724196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagelouyytr09009.png"; depth:22; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861097/; classtype:trojan-activity;sid:84724197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagethur3.png"; depth:15; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861098/; classtype:trojan-activity;sid:84724198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0982.exe"; depth:9; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861094/; classtype:trojan-activity;sid:84724194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientmmmmiiii.exe"; depth:19; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861095/; classtype:trojan-activity;sid:84724195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkkkkkkksieopelloptrf.exe"; depth:26; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861087/; classtype:trojan-activity;sid:84724187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagevvvvvv980.png"; depth:19; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861088/; classtype:trojan-activity;sid:84724188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sddilo.exe"; depth:11; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861089/; classtype:trojan-activity;sid:84724189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagelophg09876.png"; depth:20; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861090/; classtype:trojan-activity;sid:84724190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/venumol0985.png"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861091/; classtype:trojan-activity;sid:84724191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123456789.exe"; depth:14; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861092/; classtype:trojan-activity;sid:84724192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image445.png"; depth:13; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861093/; classtype:trojan-activity;sid:84724193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e21aca47-59ac-437a-a23f-f0fc4160d501"; depth:37; endswith; nocase; http.host; content:"qcqsin.yasbet90.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861086/; classtype:trojan-activity;sid:84724186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/779f2e95-ee00-4fbe-8b49-4e80c5c74cc4"; depth:37; endswith; nocase; http.host; content:"vvpfsda.pasoor11.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861085/; classtype:trojan-activity;sid:84724185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2222.exe"; depth:9; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861084/; classtype:trojan-activity;sid:84724184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.176.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861083/; classtype:trojan-activity;sid:84724183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.176.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861082/; classtype:trojan-activity;sid:84724182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=efc0003a-2c59-4502-ac39-96e3ff533e46"; depth:47; endswith; nocase; http.host; content:"e20yl90d.parsgoal90.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861081/; classtype:trojan-activity;sid:84724181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4a60ef59-fce6-4a92-bab6-3049e1d95698"; depth:37; endswith; nocase; http.host; content:"zjuflao.pasur21.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861080/; classtype:trojan-activity;sid:84724180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861079/; classtype:trojan-activity;sid:84724179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.147.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861078/; classtype:trojan-activity;sid:84724178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.141.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861077/; classtype:trojan-activity;sid:84724177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.236.74.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861076/; classtype:trojan-activity;sid:84724176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.255.251.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861075/; classtype:trojan-activity;sid:84724175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.99.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861074/; classtype:trojan-activity;sid:84724174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.99.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861073/; classtype:trojan-activity;sid:84724173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.141.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861072/; classtype:trojan-activity;sid:84724172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.225.163.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861071/; classtype:trojan-activity;sid:84724171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.236.74.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861070/; classtype:trojan-activity;sid:84724170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/snaxh"; depth:6; endswith; nocase; http.host; content:"www.rywh1405.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861068/; classtype:trojan-activity;sid:84724168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ugfsa"; depth:6; endswith; nocase; http.host; content:"www.rywh1405.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861069/; classtype:trojan-activity;sid:84724169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohyrjyb7.bin"; depth:13; endswith; nocase; http.host; content:"185.29.9.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861066/; classtype:trojan-activity;sid:84724166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jyqun174.bin"; depth:13; endswith; nocase; http.host; content:"185.29.9.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861067/; classtype:trojan-activity;sid:84724167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caywoyq34.bin"; depth:14; endswith; nocase; http.host; content:"185.29.9.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861061/; classtype:trojan-activity;sid:84724161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctbqk122.bin"; depth:13; endswith; nocase; http.host; content:"185.29.9.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861062/; classtype:trojan-activity;sid:84724162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ikaxsijy190.bin"; depth:16; endswith; nocase; http.host; content:"185.29.9.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861063/; classtype:trojan-activity;sid:84724163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vvlumcuutxuzaymyt104.bin"; depth:25; endswith; nocase; http.host; content:"185.29.9.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861064/; classtype:trojan-activity;sid:84724164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkostvstem/dwbfxgkfgvicjs220.bin"; depth:33; endswith; nocase; http.host; content:"queendent.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861065/; classtype:trojan-activity;sid:84724165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl/05523c8231cb3b01d6554123a1c994aa09ef6c8e4e0804d3ae8bfaa028aa0db9"; depth:70; endswith; nocase; http.host; content:"maplecirrus.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861059/; classtype:trojan-activity;sid:84724159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl/*"; depth:7; endswith; nocase; http.host; content:"maplecirrus.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861060/; classtype:trojan-activity;sid:84724160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.53.78"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861058/; classtype:trojan-activity;sid:84724158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.248.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861057/; classtype:trojan-activity;sid:84724157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.227.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861056/; classtype:trojan-activity;sid:84724156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.249.84"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861055/; classtype:trojan-activity;sid:84724155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4cbe007e-adef-4c6a-b021-3ecce9e89451"; depth:37; endswith; nocase; http.host; content:"fporlgd.penality.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861054/; classtype:trojan-activity;sid:84724154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.212.28"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861053/; classtype:trojan-activity;sid:84724153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.12.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861052/; classtype:trojan-activity;sid:84724152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.227.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861051/; classtype:trojan-activity;sid:84724151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.82.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861050/; classtype:trojan-activity;sid:84724150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.244.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861049/; classtype:trojan-activity;sid:84724149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.74.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861048/; classtype:trojan-activity;sid:84724148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.182.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861047/; classtype:trojan-activity;sid:84724147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a0d634ec-ba2f-4f72-bfbb-6fdc6d606539"; depth:37; endswith; nocase; http.host; content:"vdchddh.penaltibazi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861046/; classtype:trojan-activity;sid:84724146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.225.163.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861045/; classtype:trojan-activity;sid:84724145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2023"; depth:5; endswith; nocase; http.host; content:"143.92.48.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861042/; classtype:trojan-activity;sid:84724142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2023"; depth:5; endswith; nocase; http.host; content:"143.92.48.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861043/; classtype:trojan-activity;sid:84724143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2023"; depth:5; endswith; nocase; http.host; content:"143.92.48.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861044/; classtype:trojan-activity;sid:84724144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.212.28"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861041/; classtype:trojan-activity;sid:84724141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.165.71.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861040/; classtype:trojan-activity;sid:84724140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9252ba41-d395-42e4-af91-93fb55481368"; depth:37; endswith; nocase; http.host; content:"xhfecr.jamjahani2026.football"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861039/; classtype:trojan-activity;sid:84724139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.27.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861038/; classtype:trojan-activity;sid:84724138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc99dc58-2285-457d-b424-d8d8b49426d4"; depth:37; endswith; nocase; http.host; content:"jwfckz.onlineshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861037/; classtype:trojan-activity;sid:84724137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.220.66.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861036/; classtype:trojan-activity;sid:84724136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.59.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861035/; classtype:trojan-activity;sid:84724135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.182.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861034/; classtype:trojan-activity;sid:84724134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/807/greatnessideadsbeomcebestthingsforme.hta"; depth:45; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861033/; classtype:trojan-activity;sid:84724133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/807/vzt_222216.cat"; depth:19; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861030/; classtype:trojan-activity;sid:84724130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.pcmag.compicksthe-best-cloud-storage-and-file-sharing-servicestest_uuid=05zuputsjijl9et37twfqcl|7c|26|7c|test_variant=aos.php"; depth:135; endswith; nocase; http.host; content:"107.173.9.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861031/; classtype:trojan-activity;sid:84724131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/520ee948-b1eb-48fe-a5c0-2cc2cce6661e"; depth:37; endswith; nocase; http.host; content:"oczvda.oxidbet.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861032/; classtype:trojan-activity;sid:84724132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.165.71.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861029/; classtype:trojan-activity;sid:84724129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba38d225-c05c-4c9b-bf1c-7c46250643c2"; depth:37; endswith; nocase; http.host; content:"jjgnawd.penalti.website"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861027/; classtype:trojan-activity;sid:84724127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8a52ab47-39f1-4faf-819f-b54cd115ac56"; depth:47; endswith; nocase; http.host; content:"te3znaut.parspoker90.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861028/; classtype:trojan-activity;sid:84724128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fcf63cb7-ac1e-4788-ae35-e523551b6180"; depth:37; endswith; nocase; http.host; content:"hknnbq.pablobet90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861026/; classtype:trojan-activity;sid:84724126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.59.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861025/; classtype:trojan-activity;sid:84724125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.75.127"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861024/; classtype:trojan-activity;sid:84724124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx.exe"; depth:7; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861023/; classtype:trojan-activity;sid:84724123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.117.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861022/; classtype:trojan-activity;sid:84724122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.30.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861021/; classtype:trojan-activity;sid:84724121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.190.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861020/; classtype:trojan-activity;sid:84724120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.252.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861019/; classtype:trojan-activity;sid:84724119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.194.227.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861018/; classtype:trojan-activity;sid:84724118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.190.134.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861017/; classtype:trojan-activity;sid:84724117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.194.227.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861016/; classtype:trojan-activity;sid:84724116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.196.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861015/; classtype:trojan-activity;sid:84724115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.252.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861014/; classtype:trojan-activity;sid:84724114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861012/; classtype:trojan-activity;sid:84724112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.143.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861013/; classtype:trojan-activity;sid:84724113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.147.14"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861011/; classtype:trojan-activity;sid:84724111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.30.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861010/; classtype:trojan-activity;sid:84724110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.233.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861009/; classtype:trojan-activity;sid:84724109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.205.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861007/; classtype:trojan-activity;sid:84724107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=920cb201-2ae4-4839-b5d0-6fb4fbaa05e9"; depth:47; endswith; nocase; http.host; content:"h0t75jy5.betgopro.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861008/; classtype:trojan-activity;sid:84724108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.196.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861006/; classtype:trojan-activity;sid:84724106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.53.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861005/; classtype:trojan-activity;sid:84724105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebe30608-c8df-49ff-8bfd-ec2809737296"; depth:37; endswith; nocase; http.host; content:"zrqkapj.one1x.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861004/; classtype:trojan-activity;sid:84724104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.28.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861003/; classtype:trojan-activity;sid:84724103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.121.13"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861002/; classtype:trojan-activity;sid:84724102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.205.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861001/; classtype:trojan-activity;sid:84724101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.121.13"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861000/; classtype:trojan-activity;sid:84724100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.162.140"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860999/; classtype:trojan-activity;sid:84724099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.123.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860998/; classtype:trojan-activity;sid:84724098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860997/; classtype:trojan-activity;sid:84724097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.233.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860996/; classtype:trojan-activity;sid:84724096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/453fd1b9-97d7-4d99-b058-671b586b5f0f"; depth:37; endswith; nocase; http.host; content:"fhvteyb.kbshavanese.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860995/; classtype:trojan-activity;sid:84724095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.162.140"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860994/; classtype:trojan-activity;sid:84724094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.41.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860993/; classtype:trojan-activity;sid:84724093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"112.213.121.130"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860992/; classtype:trojan-activity;sid:84724092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860991/; classtype:trojan-activity;sid:84724091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860990/; classtype:trojan-activity;sid:84724090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860989/; classtype:trojan-activity;sid:84724089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download.sh"; depth:12; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860980/; classtype:trojan-activity;sid:84724080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860981/; classtype:trojan-activity;sid:84724081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860982/; classtype:trojan-activity;sid:84724082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860983/; classtype:trojan-activity;sid:84724083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860984/; classtype:trojan-activity;sid:84724084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860985/; classtype:trojan-activity;sid:84724085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860986/; classtype:trojan-activity;sid:84724086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860987/; classtype:trojan-activity;sid:84724087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"38.76.198.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860988/; classtype:trojan-activity;sid:84724088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa7caee1-668a-417e-9ecf-529cfdd77aa9"; depth:37; endswith; nocase; http.host; content:"cebsrg.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860979/; classtype:trojan-activity;sid:84724079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.34.109.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860978/; classtype:trojan-activity;sid:84724078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.123.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860977/; classtype:trojan-activity;sid:84724077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c15e84fb-3a94-463e-81db-dc92976775a8"; depth:47; endswith; nocase; http.host; content:"gwu729hw.parspoker.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860976/; classtype:trojan-activity;sid:84724076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef24e2b2-6a69-4827-a2c8-1ecd9345b556"; depth:37; endswith; nocase; http.host; content:"hjwaxur.kvbel.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860975/; classtype:trojan-activity;sid:84724075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc64.exe"; depth:9; endswith; nocase; http.host; content:"141.98.10.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860973/; classtype:trojan-activity;sid:84724073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/printspoofer64.exe"; depth:19; endswith; nocase; http.host; content:"141.98.10.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860974/; classtype:trojan-activity;sid:84724074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.225.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860972/; classtype:trojan-activity;sid:84724072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.0.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860971/; classtype:trojan-activity;sid:84724071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df026e27-a7a1-4d3f-b289-e42b25ed4c1c"; depth:37; endswith; nocase; http.host; content:"inmjycz.olabahiskayit.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860970/; classtype:trojan-activity;sid:84724070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.168.0.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860969/; classtype:trojan-activity;sid:84724069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.225.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860968/; classtype:trojan-activity;sid:84724068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/favour1.exe"; depth:12; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860967/; classtype:trojan-activity;sid:84724067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfc31803-6e1c-4ce6-a99f-44c75d4c0e0c"; depth:37; endswith; nocase; http.host; content:"rykwhjt.winsportiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860966/; classtype:trojan-activity;sid:84724066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doppee12.exe"; depth:13; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860965/; classtype:trojan-activity;sid:84724065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b40ac294-23e4-4e6a-a8de-1be679dcd172"; depth:37; endswith; nocase; http.host; content:"tviyhdt.winstone.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860964/; classtype:trojan-activity;sid:84724064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.39.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860963/; classtype:trojan-activity;sid:84724063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"108.168.0.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860962/; classtype:trojan-activity;sid:84724062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860961/; classtype:trojan-activity;sid:84724061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zhcahnmc228.bin"; depth:16; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860960/; classtype:trojan-activity;sid:84724060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.194.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860959/; classtype:trojan-activity;sid:84724059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ndgivqaajmmygnygnplcip95.bin"; depth:29; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860951/; classtype:trojan-activity;sid:84724051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jnyxvlparpmw60.bin"; depth:19; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860952/; classtype:trojan-activity;sid:84724052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wjtftsa232.bin"; depth:15; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860953/; classtype:trojan-activity;sid:84724053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rqpff187.bin"; depth:13; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860954/; classtype:trojan-activity;sid:84724054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thjlitbridckzzo222.bin"; depth:23; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860955/; classtype:trojan-activity;sid:84724055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ctrqllfxs160.bin"; depth:17; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860956/; classtype:trojan-activity;sid:84724056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disiorfsknbvqpxjgo26.bin"; depth:25; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860957/; classtype:trojan-activity;sid:84724057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrbhdjjpcoenooa195.bin"; depth:23; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860958/; classtype:trojan-activity;sid:84724058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jgjcsqlth184.bin"; depth:17; endswith; nocase; http.host; content:"185.29.10.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860950/; classtype:trojan-activity;sid:84724050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/direct/baa0ac54-9c64-452e-88bb-a04605b8661a/pressvoice.zip"; depth:68; endswith; nocase; http.host; content:"store-eu-par-3.gofile.io"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860949/; classtype:trojan-activity;sid:84724049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.248.221"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860948/; classtype:trojan-activity;sid:84724048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.0.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860947/; classtype:trojan-activity;sid:84724047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan"; depth:6; endswith; nocase; http.host; content:"38.76.210.124"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860946/; classtype:trojan-activity;sid:84724046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.39.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860945/; classtype:trojan-activity;sid:84724045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8763c313-35b0-4c78-95e5-df131c5a0d33"; depth:37; endswith; nocase; http.host; content:"mpozwop.winxbet.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860944/; classtype:trojan-activity;sid:84724044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.247.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860943/; classtype:trojan-activity;sid:84724043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f160ba90-fb05-4bee-bd55-63470f0efe0d"; depth:37; endswith; nocase; http.host; content:"xzelng.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860942/; classtype:trojan-activity;sid:84724042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.247.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860941/; classtype:trojan-activity;sid:84724041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.198.242.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860940/; classtype:trojan-activity;sid:84724040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b39422c8-1821-4984-b46b-0c9c843a9ddc"; depth:37; endswith; nocase; http.host; content:"yynpur.perfectgame.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860939/; classtype:trojan-activity;sid:84724039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.114.173"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860938/; classtype:trojan-activity;sid:84724038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.248.221"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860937/; classtype:trojan-activity;sid:84724037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan"; depth:6; endswith; nocase; http.host; content:"156.238.236.16"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860936/; classtype:trojan-activity;sid:84724036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb82f5d8-cce7-40fc-8896-e8b203ed6459"; depth:37; endswith; nocase; http.host; content:"ebwgtb.vezaratshart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860935/; classtype:trojan-activity;sid:84724035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d790b449-8936-4e40-ba1c-a74795a3adb5"; depth:47; endswith; nocase; http.host; content:"5dwz6wj9.yekbetiran.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860934/; classtype:trojan-activity;sid:84724034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.236.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860933/; classtype:trojan-activity;sid:84724033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.101.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860932/; classtype:trojan-activity;sid:84724032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.177.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860931/; classtype:trojan-activity;sid:84724031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2bd8ac"; depth:7; endswith; nocase; http.host; content:"154.12.31.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860930/; classtype:trojan-activity;sid:84724030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.19.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860929/; classtype:trojan-activity;sid:84724029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/327a6d36-331b-491c-bd15-a5f8dad3c2f0"; depth:37; endswith; nocase; http.host; content:"anpysts.yasbetapp.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860928/; classtype:trojan-activity;sid:84724028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860927/; classtype:trojan-activity;sid:84724027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860926/; classtype:trojan-activity;sid:84724026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.34.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860925/; classtype:trojan-activity;sid:84724025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"118.232.137.101"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860924/; classtype:trojan-activity;sid:84724024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.198.242.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860923/; classtype:trojan-activity;sid:84724023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860922/; classtype:trojan-activity;sid:84724022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.90.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860921/; classtype:trojan-activity;sid:84724021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860920/; classtype:trojan-activity;sid:84724020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/birdsknocked/"; depth:14; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860919/; classtype:trojan-activity;sid:84724019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rovingrandy/"; depth:13; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860918/; classtype:trojan-activity;sid:84724018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860917/; classtype:trojan-activity;sid:84724017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tulipscalling"; depth:14; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860914/; classtype:trojan-activity;sid:84724014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/centraltippin"; depth:14; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860915/; classtype:trojan-activity;sid:84724015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seymourleagues"; depth:15; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860916/; classtype:trojan-activity;sid:84724016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arlendenial"; depth:12; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860913/; classtype:trojan-activity;sid:84724013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javiergigolo"; depth:13; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860912/; classtype:trojan-activity;sid:84724012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apartairways"; depth:13; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860910/; classtype:trojan-activity;sid:84724010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/citationcallers"; depth:16; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860911/; classtype:trojan-activity;sid:84724011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/ikcdoaf.txt"; depth:22; endswith; nocase; http.host; content:"www.websenorllc.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860908/; classtype:trojan-activity;sid:84724008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/jrdpkhg.txt"; depth:22; endswith; nocase; http.host; content:"www.websenorllc.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860909/; classtype:trojan-activity;sid:84724009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.13.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860907/; classtype:trojan-activity;sid:84724007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv7l"; depth:17; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860902/; classtype:trojan-activity;sid:84724002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.powerpc"; depth:18; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860903/; classtype:trojan-activity;sid:84724003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.mips"; depth:15; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860904/; classtype:trojan-activity;sid:84724004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.x86_64"; depth:17; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860905/; classtype:trojan-activity;sid:84724005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.34.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860906/; classtype:trojan-activity;sid:84724006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.mipsel"; depth:17; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860895/; classtype:trojan-activity;sid:84723995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv4l"; depth:17; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860896/; classtype:trojan-activity;sid:84723996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.i586"; depth:15; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860897/; classtype:trojan-activity;sid:84723997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.sh4"; depth:14; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860898/; classtype:trojan-activity;sid:84723998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv6l"; depth:17; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860899/; classtype:trojan-activity;sid:84723999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.i686"; depth:15; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860900/; classtype:trojan-activity;sid:84724000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv5l"; depth:17; endswith; nocase; http.host; content:"104.248.192.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860901/; classtype:trojan-activity;sid:84724001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.177.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860894/; classtype:trojan-activity;sid:84723994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.101.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860893/; classtype:trojan-activity;sid:84723993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f8a0a06c-b359-4a38-a34f-b1a4942dfaed"; depth:37; endswith; nocase; http.host; content:"cqvdiki.xenicalby6.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860892/; classtype:trojan-activity;sid:84723992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.189.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860891/; classtype:trojan-activity;sid:84723991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.202.186.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860890/; classtype:trojan-activity;sid:84723990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.226.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860889/; classtype:trojan-activity;sid:84723989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nova.sh"; depth:8; endswith; nocase; http.host; content:"nova.ismak.icu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860888/; classtype:trojan-activity;sid:84723988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdclient.exe"; depth:13; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860887/; classtype:trojan-activity;sid:84723987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.202.186.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860886/; classtype:trojan-activity;sid:84723986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860885/; classtype:trojan-activity;sid:84723985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.41.106"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860884/; classtype:trojan-activity;sid:84723984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.114.220.53"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860883/; classtype:trojan-activity;sid:84723983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.215.135"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860882/; classtype:trojan-activity;sid:84723982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.250.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860881/; classtype:trojan-activity;sid:84723981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f8ce4e3e-a8cf-4723-875c-930418324c25"; depth:37; endswith; nocase; http.host; content:"pmhaqci.x50wheel.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860880/; classtype:trojan-activity;sid:84723980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860879/; classtype:trojan-activity;sid:84723979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.189.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860878/; classtype:trojan-activity;sid:84723978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=755318a6-5499-445f-9fe5-6675faf460aa"; depth:47; endswith; nocase; http.host; content:"qll4p9fw.one1xiran.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860877/; classtype:trojan-activity;sid:84723977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/error84"; depth:8; endswith; nocase; http.host; content:"91.224.92.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860876/; classtype:trojan-activity;sid:84723976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check1.sh"; depth:10; endswith; nocase; http.host; content:"91.224.92.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860874/; classtype:trojan-activity;sid:84723974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syst3md"; depth:8; endswith; nocase; http.host; content:"91.224.92.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860875/; classtype:trojan-activity;sid:84723975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check.sh"; depth:9; endswith; nocase; http.host; content:"91.224.92.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860873/; classtype:trojan-activity;sid:84723973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mnza"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860869/; classtype:trojan-activity;sid:84723969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z9di"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860870/; classtype:trojan-activity;sid:84723970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c3p"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860871/; classtype:trojan-activity;sid:84723971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jo6"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860872/; classtype:trojan-activity;sid:84723972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860864/; classtype:trojan-activity;sid:84723964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860865/; classtype:trojan-activity;sid:84723965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860866/; classtype:trojan-activity;sid:84723966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860867/; classtype:trojan-activity;sid:84723967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ke2"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860868/; classtype:trojan-activity;sid:84723968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.242.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860863/; classtype:trojan-activity;sid:84723963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"103.97.178.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860862/; classtype:trojan-activity;sid:84723962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update.exe"; depth:11; endswith; nocase; http.host; content:"114.134.189.226"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860861/; classtype:trojan-activity;sid:84723961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.239.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860860/; classtype:trojan-activity;sid:84723960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a66d38ec-111e-439f-be44-702e7b6fc426"; depth:37; endswith; nocase; http.host; content:"zlyupbm.wrfc8.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860859/; classtype:trojan-activity;sid:84723959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.89.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860858/; classtype:trojan-activity;sid:84723958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=49c7479b-ac01-4b5a-8b3c-9784a7fa0ca8"; depth:47; endswith; nocase; http.host; content:"9t9m7lad.yektbet.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860857/; classtype:trojan-activity;sid:84723957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4233e820-508a-4eda-8622-45b207847d67"; depth:37; endswith; nocase; http.host; content:"bikldg.volleyball.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860856/; classtype:trojan-activity;sid:84723956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.239.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860855/; classtype:trojan-activity;sid:84723955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.168.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860854/; classtype:trojan-activity;sid:84723954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public_files/iwr9otg.txt"; depth:25; endswith; nocase; http.host; content:"196.251.107.217"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860852/; classtype:trojan-activity;sid:84723952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public_files/mldeqtd.txt"; depth:25; endswith; nocase; http.host; content:"196.251.107.217"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860853/; classtype:trojan-activity;sid:84723953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-json/gravitysmtp/v1/tests/mock-d"; depth:36; endswith; nocase; http.host; content:"68.183.58.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860851/; classtype:trojan-activity;sid:84723951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.87.112.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860850/; classtype:trojan-activity;sid:84723950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25a10e4e-ca91-4819-a577-49d1b3e4bde3"; depth:37; endswith; nocase; http.host; content:"zqzlac.vezaratshart.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860849/; classtype:trojan-activity;sid:84723949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.25.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860847/; classtype:trojan-activity;sid:84723947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.89.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860848/; classtype:trojan-activity;sid:84723948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.123.6"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860846/; classtype:trojan-activity;sid:84723946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.70.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860845/; classtype:trojan-activity;sid:84723945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28e07abc-18fc-42be-a874-ac07ad14f629"; depth:37; endswith; nocase; http.host; content:"sesksz.venusbet90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860844/; classtype:trojan-activity;sid:84723944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a639e48b-90ff-4592-93fe-686c715df357"; depth:37; endswith; nocase; http.host; content:"ylljjmv.wolfenm.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860843/; classtype:trojan-activity;sid:84723943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.168.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860842/; classtype:trojan-activity;sid:84723942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"205.185.114.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860841/; classtype:trojan-activity;sid:84723941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"213.159.34.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860840/; classtype:trojan-activity;sid:84723940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.176.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860839/; classtype:trojan-activity;sid:84723939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.130.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860838/; classtype:trojan-activity;sid:84723938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.123.6"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860837/; classtype:trojan-activity;sid:84723937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860836/; classtype:trojan-activity;sid:84723936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f2fd5e2-d621-481c-a9d7-cbb31967c036"; depth:37; endswith; nocase; http.host; content:"bzwbfps.winxbet.co"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860835/; classtype:trojan-activity;sid:84723935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.177.11.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860834/; classtype:trojan-activity;sid:84723934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check1.sh"; depth:10; endswith; nocase; http.host; content:"62.60.130.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860833/; classtype:trojan-activity;sid:84723933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check.sh"; depth:9; endswith; nocase; http.host; content:"62.60.130.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860832/; classtype:trojan-activity;sid:84723932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.70.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860831/; classtype:trojan-activity;sid:84723931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0bd7510-5047-4056-b382-60b3f7cc19de"; depth:37; endswith; nocase; http.host; content:"gysxrbg.winstone.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860830/; classtype:trojan-activity;sid:84723930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5806825b-0c73-4276-a831-a9388a5d29d7"; depth:37; endswith; nocase; http.host; content:"pqxlboc.winsportiran.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860829/; classtype:trojan-activity;sid:84723929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.zip"; depth:8; endswith; nocase; http.host; content:"205.185.114.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860828/; classtype:trojan-activity;sid:84723928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.116.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860827/; classtype:trojan-activity;sid:84723927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b2f628/b.sh"; depth:12; endswith; nocase; http.host; content:"209.141.60.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860826/; classtype:trojan-activity;sid:84723926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy"; depth:6; endswith; nocase; http.host; content:"205.185.125.141"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860825/; classtype:trojan-activity;sid:84723925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b.sh"; depth:5; endswith; nocase; http.host; content:"209.141.60.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860824/; classtype:trojan-activity;sid:84723924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.sh"; depth:5; endswith; nocase; http.host; content:"209.141.60.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860823/; classtype:trojan-activity;sid:84723923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"209.141.60.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860822/; classtype:trojan-activity;sid:84723922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h.sh"; depth:5; endswith; nocase; http.host; content:"209.141.60.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860821/; classtype:trojan-activity;sid:84723921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=34e9265a-abe6-46b2-8d3b-d390139469e3"; depth:47; endswith; nocase; http.host; content:"33liwbcf.parspoker.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860820/; classtype:trojan-activity;sid:84723920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.70.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860819/; classtype:trojan-activity;sid:84723919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxy"; depth:6; endswith; nocase; http.host; content:"209.141.62.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860818/; classtype:trojan-activity;sid:84723918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.100.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860817/; classtype:trojan-activity;sid:84723917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf"; depth:3; endswith; nocase; http.host; content:"193.188.21.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860816/; classtype:trojan-activity;sid:84723916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbf06b97-a82a-47d2-99ce-c9e390bef3d1"; depth:37; endswith; nocase; http.host; content:"ghbfozy.olabahiskayit.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860815/; classtype:trojan-activity;sid:84723915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.88.7.48"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860814/; classtype:trojan-activity;sid:84723914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1e9661d8-53fc-4542-9d47-fa5da1997ed9"; depth:37; endswith; nocase; http.host; content:"iidqou.jamjahani.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860813/; classtype:trojan-activity;sid:84723913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.146.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860812/; classtype:trojan-activity;sid:84723912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3edb6d1-8918-4854-b125-45a60cccdc91"; depth:37; endswith; nocase; http.host; content:"dphxsy.perfectgame.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860811/; classtype:trojan-activity;sid:84723911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860810/; classtype:trojan-activity;sid:84723910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.53.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860809/; classtype:trojan-activity;sid:84723909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"147.45.77.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860808/; classtype:trojan-activity;sid:84723908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"147.45.77.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860807/; classtype:trojan-activity;sid:84723907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.145.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860806/; classtype:trojan-activity;sid:84723906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f0305"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860798/; classtype:trojan-activity;sid:84723898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/898cf5"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860799/; classtype:trojan-activity;sid:84723899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/618b35"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860800/; classtype:trojan-activity;sid:84723900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28390a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860801/; classtype:trojan-activity;sid:84723901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53eb0e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860802/; classtype:trojan-activity;sid:84723902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00f7b6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860803/; classtype:trojan-activity;sid:84723903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/869d0a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860804/; classtype:trojan-activity;sid:84723904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eda147"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860805/; classtype:trojan-activity;sid:84723905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/deeplsetupwin.zip"; depth:22; endswith; nocase; http.host; content:"appdownload.download"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860781/; classtype:trojan-activity;sid:84723881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02b670"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860782/; classtype:trojan-activity;sid:84723882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a08bc6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860783/; classtype:trojan-activity;sid:84723883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/601918"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860784/; classtype:trojan-activity;sid:84723884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81b87c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860785/; classtype:trojan-activity;sid:84723885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a25026"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860786/; classtype:trojan-activity;sid:84723886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/764b0f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860787/; classtype:trojan-activity;sid:84723887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/680621"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860788/; classtype:trojan-activity;sid:84723888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/407db8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860789/; classtype:trojan-activity;sid:84723889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/63e71d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860790/; classtype:trojan-activity;sid:84723890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de9497"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860791/; classtype:trojan-activity;sid:84723891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/796131"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860792/; classtype:trojan-activity;sid:84723892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3dd0f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860793/; classtype:trojan-activity;sid:84723893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/294f93"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860794/; classtype:trojan-activity;sid:84723894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3718ad"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860795/; classtype:trojan-activity;sid:84723895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35c4a2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860796/; classtype:trojan-activity;sid:84723896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/726775"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860797/; classtype:trojan-activity;sid:84723897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e6261e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860780/; classtype:trojan-activity;sid:84723880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b1e0ed"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860779/; classtype:trojan-activity;sid:84723879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d037d3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860776/; classtype:trojan-activity;sid:84723876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62d462"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860777/; classtype:trojan-activity;sid:84723877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5c7dfe"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860778/; classtype:trojan-activity;sid:84723878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6fb4fd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860775/; classtype:trojan-activity;sid:84723875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1ec24"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860755/; classtype:trojan-activity;sid:84723855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/568952"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860756/; classtype:trojan-activity;sid:84723856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8319c8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860757/; classtype:trojan-activity;sid:84723857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/531476"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860758/; classtype:trojan-activity;sid:84723858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/651f02"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860759/; classtype:trojan-activity;sid:84723859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89d453"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860760/; classtype:trojan-activity;sid:84723860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9cf6c3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860761/; classtype:trojan-activity;sid:84723861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca5ddc"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860762/; classtype:trojan-activity;sid:84723862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5dd19c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860763/; classtype:trojan-activity;sid:84723863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b83f2e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860764/; classtype:trojan-activity;sid:84723864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cb8729"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860765/; classtype:trojan-activity;sid:84723865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5d7e1e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860766/; classtype:trojan-activity;sid:84723866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87b3cd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860767/; classtype:trojan-activity;sid:84723867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f9173a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860768/; classtype:trojan-activity;sid:84723868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e840fc"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860769/; classtype:trojan-activity;sid:84723869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c93d53"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860770/; classtype:trojan-activity;sid:84723870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a2c890"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860771/; classtype:trojan-activity;sid:84723871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8c8e9f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860772/; classtype:trojan-activity;sid:84723872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a9709c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860773/; classtype:trojan-activity;sid:84723873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6e21c6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860774/; classtype:trojan-activity;sid:84723874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/697157"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860736/; classtype:trojan-activity;sid:84723836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c23f88"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860737/; classtype:trojan-activity;sid:84723837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a2c867"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860738/; classtype:trojan-activity;sid:84723838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d5cc63"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860739/; classtype:trojan-activity;sid:84723839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/98be53"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860740/; classtype:trojan-activity;sid:84723840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0d000"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860741/; classtype:trojan-activity;sid:84723841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf4143"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860742/; classtype:trojan-activity;sid:84723842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d43f26"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860743/; classtype:trojan-activity;sid:84723843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa4204"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860744/; classtype:trojan-activity;sid:84723844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1687f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860745/; classtype:trojan-activity;sid:84723845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c7ec56"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860746/; classtype:trojan-activity;sid:84723846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c84c4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860747/; classtype:trojan-activity;sid:84723847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa4cc9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860748/; classtype:trojan-activity;sid:84723848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fe44f2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860749/; classtype:trojan-activity;sid:84723849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c05772"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860750/; classtype:trojan-activity;sid:84723850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/88c338"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860751/; classtype:trojan-activity;sid:84723851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb6da5"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860752/; classtype:trojan-activity;sid:84723852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f690cd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860753/; classtype:trojan-activity;sid:84723853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c82c7e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860754/; classtype:trojan-activity;sid:84723854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9qp"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860735/; classtype:trojan-activity;sid:84723835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuab"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860701/; classtype:trojan-activity;sid:84723801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wz8"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860702/; classtype:trojan-activity;sid:84723802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vb5"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860703/; classtype:trojan-activity;sid:84723803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sb8"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860704/; classtype:trojan-activity;sid:84723804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ayu"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860705/; classtype:trojan-activity;sid:84723805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggb"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860706/; classtype:trojan-activity;sid:84723806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pkm"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860707/; classtype:trojan-activity;sid:84723807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba5o"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860708/; classtype:trojan-activity;sid:84723808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yly"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860709/; classtype:trojan-activity;sid:84723809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vxhk"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860710/; classtype:trojan-activity;sid:84723810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lri"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860711/; classtype:trojan-activity;sid:84723811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y1e"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860712/; classtype:trojan-activity;sid:84723812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kpr"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860713/; classtype:trojan-activity;sid:84723813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/to4"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860714/; classtype:trojan-activity;sid:84723814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ucr"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860715/; classtype:trojan-activity;sid:84723815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s5x"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860716/; classtype:trojan-activity;sid:84723816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4yrx"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860717/; classtype:trojan-activity;sid:84723817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jj0"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860718/; classtype:trojan-activity;sid:84723818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xegf"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860719/; classtype:trojan-activity;sid:84723819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/176102"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860720/; classtype:trojan-activity;sid:84723820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/28c961"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860721/; classtype:trojan-activity;sid:84723821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/078541"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860722/; classtype:trojan-activity;sid:84723822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ee017"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860723/; classtype:trojan-activity;sid:84723823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e6dbe"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860724/; classtype:trojan-activity;sid:84723824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aad49"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860725/; classtype:trojan-activity;sid:84723825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a076b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860726/; classtype:trojan-activity;sid:84723826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e1276"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860727/; classtype:trojan-activity;sid:84723827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fbf44"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860728/; classtype:trojan-activity;sid:84723828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1514d2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860729/; classtype:trojan-activity;sid:84723829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/42f6ef"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860730/; classtype:trojan-activity;sid:84723830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35862d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860731/; classtype:trojan-activity;sid:84723831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4c4cf6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860732/; classtype:trojan-activity;sid:84723832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4352ef"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860733/; classtype:trojan-activity;sid:84723833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/033d52"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860734/; classtype:trojan-activity;sid:84723834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24de4591-2b53-4841-b6e7-8fec4710cf7a"; depth:37; endswith; nocase; http.host; content:"bdfzsbr.kvbel.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860700/; classtype:trojan-activity;sid:84723800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860699/; classtype:trojan-activity;sid:84723799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.53.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860698/; classtype:trojan-activity;sid:84723798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.145.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860697/; classtype:trojan-activity;sid:84723797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b4db77db-37fc-4cf2-99de-d22b2a32e148"; depth:37; endswith; nocase; http.host; content:"uadcmxt.kbshavanese.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860696/; classtype:trojan-activity;sid:84723796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860695/; classtype:trojan-activity;sid:84723795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.118.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860694/; classtype:trojan-activity;sid:84723794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.118.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860693/; classtype:trojan-activity;sid:84723793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860691/; classtype:trojan-activity;sid:84723791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.233.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860692/; classtype:trojan-activity;sid:84723792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bbf4adc7-1615-47ec-b891-a198d6a62862"; depth:47; endswith; nocase; http.host; content:"1nmuyb5y.parspoker90.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860690/; classtype:trojan-activity;sid:84723790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.194.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860689/; classtype:trojan-activity;sid:84723789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.194.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860688/; classtype:trojan-activity;sid:84723788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.226.168.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860687/; classtype:trojan-activity;sid:84723787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.124.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860686/; classtype:trojan-activity;sid:84723786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.116.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860685/; classtype:trojan-activity;sid:84723785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.197.109"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860684/; classtype:trojan-activity;sid:84723784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d6a943a-fe67-4697-a0e5-b08d509a30d6"; depth:37; endswith; nocase; http.host; content:"dihsov.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860683/; classtype:trojan-activity;sid:84723783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ad11293-5c27-4d14-8484-c74cd494e534"; depth:37; endswith; nocase; http.host; content:"etpvftw.one1x.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860682/; classtype:trojan-activity;sid:84723782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.112.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860681/; classtype:trojan-activity;sid:84723781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.12.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860680/; classtype:trojan-activity;sid:84723780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=08d8f571-9ccb-4a64-8224-bb7edc167210"; depth:47; endswith; nocase; http.host; content:"1hrrc4q6.onexboro.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860679/; classtype:trojan-activity;sid:84723779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.11.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860678/; classtype:trojan-activity;sid:84723778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.226.168.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860677/; classtype:trojan-activity;sid:84723777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e6927e6-cd4e-4a23-94be-a39327dbd18d"; depth:37; endswith; nocase; http.host; content:"eterjrb.one1x.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860676/; classtype:trojan-activity;sid:84723776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.74.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860675/; classtype:trojan-activity;sid:84723775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.197.109"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860674/; classtype:trojan-activity;sid:84723774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.112.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860673/; classtype:trojan-activity;sid:84723773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.87.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860672/; classtype:trojan-activity;sid:84723772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.0.107"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860671/; classtype:trojan-activity;sid:84723771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/78d944f3-9bcc-48f2-b915-9d919fa39a54"; depth:37; endswith; nocase; http.host; content:"omxvqrt.penalty.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860670/; classtype:trojan-activity;sid:84723770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.42.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860669/; classtype:trojan-activity;sid:84723769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.11.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860668/; classtype:trojan-activity;sid:84723768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.87.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860667/; classtype:trojan-activity;sid:84723767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.121.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860666/; classtype:trojan-activity;sid:84723766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.249.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860665/; classtype:trojan-activity;sid:84723765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860664/; classtype:trojan-activity;sid:84723764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.106.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860663/; classtype:trojan-activity;sid:84723763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ec7a0d9b-1d16-4c64-8ada-d78bc270708b"; depth:37; endswith; nocase; http.host; content:"atuxkke.penalti.website"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860662/; classtype:trojan-activity;sid:84723762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.239.121.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860661/; classtype:trojan-activity;sid:84723761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=034c46cf-7fc1-4dca-897f-a6ad0a20162c"; depth:47; endswith; nocase; http.host; content:"bl7gsqjt.parsgoal90.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860660/; classtype:trojan-activity;sid:84723760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30fd1a3b-189c-4d5d-8a5c-cce64ecfaa9f"; depth:37; endswith; nocase; http.host; content:"egbofo.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860659/; classtype:trojan-activity;sid:84723759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860658/; classtype:trojan-activity;sid:84723758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.67.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860657/; classtype:trojan-activity;sid:84723757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.52.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860656/; classtype:trojan-activity;sid:84723756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.249.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860655/; classtype:trojan-activity;sid:84723755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860645/; classtype:trojan-activity;sid:84723745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860646/; classtype:trojan-activity;sid:84723746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860647/; classtype:trojan-activity;sid:84723747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860648/; classtype:trojan-activity;sid:84723748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860649/; classtype:trojan-activity;sid:84723749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860650/; classtype:trojan-activity;sid:84723750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860651/; classtype:trojan-activity;sid:84723751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860652/; classtype:trojan-activity;sid:84723752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860653/; classtype:trojan-activity;sid:84723753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860654/; classtype:trojan-activity;sid:84723754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860644/; classtype:trojan-activity;sid:84723744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6ef0281b-e1b9-4b35-bafa-32f9eb8dde33"; depth:37; endswith; nocase; http.host; content:"pdbrpnf.penaltibazi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860643/; classtype:trojan-activity;sid:84723743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860642/; classtype:trojan-activity;sid:84723742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.200.194"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860641/; classtype:trojan-activity;sid:84723741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.216.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860640/; classtype:trojan-activity;sid:84723740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.106.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860639/; classtype:trojan-activity;sid:84723739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.18.118"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860638/; classtype:trojan-activity;sid:84723738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860637/; classtype:trojan-activity;sid:84723737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.189.31.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860636/; classtype:trojan-activity;sid:84723736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.52.181.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860635/; classtype:trojan-activity;sid:84723735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.52.181.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860634/; classtype:trojan-activity;sid:84723734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36edf993-e4ea-4312-ba0e-bd1ec26c2d5a"; depth:37; endswith; nocase; http.host; content:"jhejjsa.penality.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860633/; classtype:trojan-activity;sid:84723733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860632/; classtype:trojan-activity;sid:84723732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.203.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860631/; classtype:trojan-activity;sid:84723731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.251.219"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860630/; classtype:trojan-activity;sid:84723730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.18.118"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860629/; classtype:trojan-activity;sid:84723729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.39.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860628/; classtype:trojan-activity;sid:84723728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860627/; classtype:trojan-activity;sid:84723727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.203.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860626/; classtype:trojan-activity;sid:84723726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.235.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860625/; classtype:trojan-activity;sid:84723725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.202.142.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860624/; classtype:trojan-activity;sid:84723724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.26.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860623/; classtype:trojan-activity;sid:84723723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.152.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860622/; classtype:trojan-activity;sid:84723722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.39.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860621/; classtype:trojan-activity;sid:84723721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79cabd37-7db6-45f5-90e2-137ad5591c8b"; depth:37; endswith; nocase; http.host; content:"dfjdzmq.penality.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860620/; classtype:trojan-activity;sid:84723720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860619/; classtype:trojan-activity;sid:84723719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.235.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860618/; classtype:trojan-activity;sid:84723718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.235.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860617/; classtype:trojan-activity;sid:84723717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.81.179"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860616/; classtype:trojan-activity;sid:84723716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.235.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860615/; classtype:trojan-activity;sid:84723715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bc3fa83a-7af8-4fd4-b336-14c2b2b859a3"; depth:47; endswith; nocase; http.host; content:"krqbplar.mrbet90.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860614/; classtype:trojan-activity;sid:84723714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.152.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860613/; classtype:trojan-activity;sid:84723713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.14.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860612/; classtype:trojan-activity;sid:84723712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36af4cdf-06ba-4c35-9285-6dbeca098a03"; depth:37; endswith; nocase; http.host; content:"ygxcnh.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860611/; classtype:trojan-activity;sid:84723711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.251.219"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860610/; classtype:trojan-activity;sid:84723710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2628db5c-aafa-439a-bcaa-bdc8d1f79c87"; depth:37; endswith; nocase; http.host; content:"utpesi.pablobet90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860609/; classtype:trojan-activity;sid:84723709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.115.130"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860607/; classtype:trojan-activity;sid:84723707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.223.140.192"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860608/; classtype:trojan-activity;sid:84723708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.122"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860606/; classtype:trojan-activity;sid:84723706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e4ec1692-9ea8-4f65-9713-f715d1b23697"; depth:37; endswith; nocase; http.host; content:"dvciwh.oxidbet.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860605/; classtype:trojan-activity;sid:84723705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f4cb3113-e4c4-446c-8cd2-fb0509a271ab"; depth:37; endswith; nocase; http.host; content:"jepbtnj.pasur21.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860604/; classtype:trojan-activity;sid:84723704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.14.171"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860603/; classtype:trojan-activity;sid:84723703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860602/; classtype:trojan-activity;sid:84723702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1c90bd8-f18b-4577-a2f8-d50d2b47930b"; depth:37; endswith; nocase; http.host; content:"uznjkx.onlineshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860601/; classtype:trojan-activity;sid:84723701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.69.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860600/; classtype:trojan-activity;sid:84723700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.88.208"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860599/; classtype:trojan-activity;sid:84723699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.74.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860598/; classtype:trojan-activity;sid:84723698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.45.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860597/; classtype:trojan-activity;sid:84723697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.39.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860596/; classtype:trojan-activity;sid:84723696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.245.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860594/; classtype:trojan-activity;sid:84723694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.134.46.64"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860595/; classtype:trojan-activity;sid:84723695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.140.192"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860593/; classtype:trojan-activity;sid:84723693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/befd73ed-84e7-48bb-af30-9c8e6e99f9ac"; depth:37; endswith; nocase; http.host; content:"aylkfoq.pasoor11.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860592/; classtype:trojan-activity;sid:84723692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.45.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860591/; classtype:trojan-activity;sid:84723691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.245.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860590/; classtype:trojan-activity;sid:84723690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ee681a2-58f8-477d-baf9-807679ec002b"; depth:37; endswith; nocase; http.host; content:"uafzmeq.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860589/; classtype:trojan-activity;sid:84723689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.30.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860588/; classtype:trojan-activity;sid:84723688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6db755c3-5342-499f-8c12-ce23f2953002"; depth:47; endswith; nocase; http.host; content:"lxnfayp0.onexfa.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860587/; classtype:trojan-activity;sid:84723687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.32.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860586/; classtype:trojan-activity;sid:84723686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ce9087d7-4027-403e-a15f-46a15612c526"; depth:37; endswith; nocase; http.host; content:"dkfcpnk.ninjafruitcubes.bet"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860585/; classtype:trojan-activity;sid:84723685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.30.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860584/; classtype:trojan-activity;sid:84723684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=681f3ec8-b171-4515-a109-faa76d4f3fde"; depth:47; endswith; nocase; http.host; content:"k3q6fgf9.parsbet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860583/; classtype:trojan-activity;sid:84723683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/tvsaaw5suka9.exe"; depth:25; endswith; nocase; http.host; content:"62.60.226.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860582/; classtype:trojan-activity;sid:84723682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.93.102"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860581/; classtype:trojan-activity;sid:84723681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.216.243.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860580/; classtype:trojan-activity;sid:84723680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.66.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860579/; classtype:trojan-activity;sid:84723679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05aa8c55-6562-4799-99ba-d385db1db172"; depth:37; endswith; nocase; http.host; content:"rritelh.one1xbet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860578/; classtype:trojan-activity;sid:84723678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.220.115"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860577/; classtype:trojan-activity;sid:84723677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860576/; classtype:trojan-activity;sid:84723676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7ef57ad6-6965-41b5-a223-32096b70cbb4"; depth:37; endswith; nocase; http.host; content:"szdfpv.jamjahani2026.football"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860575/; classtype:trojan-activity;sid:84723675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.66.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860574/; classtype:trojan-activity;sid:84723674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.196.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860573/; classtype:trojan-activity;sid:84723673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860572/; classtype:trojan-activity;sid:84723672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860571/; classtype:trojan-activity;sid:84723671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860564/; classtype:trojan-activity;sid:84723664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860565/; classtype:trojan-activity;sid:84723665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860566/; classtype:trojan-activity;sid:84723666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860567/; classtype:trojan-activity;sid:84723667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860568/; classtype:trojan-activity;sid:84723668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860569/; classtype:trojan-activity;sid:84723669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.220.115"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860570/; classtype:trojan-activity;sid:84723670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860562/; classtype:trojan-activity;sid:84723662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"68.185.152.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860563/; classtype:trojan-activity;sid:84723663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860557/; classtype:trojan-activity;sid:84723657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860558/; classtype:trojan-activity;sid:84723658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860559/; classtype:trojan-activity;sid:84723659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860560/; classtype:trojan-activity;sid:84723660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"68.185.152.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860561/; classtype:trojan-activity;sid:84723661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.18.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860556/; classtype:trojan-activity;sid:84723656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.196.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860555/; classtype:trojan-activity;sid:84723655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c9d79172-bbad-4268-9cc6-2e3cb99a2bd7"; depth:37; endswith; nocase; http.host; content:"ljbtuch.kbshavanese.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860554/; classtype:trojan-activity;sid:84723654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.40.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860553/; classtype:trojan-activity;sid:84723653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.149.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860552/; classtype:trojan-activity;sid:84723652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860545/; classtype:trojan-activity;sid:84723645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860546/; classtype:trojan-activity;sid:84723646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860547/; classtype:trojan-activity;sid:84723647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860548/; classtype:trojan-activity;sid:84723648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cat.sh"; depth:12; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860549/; classtype:trojan-activity;sid:84723649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860550/; classtype:trojan-activity;sid:84723650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860551/; classtype:trojan-activity;sid:84723651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860541/; classtype:trojan-activity;sid:84723641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860542/; classtype:trojan-activity;sid:84723642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860543/; classtype:trojan-activity;sid:84723643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860544/; classtype:trojan-activity;sid:84723644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860540/; classtype:trojan-activity;sid:84723640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860539/; classtype:trojan-activity;sid:84723639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860531/; classtype:trojan-activity;sid:84723631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860532/; classtype:trojan-activity;sid:84723632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860533/; classtype:trojan-activity;sid:84723633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860534/; classtype:trojan-activity;sid:84723634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860535/; classtype:trojan-activity;sid:84723635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860536/; classtype:trojan-activity;sid:84723636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860537/; classtype:trojan-activity;sid:84723637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860538/; classtype:trojan-activity;sid:84723638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.85.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860530/; classtype:trojan-activity;sid:84723630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860529/; classtype:trojan-activity;sid:84723629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.99.167.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860528/; classtype:trojan-activity;sid:84723628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.85.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860527/; classtype:trojan-activity;sid:84723627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"31.56.209.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860526/; classtype:trojan-activity;sid:84723626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860525/; classtype:trojan-activity;sid:84723625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.242.6"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860524/; classtype:trojan-activity;sid:84723624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.149.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860523/; classtype:trojan-activity;sid:84723623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/192bc255-1b06-439e-b372-3002da2e18c9"; depth:37; endswith; nocase; http.host; content:"eqfjmvb.kvbel.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860522/; classtype:trojan-activity;sid:84723622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.176.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860521/; classtype:trojan-activity;sid:84723621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860520/; classtype:trojan-activity;sid:84723620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d4029d3f-0558-41e8-8fce-1ad1760e3b43"; depth:47; endswith; nocase; http.host; content:"rsa2rwi5.parsc.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860519/; classtype:trojan-activity;sid:84723619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.157.252.30"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860518/; classtype:trojan-activity;sid:84723618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c85b6d60-db66-47eb-9d64-50c00104fc97"; depth:37; endswith; nocase; http.host; content:"usghiem.olabahiskayit.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860517/; classtype:trojan-activity;sid:84723617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.49.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860516/; classtype:trojan-activity;sid:84723616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.189.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860515/; classtype:trojan-activity;sid:84723615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1428f305-3dd2-4b0c-9668-fb243231a24b"; depth:37; endswith; nocase; http.host; content:"owmekh.yasbet90.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860514/; classtype:trojan-activity;sid:84723614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860513/; classtype:trojan-activity;sid:84723613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.49.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860512/; classtype:trojan-activity;sid:84723612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/666666.png"; depth:11; endswith; nocase; http.host; content:"c.fi3.me"; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860511/; classtype:trojan-activity;sid:84723611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.110.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860510/; classtype:trojan-activity;sid:84723610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860509/; classtype:trojan-activity;sid:84723609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fe7ead40-c46f-4594-9327-29de54ae3850"; depth:37; endswith; nocase; http.host; content:"nwdzgly.ninjafruitcubes.bet"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860508/; classtype:trojan-activity;sid:84723608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.110.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860507/; classtype:trojan-activity;sid:84723607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.175.205.141"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860506/; classtype:trojan-activity;sid:84723606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.164"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860505/; classtype:trojan-activity;sid:84723605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.169.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860504/; classtype:trojan-activity;sid:84723604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.116.217.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860503/; classtype:trojan-activity;sid:84723603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860502/; classtype:trojan-activity;sid:84723602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5c40fc7b-9ede-4028-9cf9-401d3a385a05"; depth:37; endswith; nocase; http.host; content:"oregrlk.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860501/; classtype:trojan-activity;sid:84723601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f70d3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860499/; classtype:trojan-activity;sid:84723599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6c8eb1"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860500/; classtype:trojan-activity;sid:84723600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57a8d3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860498/; classtype:trojan-activity;sid:84723598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9627aa"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860489/; classtype:trojan-activity;sid:84723589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7959d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860490/; classtype:trojan-activity;sid:84723590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfa9df"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860491/; classtype:trojan-activity;sid:84723591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12c83d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860492/; classtype:trojan-activity;sid:84723592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c45af0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860493/; classtype:trojan-activity;sid:84723593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5bd263"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860494/; classtype:trojan-activity;sid:84723594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ed27e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860495/; classtype:trojan-activity;sid:84723595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b8e6a7"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860496/; classtype:trojan-activity;sid:84723596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/46aa0c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860497/; classtype:trojan-activity;sid:84723597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.169.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860488/; classtype:trojan-activity;sid:84723588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.185.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860487/; classtype:trojan-activity;sid:84723587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.26.164"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860486/; classtype:trojan-activity;sid:84723586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860485/; classtype:trojan-activity;sid:84723585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860484/; classtype:trojan-activity;sid:84723584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.144.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860483/; classtype:trojan-activity;sid:84723583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c7b13d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860482/; classtype:trojan-activity;sid:84723582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a5a7f6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860481/; classtype:trojan-activity;sid:84723581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72e450"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860471/; classtype:trojan-activity;sid:84723571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc6614"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860472/; classtype:trojan-activity;sid:84723572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab6542"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860473/; classtype:trojan-activity;sid:84723573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a427c0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860474/; classtype:trojan-activity;sid:84723574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/573d73"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860475/; classtype:trojan-activity;sid:84723575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50a61b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860476/; classtype:trojan-activity;sid:84723576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afc540"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860477/; classtype:trojan-activity;sid:84723577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c1e2c7"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860478/; classtype:trojan-activity;sid:84723578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf574c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860479/; classtype:trojan-activity;sid:84723579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2bd8ac"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860480/; classtype:trojan-activity;sid:84723580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10d9eabf-3290-4d19-abc6-134d814f320f"; depth:37; endswith; nocase; http.host; content:"jrekcyl.pasoor11.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860470/; classtype:trojan-activity;sid:84723570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0a46e70a-753d-4eb4-bbc6-01fc5b664f6d"; depth:47; endswith; nocase; http.host; content:"rd7o3xct.parsgoal90.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860469/; classtype:trojan-activity;sid:84723569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"105.155.11.88"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860468/; classtype:trojan-activity;sid:84723568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.87.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860467/; classtype:trojan-activity;sid:84723567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f883b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860455/; classtype:trojan-activity;sid:84723555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01e5af"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860456/; classtype:trojan-activity;sid:84723556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/078c01"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860457/; classtype:trojan-activity;sid:84723557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0391e2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860458/; classtype:trojan-activity;sid:84723558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/530617"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860459/; classtype:trojan-activity;sid:84723559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e6bb4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860460/; classtype:trojan-activity;sid:84723560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1962e4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860461/; classtype:trojan-activity;sid:84723561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b52b24"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860462/; classtype:trojan-activity;sid:84723562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0fa32d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860463/; classtype:trojan-activity;sid:84723563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b17764"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860464/; classtype:trojan-activity;sid:84723564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7c701a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860465/; classtype:trojan-activity;sid:84723565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c80f72"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860466/; classtype:trojan-activity;sid:84723566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860453/; classtype:trojan-activity;sid:84723553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.200.215.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860454/; classtype:trojan-activity;sid:84723554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860452/; classtype:trojan-activity;sid:84723552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.243.149.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860451/; classtype:trojan-activity;sid:84723551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/titanuimxross01.exe"; depth:20; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860450/; classtype:trojan-activity;sid:84723550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ce086ac-587e-4e57-a08f-136d355b430f"; depth:37; endswith; nocase; http.host; content:"xsutsu.jamjahani2026.football"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860449/; classtype:trojan-activity;sid:84723549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860448/; classtype:trojan-activity;sid:84723548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.228.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860447/; classtype:trojan-activity;sid:84723547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=12625184-be12-4a47-9eb4-4ce06683461b"; depth:47; endswith; nocase; http.host; content:"po6drihx.onexprobet.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860446/; classtype:trojan-activity;sid:84723546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.185.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860445/; classtype:trojan-activity;sid:84723545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860444/; classtype:trojan-activity;sid:84723544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e0edd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860443/; classtype:trojan-activity;sid:84723543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adf9ac"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860432/; classtype:trojan-activity;sid:84723532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90e66f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860433/; classtype:trojan-activity;sid:84723533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7d8acf"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860434/; classtype:trojan-activity;sid:84723534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deee19"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860435/; classtype:trojan-activity;sid:84723535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c75c53"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860436/; classtype:trojan-activity;sid:84723536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e70cd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860437/; classtype:trojan-activity;sid:84723537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/553e9a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860438/; classtype:trojan-activity;sid:84723538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6a2a47"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860439/; classtype:trojan-activity;sid:84723539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c9611d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860440/; classtype:trojan-activity;sid:84723540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6529a3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860441/; classtype:trojan-activity;sid:84723541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ba3fb"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860442/; classtype:trojan-activity;sid:84723542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860431/; classtype:trojan-activity;sid:84723531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9802be"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860430/; classtype:trojan-activity;sid:84723530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c92abe"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860427/; classtype:trojan-activity;sid:84723527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f53f2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860428/; classtype:trojan-activity;sid:84723528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860429/; classtype:trojan-activity;sid:84723529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5d9d75"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860424/; classtype:trojan-activity;sid:84723524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.x86"; depth:8; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860425/; classtype:trojan-activity;sid:84723525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.arm"; depth:8; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860426/; classtype:trojan-activity;sid:84723526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d4ac9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860416/; classtype:trojan-activity;sid:84723516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3c531"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860417/; classtype:trojan-activity;sid:84723517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d784f8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860418/; classtype:trojan-activity;sid:84723518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1807f0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860419/; classtype:trojan-activity;sid:84723519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6afd6b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860420/; classtype:trojan-activity;sid:84723520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/011ad4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860421/; classtype:trojan-activity;sid:84723521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0b6a4a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860422/; classtype:trojan-activity;sid:84723522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/462880"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860423/; classtype:trojan-activity;sid:84723523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5e8937e2-dca4-439a-b569-962ccabd7eba"; depth:37; endswith; nocase; http.host; content:"ddimsjy.pasoorbazi.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860415/; classtype:trojan-activity;sid:84723515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.mpsl"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860414/; classtype:trojan-activity;sid:84723514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.sh4"; depth:8; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860411/; classtype:trojan-activity;sid:84723511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.arc"; depth:8; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860412/; classtype:trojan-activity;sid:84723512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.m68k"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860413/; classtype:trojan-activity;sid:84723513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.arm4"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860409/; classtype:trojan-activity;sid:84723509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.i686"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860410/; classtype:trojan-activity;sid:84723510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.arm6"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860408/; classtype:trojan-activity;sid:84723508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.arm5"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860404/; classtype:trojan-activity;sid:84723504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.ppc"; depth:8; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860405/; classtype:trojan-activity;sid:84723505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.mips"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860406/; classtype:trojan-activity;sid:84723506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.arm7"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860407/; classtype:trojan-activity;sid:84723507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.i586"; depth:9; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860400/; classtype:trojan-activity;sid:84723500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.mipsel"; depth:11; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860401/; classtype:trojan-activity;sid:84723501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.powerpc"; depth:12; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860402/; classtype:trojan-activity;sid:84723502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cry.sparc"; depth:10; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860403/; classtype:trojan-activity;sid:84723503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c483ec"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860388/; classtype:trojan-activity;sid:84723488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80af69"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860389/; classtype:trojan-activity;sid:84723489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab895d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860390/; classtype:trojan-activity;sid:84723490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d004aa"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860391/; classtype:trojan-activity;sid:84723491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b833b0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860392/; classtype:trojan-activity;sid:84723492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eb3222"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860393/; classtype:trojan-activity;sid:84723493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2f023"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860394/; classtype:trojan-activity;sid:84723494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34587d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860395/; classtype:trojan-activity;sid:84723495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37d75e"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860396/; classtype:trojan-activity;sid:84723496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61c333"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860397/; classtype:trojan-activity;sid:84723497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/258e32"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860398/; classtype:trojan-activity;sid:84723498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/963448"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860399/; classtype:trojan-activity;sid:84723499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b7722ac8-ee81-4c41-9527-1c32111583e2"; depth:37; endswith; nocase; http.host; content:"wxjbkv.onlineshart.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860387/; classtype:trojan-activity;sid:84723487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e72c41b-bb4c-4fe8-a910-68498c5fd8c1"; depth:37; endswith; nocase; http.host; content:"whdecl.oxidbet.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860386/; classtype:trojan-activity;sid:84723486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.228.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860385/; classtype:trojan-activity;sid:84723485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f413aa"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860382/; classtype:trojan-activity;sid:84723482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/90ecdb"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860383/; classtype:trojan-activity;sid:84723483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9e8f68"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860384/; classtype:trojan-activity;sid:84723484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef18ef"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860381/; classtype:trojan-activity;sid:84723481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd744a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860373/; classtype:trojan-activity;sid:84723473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d2f0ce"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860374/; classtype:trojan-activity;sid:84723474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/91ec19"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860375/; classtype:trojan-activity;sid:84723475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5bd151"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860376/; classtype:trojan-activity;sid:84723476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b89af0"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860377/; classtype:trojan-activity;sid:84723477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47c0a3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860378/; classtype:trojan-activity;sid:84723478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4621af"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860379/; classtype:trojan-activity;sid:84723479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f10ee"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860380/; classtype:trojan-activity;sid:84723480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caae36"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860372/; classtype:trojan-activity;sid:84723472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1c44fd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860369/; classtype:trojan-activity;sid:84723469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7c637b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860370/; classtype:trojan-activity;sid:84723470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c8057c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860371/; classtype:trojan-activity;sid:84723471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abd761"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860365/; classtype:trojan-activity;sid:84723465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f183a"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860366/; classtype:trojan-activity;sid:84723466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0ecf6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860367/; classtype:trojan-activity;sid:84723467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f37220"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860368/; classtype:trojan-activity;sid:84723468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4dddb2"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860364/; classtype:trojan-activity;sid:84723464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4b4b3d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860361/; classtype:trojan-activity;sid:84723461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4eff91"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860362/; classtype:trojan-activity;sid:84723462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a9f22"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860363/; classtype:trojan-activity;sid:84723463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62030003-8ef6-40e2-b704-15bf8f1b811b"; depth:37; endswith; nocase; http.host; content:"mutvwz.ozabet90.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860360/; classtype:trojan-activity;sid:84723460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.sh4"; depth:24; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860346/; classtype:trojan-activity;sid:84723446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.mips"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860347/; classtype:trojan-activity;sid:84723447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.i468"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860348/; classtype:trojan-activity;sid:84723448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arc"; depth:24; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860349/; classtype:trojan-activity;sid:84723449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.ppc"; depth:24; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860350/; classtype:trojan-activity;sid:84723450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.m68k"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860351/; classtype:trojan-activity;sid:84723451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.i686"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860352/; classtype:trojan-activity;sid:84723452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm6"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860353/; classtype:trojan-activity;sid:84723453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.x86_64"; depth:27; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860354/; classtype:trojan-activity;sid:84723454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm5"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860355/; classtype:trojan-activity;sid:84723455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm"; depth:24; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860356/; classtype:trojan-activity;sid:84723456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.spc"; depth:24; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860357/; classtype:trojan-activity;sid:84723457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm7"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860358/; classtype:trojan-activity;sid:84723458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.mpsl"; depth:25; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860359/; classtype:trojan-activity;sid:84723459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860345/; classtype:trojan-activity;sid:84723445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860335/; classtype:trojan-activity;sid:84723435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsl"; depth:11; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860336/; classtype:trojan-activity;sid:84723436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860337/; classtype:trojan-activity;sid:84723437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860338/; classtype:trojan-activity;sid:84723438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860339/; classtype:trojan-activity;sid:84723439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860340/; classtype:trojan-activity;sid:84723440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860341/; classtype:trojan-activity;sid:84723441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860342/; classtype:trojan-activity;sid:84723442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sparc"; depth:11; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860343/; classtype:trojan-activity;sid:84723443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arc"; depth:9; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860344/; classtype:trojan-activity;sid:84723444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips64"; depth:12; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860331/; classtype:trojan-activity;sid:84723431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860332/; classtype:trojan-activity;sid:84723432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860333/; classtype:trojan-activity;sid:84723433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860334/; classtype:trojan-activity;sid:84723434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm7"; depth:22; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860330/; classtype:trojan-activity;sid:84723430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm5"; depth:22; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860319/; classtype:trojan-activity;sid:84723419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm6"; depth:22; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860320/; classtype:trojan-activity;sid:84723420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"45.126.210.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860321/; classtype:trojan-activity;sid:84723421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.x86"; depth:21; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860322/; classtype:trojan-activity;sid:84723422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arc"; depth:21; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860323/; classtype:trojan-activity;sid:84723423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.sh4"; depth:21; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860324/; classtype:trojan-activity;sid:84723424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.ppc"; depth:21; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860325/; classtype:trojan-activity;sid:84723425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.m68k"; depth:22; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860326/; classtype:trojan-activity;sid:84723426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.x86_64"; depth:24; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860327/; classtype:trojan-activity;sid:84723427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860328/; classtype:trojan-activity;sid:84723428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.mips"; depth:22; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860329/; classtype:trojan-activity;sid:84723429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"45.126.210.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860312/; classtype:trojan-activity;sid:84723412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.i686"; depth:22; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860313/; classtype:trojan-activity;sid:84723413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.sparc"; depth:23; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860314/; classtype:trojan-activity;sid:84723414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"45.126.210.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860315/; classtype:trojan-activity;sid:84723415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"45.126.210.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860316/; classtype:trojan-activity;sid:84723416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.mpsl"; depth:22; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860317/; classtype:trojan-activity;sid:84723417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm"; depth:21; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860318/; classtype:trojan-activity;sid:84723418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.mips64"; depth:24; endswith; nocase; http.host; content:"96.62.214.170"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860311/; classtype:trojan-activity;sid:84723411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.x86"; depth:24; endswith; nocase; http.host; content:"103.226.139.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860310/; classtype:trojan-activity;sid:84723410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/nqmwdsyht"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860307/; classtype:trojan-activity;sid:84723407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"45.126.210.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860308/; classtype:trojan-activity;sid:84723408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860309/; classtype:trojan-activity;sid:84723409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f9d3a7c2/bot_arm"; depth:17; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860306/; classtype:trojan-activity;sid:84723406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/dtjogcysu"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860292/; classtype:trojan-activity;sid:84723392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/ytaabxcxa"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860293/; classtype:trojan-activity;sid:84723393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/lqtucsxvn"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860294/; classtype:trojan-activity;sid:84723394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860295/; classtype:trojan-activity;sid:84723395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/simjxtksv"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860296/; classtype:trojan-activity;sid:84723396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/uoicjoyug"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860297/; classtype:trojan-activity;sid:84723397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/obmsxxvnc"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860298/; classtype:trojan-activity;sid:84723398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/zlkbnkpmc"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860299/; classtype:trojan-activity;sid:84723399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/morormcey"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860300/; classtype:trojan-activity;sid:84723400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/lfpxfytvz"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860301/; classtype:trojan-activity;sid:84723401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/tdhyctkjq"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860302/; classtype:trojan-activity;sid:84723402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/rubcopfkd"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860303/; classtype:trojan-activity;sid:84723403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/kznpkpoyh"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860304/; classtype:trojan-activity;sid:84723404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/evpyuqbis"; depth:20; endswith; nocase; http.host; content:"64.89.162.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860305/; classtype:trojan-activity;sid:84723405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/172ed5dc-3712-4551-a9e5-935744c282c2"; depth:37; endswith; nocase; http.host; content:"seuvsq.pablobet90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860291/; classtype:trojan-activity;sid:84723391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.243.149.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860290/; classtype:trojan-activity;sid:84723390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0c929a90-daf9-4543-a879-4943b6dc6b2d"; depth:37; endswith; nocase; http.host; content:"eqzsjra.pasur21.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860289/; classtype:trojan-activity;sid:84723389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f6dff591-dbd0-4097-b6bf-44da1c298a95"; depth:37; endswith; nocase; http.host; content:"quyycf.parsball.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860288/; classtype:trojan-activity;sid:84723388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.77.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860287/; classtype:trojan-activity;sid:84723387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.160.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860285/; classtype:trojan-activity;sid:84723385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.18.124"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860286/; classtype:trojan-activity;sid:84723386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.200.215.107"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860284/; classtype:trojan-activity;sid:84723384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/998de4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860279/; classtype:trojan-activity;sid:84723379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45bf81"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860280/; classtype:trojan-activity;sid:84723380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e906f7"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860281/; classtype:trojan-activity;sid:84723381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/95308b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860282/; classtype:trojan-activity;sid:84723382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f27832"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860283/; classtype:trojan-activity;sid:84723383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11d2ef"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860272/; classtype:trojan-activity;sid:84723372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cadd23"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860273/; classtype:trojan-activity;sid:84723373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3c653"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860274/; classtype:trojan-activity;sid:84723374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5de46"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860275/; classtype:trojan-activity;sid:84723375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f36ef8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860276/; classtype:trojan-activity;sid:84723376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c71254"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860277/; classtype:trojan-activity;sid:84723377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f1fa84"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860278/; classtype:trojan-activity;sid:84723378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.228.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860271/; classtype:trojan-activity;sid:84723371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.77.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860270/; classtype:trojan-activity;sid:84723370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb127361-ea36-4bc5-9514-788b23f562cb"; depth:37; endswith; nocase; http.host; content:"lvjekhq.penality.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860269/; classtype:trojan-activity;sid:84723369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=870158c5-5d05-485a-adbb-5bec80adaa52"; depth:47; endswith; nocase; http.host; content:"015bj63k.parspoker90.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860268/; classtype:trojan-activity;sid:84723368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.50.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860267/; classtype:trojan-activity;sid:84723367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860266/; classtype:trojan-activity;sid:84723366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.40.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860265/; classtype:trojan-activity;sid:84723365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.101.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860264/; classtype:trojan-activity;sid:84723364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e59b61aa-0941-4d51-b81c-15807c76567b"; depth:37; endswith; nocase; http.host; content:"rwnkdep.penality.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860263/; classtype:trojan-activity;sid:84723363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.47.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860262/; classtype:trojan-activity;sid:84723362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860261/; classtype:trojan-activity;sid:84723361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.240.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860260/; classtype:trojan-activity;sid:84723360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.82.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860259/; classtype:trojan-activity;sid:84723359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.157.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860258/; classtype:trojan-activity;sid:84723358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5e72f40-c06f-463e-b46f-663bf44cd51b"; depth:37; endswith; nocase; http.host; content:"qlggges.penaltibazi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860257/; classtype:trojan-activity;sid:84723357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.23.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860256/; classtype:trojan-activity;sid:84723356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7ba965d3-fb60-497a-8ef9-b0f2f7418a9e"; depth:37; endswith; nocase; http.host; content:"nnunvu.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860255/; classtype:trojan-activity;sid:84723355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.240.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860253/; classtype:trojan-activity;sid:84723353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.82.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860254/; classtype:trojan-activity;sid:84723354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.142"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860252/; classtype:trojan-activity;sid:84723352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.85.193"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860251/; classtype:trojan-activity;sid:84723351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.142"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860250/; classtype:trojan-activity;sid:84723350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.207.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860249/; classtype:trojan-activity;sid:84723349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.47.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860248/; classtype:trojan-activity;sid:84723348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/98671f9e-5bf3-4fb0-98e6-de7f88f7c832"; depth:37; endswith; nocase; http.host; content:"wfmbnyx.penalti.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860247/; classtype:trojan-activity;sid:84723347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.130.86"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860246/; classtype:trojan-activity;sid:84723346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.85.193"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860243/; classtype:trojan-activity;sid:84723343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.86.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860244/; classtype:trojan-activity;sid:84723344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.226.111"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860245/; classtype:trojan-activity;sid:84723345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a91364b9-522e-49d2-93d8-96b735508939"; depth:47; endswith; nocase; http.host; content:"et8095ov.parspoker.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860242/; classtype:trojan-activity;sid:84723342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.113.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860241/; classtype:trojan-activity;sid:84723341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.45.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860240/; classtype:trojan-activity;sid:84723340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.105.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860239/; classtype:trojan-activity;sid:84723339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6fbb2c5e-c064-4b4d-9368-4be6751148e2"; depth:37; endswith; nocase; http.host; content:"jgjikxq.penalti.website"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860238/; classtype:trojan-activity;sid:84723338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.82.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860237/; classtype:trojan-activity;sid:84723337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.65.46"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860236/; classtype:trojan-activity;sid:84723336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.65.46"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860235/; classtype:trojan-activity;sid:84723335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.194.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860234/; classtype:trojan-activity;sid:84723334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.105.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860233/; classtype:trojan-activity;sid:84723333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.175.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860232/; classtype:trojan-activity;sid:84723332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.149.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860231/; classtype:trojan-activity;sid:84723331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.216.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860230/; classtype:trojan-activity;sid:84723330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b4a8efe0-89d6-4be5-b00a-a9e8d2b1fa19"; depth:37; endswith; nocase; http.host; content:"jvlckru.penalty.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860229/; classtype:trojan-activity;sid:84723329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.119.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860228/; classtype:trojan-activity;sid:84723328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.224.33"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860227/; classtype:trojan-activity;sid:84723327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/534a401a-93b5-4ca3-ad5f-b330c036e834"; depth:37; endswith; nocase; http.host; content:"idwfsf.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860226/; classtype:trojan-activity;sid:84723326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.175.207"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860225/; classtype:trojan-activity;sid:84723325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.192.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860224/; classtype:trojan-activity;sid:84723324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.93.102"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860223/; classtype:trojan-activity;sid:84723323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.12.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860222/; classtype:trojan-activity;sid:84723322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=279ee61f-f981-456d-a096-5acafd8dcaac"; depth:47; endswith; nocase; http.host; content:"et5qogz2.one1xbet.promo"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860221/; classtype:trojan-activity;sid:84723321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm6"; depth:34; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860213/; classtype:trojan-activity;sid:84723313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86_64"; depth:36; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860214/; classtype:trojan-activity;sid:84723314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mpsl"; depth:34; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860215/; classtype:trojan-activity;sid:84723315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm7"; depth:34; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860216/; classtype:trojan-activity;sid:84723316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.mips"; depth:34; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860217/; classtype:trojan-activity;sid:84723317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm"; depth:33; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860218/; classtype:trojan-activity;sid:84723318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.x86"; depth:33; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860219/; classtype:trojan-activity;sid:84723319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.i686"; depth:34; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860220/; classtype:trojan-activity;sid:84723320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.ppc"; depth:33; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860210/; classtype:trojan-activity;sid:84723310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.sh4"; depth:33; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860211/; classtype:trojan-activity;sid:84723311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.arm5"; depth:34; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860212/; classtype:trojan-activity;sid:84723312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullnet_bin_dir/nullnet_load.m68k"; depth:34; endswith; nocase; http.host; content:"5.231.70.34"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860209/; classtype:trojan-activity;sid:84723309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.82.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860208/; classtype:trojan-activity;sid:84723308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6181c88-838a-4f09-93e1-0b270cb3f5d8"; depth:37; endswith; nocase; http.host; content:"nqbecrh.one1x.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860207/; classtype:trojan-activity;sid:84723307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.113.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860206/; classtype:trojan-activity;sid:84723306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.3.220"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860205/; classtype:trojan-activity;sid:84723305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.192.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860204/; classtype:trojan-activity;sid:84723304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c599276e-21f7-45c6-beb6-e969c5387732"; depth:47; endswith; nocase; http.host; content:"g2z2cnlz.pascal.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860203/; classtype:trojan-activity;sid:84723303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.214.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860202/; classtype:trojan-activity;sid:84723302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.180.39.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860201/; classtype:trojan-activity;sid:84723301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=131dc023-5f0f-4c63-8146-9b44c78f4ffe"; depth:47; endswith; nocase; http.host; content:"5bksyseg.betistmobil.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860200/; classtype:trojan-activity;sid:84723300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c644dd00-5ae8-4919-b959-edcf4004bc46"; depth:37; endswith; nocase; http.host; content:"zfrfayl.one1xbet.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860199/; classtype:trojan-activity;sid:84723299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=260f10d6-cd0c-4b13-a830-7a9263a7a91d"; depth:47; endswith; nocase; http.host; content:"l9tynneu.mybookieiran.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860198/; classtype:trojan-activity;sid:84723298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"1.198.198.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860197/; classtype:trojan-activity;sid:84723297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.128.243.147"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860193/; classtype:trojan-activity;sid:84723293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.15.88.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860194/; classtype:trojan-activity;sid:84723294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"171.15.89.112"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860195/; classtype:trojan-activity;sid:84723295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"222.127.186.27"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860196/; classtype:trojan-activity;sid:84723296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"62.99.58.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860192/; classtype:trojan-activity;sid:84723292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.37.114.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860190/; classtype:trojan-activity;sid:84723290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"112.31.247.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860191/; classtype:trojan-activity;sid:84723291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"217.60.195.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860189/; classtype:trojan-activity;sid:84723289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.237.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860188/; classtype:trojan-activity;sid:84723288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.54.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860187/; classtype:trojan-activity;sid:84723287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860186/; classtype:trojan-activity;sid:84723286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a20825e3-3765-4452-8dab-4dc098daa8e9"; depth:47; endswith; nocase; http.host; content:"a96ampff.mrgreenbetiran.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860185/; classtype:trojan-activity;sid:84723285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.32.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860184/; classtype:trojan-activity;sid:84723284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5b264cf-f72f-4b43-b207-3e9e1c995b46"; depth:37; endswith; nocase; http.host; content:"avygupe.one1xbet.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860183/; classtype:trojan-activity;sid:84723283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.174.125.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860182/; classtype:trojan-activity;sid:84723282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.39.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860181/; classtype:trojan-activity;sid:84723281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.82.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860180/; classtype:trojan-activity;sid:84723280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.227.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860179/; classtype:trojan-activity;sid:84723279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.54.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860178/; classtype:trojan-activity;sid:84723278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cdd4ea04-c59b-4888-bcbf-97e0e4948680"; depth:37; endswith; nocase; http.host; content:"mqbjnx.jamjahani.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860177/; classtype:trojan-activity;sid:84723277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.54.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860176/; classtype:trojan-activity;sid:84723276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.174.125.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860175/; classtype:trojan-activity;sid:84723275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.215.135"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860174/; classtype:trojan-activity;sid:84723274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.134.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860172/; classtype:trojan-activity;sid:84723272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860173/; classtype:trojan-activity;sid:84723273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.204.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860171/; classtype:trojan-activity;sid:84723271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.178.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860170/; classtype:trojan-activity;sid:84723270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3a6f23ae-7a6e-48d6-95ed-b07ca0c9f4f6"; depth:37; endswith; nocase; http.host; content:"ilmlvxt.lolsurpriseball.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860169/; classtype:trojan-activity;sid:84723269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.10.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860168/; classtype:trojan-activity;sid:84723268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.101.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860167/; classtype:trojan-activity;sid:84723267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.25.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860166/; classtype:trojan-activity;sid:84723266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.134.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860165/; classtype:trojan-activity;sid:84723265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.110.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860164/; classtype:trojan-activity;sid:84723264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.39.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860163/; classtype:trojan-activity;sid:84723263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.214.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860162/; classtype:trojan-activity;sid:84723262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de8a8b05-2f16-4759-a366-dc4494022705"; depth:37; endswith; nocase; http.host; content:"bvnvrjx.kvbel.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860161/; classtype:trojan-activity;sid:84723261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.144.222"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860160/; classtype:trojan-activity;sid:84723260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clp3.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860159/; classtype:trojan-activity;sid:84723259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.86.235"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860158/; classtype:trojan-activity;sid:84723258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.211.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860157/; classtype:trojan-activity;sid:84723257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2d3e461b-ad09-4bda-bb6b-1fc1787b5f36"; depth:37; endswith; nocase; http.host; content:"hdkkxsm.kbshavanese.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860156/; classtype:trojan-activity;sid:84723256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ad7d3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860155/; classtype:trojan-activity;sid:84723255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860144/; classtype:trojan-activity;sid:84723244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860145/; classtype:trojan-activity;sid:84723245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860146/; classtype:trojan-activity;sid:84723246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qs2l"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860147/; classtype:trojan-activity;sid:84723247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsui"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860148/; classtype:trojan-activity;sid:84723248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/681855"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860149/; classtype:trojan-activity;sid:84723249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7426b6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860150/; classtype:trojan-activity;sid:84723250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ceed67"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860151/; classtype:trojan-activity;sid:84723251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c2dba1"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860152/; classtype:trojan-activity;sid:84723252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/39325f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860153/; classtype:trojan-activity;sid:84723253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acecfe"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860154/; classtype:trojan-activity;sid:84723254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0fc7fa"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860141/; classtype:trojan-activity;sid:84723241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/voxd"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860142/; classtype:trojan-activity;sid:84723242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y2jt"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860143/; classtype:trojan-activity;sid:84723243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd7252"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860138/; classtype:trojan-activity;sid:84723238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860139/; classtype:trojan-activity;sid:84723239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mqk"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860140/; classtype:trojan-activity;sid:84723240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cee"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860133/; classtype:trojan-activity;sid:84723233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860134/; classtype:trojan-activity;sid:84723234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860135/; classtype:trojan-activity;sid:84723235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb7c86"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860136/; classtype:trojan-activity;sid:84723236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f16d06"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860137/; classtype:trojan-activity;sid:84723237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860131/; classtype:trojan-activity;sid:84723231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/826e34"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860132/; classtype:trojan-activity;sid:84723232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u8f"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860128/; classtype:trojan-activity;sid:84723228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gsu"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860129/; classtype:trojan-activity;sid:84723229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4qo5"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860130/; classtype:trojan-activity;sid:84723230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d8e1c9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860127/; classtype:trojan-activity;sid:84723227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.aarch64"; depth:13; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860105/; classtype:trojan-activity;sid:84723205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860106/; classtype:trojan-activity;sid:84723206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860107/; classtype:trojan-activity;sid:84723207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860108/; classtype:trojan-activity;sid:84723208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860109/; classtype:trojan-activity;sid:84723209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860110/; classtype:trojan-activity;sid:84723210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tio"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860111/; classtype:trojan-activity;sid:84723211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kkhh"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860112/; classtype:trojan-activity;sid:84723212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xny"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860113/; classtype:trojan-activity;sid:84723213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8v4s"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860114/; classtype:trojan-activity;sid:84723214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kzp"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860115/; classtype:trojan-activity;sid:84723215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtkz"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860116/; classtype:trojan-activity;sid:84723216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sgjb"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860117/; classtype:trojan-activity;sid:84723217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmg"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860118/; classtype:trojan-activity;sid:84723218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8nat"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860119/; classtype:trojan-activity;sid:84723219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860120/; classtype:trojan-activity;sid:84723220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pp8"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860121/; classtype:trojan-activity;sid:84723221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f5fab3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860122/; classtype:trojan-activity;sid:84723222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79a888"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860123/; classtype:trojan-activity;sid:84723223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae77ea"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860124/; classtype:trojan-activity;sid:84723224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9c38d8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860125/; classtype:trojan-activity;sid:84723225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df8af8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860126/; classtype:trojan-activity;sid:84723226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7rwi"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860103/; classtype:trojan-activity;sid:84723203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hzl"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860104/; classtype:trojan-activity;sid:84723204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zm1"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860097/; classtype:trojan-activity;sid:84723197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ab5db335-9239-4c22-8dad-68ea00f854b9"; depth:47; endswith; nocase; http.host; content:"3mm5jtvt.mrbet90.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860098/; classtype:trojan-activity;sid:84723198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/667d8b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860099/; classtype:trojan-activity;sid:84723199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb8949"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860100/; classtype:trojan-activity;sid:84723200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca9cf8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860101/; classtype:trojan-activity;sid:84723201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3g"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860102/; classtype:trojan-activity;sid:84723202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xqx"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860094/; classtype:trojan-activity;sid:84723194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/98b918"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860095/; classtype:trojan-activity;sid:84723195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v41"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860096/; classtype:trojan-activity;sid:84723196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e15a8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860092/; classtype:trojan-activity;sid:84723192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0a2126"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860093/; classtype:trojan-activity;sid:84723193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aes.js"; depth:7; endswith; nocase; http.host; content:"inini.kesug.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860091/; classtype:trojan-activity;sid:84723191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.255.26.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860090/; classtype:trojan-activity;sid:84723190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"139.135.40.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860085/; classtype:trojan-activity;sid:84723185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.123.42.233"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860086/; classtype:trojan-activity;sid:84723186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msmq/private"; depth:13; endswith; nocase; http.host; content:"192.168.10.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860087/; classtype:trojan-activity;sid:84723187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"144.48.132.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860088/; classtype:trojan-activity;sid:84723188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.102.4.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860089/; classtype:trojan-activity;sid:84723189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.18.5/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"git.nightcord.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860084/; classtype:trojan-activity;sid:84723184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"117.209.11.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860083/; classtype:trojan-activity;sid:84723183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peylood.sh"; depth:11; endswith; nocase; http.host; content:"94.183.188.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860079/; classtype:trojan-activity;sid:84723179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_x86_64"; depth:11; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860080/; classtype:trojan-activity;sid:84723180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm64"; depth:10; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860081/; classtype:trojan-activity;sid:84723181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|download=1"; depth:15; endswith; nocase; http.host; content:"video-dtp6.vercel.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860082/; classtype:trojan-activity;sid:84723182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm_static"; depth:15; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860072/; classtype:trojan-activity;sid:84723172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm"; depth:8; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860073/; classtype:trojan-activity;sid:84723173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm_fixed"; depth:14; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860074/; classtype:trojan-activity;sid:84723174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r"; depth:2; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860075/; classtype:trojan-activity;sid:84723175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mips"; depth:9; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860076/; classtype:trojan-activity;sid:84723176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_arm_fresh"; depth:14; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860077/; classtype:trojan-activity;sid:84723177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_mipsel"; depth:11; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860078/; classtype:trojan-activity;sid:84723178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/q9va341j9hb9wh2h192jn/quietecho-installer.exe|3f|rlkey=z9twkuzypibnfxv0h6o6nbecc|7c|26|7c|st=m2yf1d8i|7c|26|7c|dl=1"; depth:123; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860071/; classtype:trojan-activity;sid:84723171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.sh"; depth:10; endswith; nocase; http.host; content:"194.36.88.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860069/; classtype:trojan-activity;sid:84723169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins"; depth:5; endswith; nocase; http.host; content:"194.36.88.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860070/; classtype:trojan-activity;sid:84723170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.36.26.164"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860067/; classtype:trojan-activity;sid:84723167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kozak.sh"; depth:9; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860068/; classtype:trojan-activity;sid:84723168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lala.png"; depth:9; endswith; nocase; http.host; content:"pub-a06eb79f0ebe4a6999bcc71a2227d8e3.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860066/; classtype:trojan-activity;sid:84723166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hndve"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860065/; classtype:trojan-activity;sid:84723165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.219.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860064/; classtype:trojan-activity;sid:84723164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.40.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860063/; classtype:trojan-activity;sid:84723163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.40.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860062/; classtype:trojan-activity;sid:84723162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.84.113.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860061/; classtype:trojan-activity;sid:84723161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d7190d09-9239-409a-bb23-be772edd957a"; depth:37; endswith; nocase; http.host; content:"lbgkfp.jamjahani2026.football"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860060/; classtype:trojan-activity;sid:84723160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.219.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860059/; classtype:trojan-activity;sid:84723159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16324857-3fa6-4c3a-b2c4-063c4e8b74d0"; depth:37; endswith; nocase; http.host; content:"boixyye.jogodobicho.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860058/; classtype:trojan-activity;sid:84723158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.12.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860057/; classtype:trojan-activity;sid:84723157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.111.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860056/; classtype:trojan-activity;sid:84723156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f7cd146c-d837-4d65-a850-1a3fe09a6a34"; depth:37; endswith; nocase; http.host; content:"yxjmsvr.jamjahani.world"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860055/; classtype:trojan-activity;sid:84723155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.216.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860054/; classtype:trojan-activity;sid:84723154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.163.128.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860053/; classtype:trojan-activity;sid:84723153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860052/; classtype:trojan-activity;sid:84723152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.34.82"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860051/; classtype:trojan-activity;sid:84723151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.40.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860050/; classtype:trojan-activity;sid:84723150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.78.150"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860049/; classtype:trojan-activity;sid:84723149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.5.137"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860048/; classtype:trojan-activity;sid:84723148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5bf77700-2d9d-4b34-b89e-ad2c14d7d7de"; depth:37; endswith; nocase; http.host; content:"ugmitqk.one1xbet.poker"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860047/; classtype:trojan-activity;sid:84723147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2b41fa2d-31cc-4dd5-95b6-555f1ebbfd2d"; depth:47; endswith; nocase; http.host; content:"qtcfxojh.mostbetresmi.site"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860046/; classtype:trojan-activity;sid:84723146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.34.82"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860045/; classtype:trojan-activity;sid:84723145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.78.150"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860044/; classtype:trojan-activity;sid:84723144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.92.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860043/; classtype:trojan-activity;sid:84723143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=65a395a2-ed30-491a-9528-6d7d37c8ba75"; depth:47; endswith; nocase; http.host; content:"2dz4gggg.betgopro.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860042/; classtype:trojan-activity;sid:84723142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba8f0815-43ef-4990-a0cb-3c11b1e50937"; depth:37; endswith; nocase; http.host; content:"avhbto.yasbet90.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860041/; classtype:trojan-activity;sid:84723141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.188.117"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860040/; classtype:trojan-activity;sid:84723140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.5.137"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860039/; classtype:trojan-activity;sid:84723139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de73dd2e-9f5e-46ff-8a42-9ea8257f8e93"; depth:37; endswith; nocase; http.host; content:"aarcyyo.one1xbet.net"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860038/; classtype:trojan-activity;sid:84723138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.16.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860037/; classtype:trojan-activity;sid:84723137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.162.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860036/; classtype:trojan-activity;sid:84723136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860035/; classtype:trojan-activity;sid:84723135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.87.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860034/; classtype:trojan-activity;sid:84723134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.188.117"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860033/; classtype:trojan-activity;sid:84723133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.201.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860032/; classtype:trojan-activity;sid:84723132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.162.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860031/; classtype:trojan-activity;sid:84723131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.10.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860030/; classtype:trojan-activity;sid:84723130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.227.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860029/; classtype:trojan-activity;sid:84723129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b60c3f32-2383-45cd-8274-cd7e3f71e4e0"; depth:37; endswith; nocase; http.host; content:"jrnxmey.one1xbet.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860028/; classtype:trojan-activity;sid:84723128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.87.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860027/; classtype:trojan-activity;sid:84723127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/payload.xml"; depth:17; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860026/; classtype:trojan-activity;sid:84723126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860025/; classtype:trojan-activity;sid:84723125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.0"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860024/; classtype:trojan-activity;sid:84723124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.152.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860023/; classtype:trojan-activity;sid:84723123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860022/; classtype:trojan-activity;sid:84723122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/873d87cd-f773-42a6-9fdf-5e00d752f321"; depth:37; endswith; nocase; http.host; content:"lzsmmza.one1xbet.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860021/; classtype:trojan-activity;sid:84723121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.225.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860020/; classtype:trojan-activity;sid:84723120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.152.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860019/; classtype:trojan-activity;sid:84723119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a65d272e-a669-40fb-b1b7-8fda9c67da91"; depth:47; endswith; nocase; http.host; content:"efd7fi03.monti.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860018/; classtype:trojan-activity;sid:84723118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.7.155.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860017/; classtype:trojan-activity;sid:84723117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.54.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860016/; classtype:trojan-activity;sid:84723116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.78.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860015/; classtype:trojan-activity;sid:84723115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.102.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860014/; classtype:trojan-activity;sid:84723114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.225.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860013/; classtype:trojan-activity;sid:84723113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.131.243.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860012/; classtype:trojan-activity;sid:84723112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.128.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860011/; classtype:trojan-activity;sid:84723111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3a549"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860000/; classtype:trojan-activity;sid:84723100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a074d3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860001/; classtype:trojan-activity;sid:84723101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/334ee6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860002/; classtype:trojan-activity;sid:84723102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6858bf"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860003/; classtype:trojan-activity;sid:84723103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7a8be6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860004/; classtype:trojan-activity;sid:84723104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d7045c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860005/; classtype:trojan-activity;sid:84723105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b37590"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860006/; classtype:trojan-activity;sid:84723106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a78fa8"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860007/; classtype:trojan-activity;sid:84723107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5093cc"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860008/; classtype:trojan-activity;sid:84723108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/080095"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860009/; classtype:trojan-activity;sid:84723109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/10dbbe"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860010/; classtype:trojan-activity;sid:84723110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd4e2d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859999/; classtype:trojan-activity;sid:84723099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70136de2-bfe8-485d-94a5-53ad7c65dd68"; depth:37; endswith; nocase; http.host; content:"lfrzjdk.one1x.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859998/; classtype:trojan-activity;sid:84723098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ba3d6"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859993/; classtype:trojan-activity;sid:84723093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0f2b87"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859994/; classtype:trojan-activity;sid:84723094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6e1f3b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859995/; classtype:trojan-activity;sid:84723095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/14595b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859996/; classtype:trojan-activity;sid:84723096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e4f499"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859997/; classtype:trojan-activity;sid:84723097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d884f4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859986/; classtype:trojan-activity;sid:84723086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df559d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859987/; classtype:trojan-activity;sid:84723087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35a72c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859988/; classtype:trojan-activity;sid:84723088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcd92d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859989/; classtype:trojan-activity;sid:84723089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/88e688"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859990/; classtype:trojan-activity;sid:84723090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a9c0ff"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859991/; classtype:trojan-activity;sid:84723091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/58c16c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859992/; classtype:trojan-activity;sid:84723092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.83.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859985/; classtype:trojan-activity;sid:84723085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47aec57c-ddba-4761-9fe8-dad5a5a70aa5"; depth:37; endswith; nocase; http.host; content:"ivqivx.xenicalby6.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859984/; classtype:trojan-activity;sid:84723084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"159.255.20.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859983/; classtype:trojan-activity;sid:84723083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859982/; classtype:trojan-activity;sid:84723082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d25c86"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859980/; classtype:trojan-activity;sid:84723080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.229.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859981/; classtype:trojan-activity;sid:84723081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdfaaa"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859979/; classtype:trojan-activity;sid:84723079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/720d02"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859975/; classtype:trojan-activity;sid:84723075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5487dd"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859976/; classtype:trojan-activity;sid:84723076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/673af7"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859977/; classtype:trojan-activity;sid:84723077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9d746"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859978/; classtype:trojan-activity;sid:84723078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/675b5b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859969/; classtype:trojan-activity;sid:84723069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e0f1c"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859970/; classtype:trojan-activity;sid:84723070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1e2d72"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859971/; classtype:trojan-activity;sid:84723071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8de3f4"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859972/; classtype:trojan-activity;sid:84723072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8f75ac"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859973/; classtype:trojan-activity;sid:84723073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66c858"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859974/; classtype:trojan-activity;sid:84723074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.102.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859968/; classtype:trojan-activity;sid:84723068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.4.242"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859967/; classtype:trojan-activity;sid:84723067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.131.243.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859966/; classtype:trojan-activity;sid:84723066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.229.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859965/; classtype:trojan-activity;sid:84723065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.115.4"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859964/; classtype:trojan-activity;sid:84723064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.4.242"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859963/; classtype:trojan-activity;sid:84723063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.161.160"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859962/; classtype:trojan-activity;sid:84723062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.115.4"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859961/; classtype:trojan-activity;sid:84723061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.81.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859960/; classtype:trojan-activity;sid:84723060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/26acf26c-05d0-4436-bdfc-307add057ee8"; depth:37; endswith; nocase; http.host; content:"njhhbmh.olabahiskayit.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859959/; classtype:trojan-activity;sid:84723059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.138.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859958/; classtype:trojan-activity;sid:84723058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859957/; classtype:trojan-activity;sid:84723057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.40.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859956/; classtype:trojan-activity;sid:84723056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41b122fa-1187-4e24-a89c-889d6a7c113a"; depth:37; endswith; nocase; http.host; content:"gqmalnx.ogwil.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859955/; classtype:trojan-activity;sid:84723055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.241"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859954/; classtype:trojan-activity;sid:84723054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.48.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859953/; classtype:trojan-activity;sid:84723053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=33e08c1f-75a1-42e1-867a-9c4656db7337"; depth:47; endswith; nocase; http.host; content:"60hx33ds.minescasino.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859952/; classtype:trojan-activity;sid:84723052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.81.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859951/; classtype:trojan-activity;sid:84723051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.237.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859950/; classtype:trojan-activity;sid:84723050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.233.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859949/; classtype:trojan-activity;sid:84723049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a93a8f62-e5c6-4c84-8307-4f9f3e58f4c4"; depth:37; endswith; nocase; http.host; content:"geovin.bet404farsi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859948/; classtype:trojan-activity;sid:84723048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fea916ac-f93f-47f6-a043-64478ff162d2"; depth:37; endswith; nocase; http.host; content:"kvzkqjf.ninjafruitcubes.bet"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859947/; classtype:trojan-activity;sid:84723047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.186.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859946/; classtype:trojan-activity;sid:84723046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.93.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859945/; classtype:trojan-activity;sid:84723045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859944/; classtype:trojan-activity;sid:84723044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.0.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859943/; classtype:trojan-activity;sid:84723043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.233.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859942/; classtype:trojan-activity;sid:84723042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.240.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859940/; classtype:trojan-activity;sid:84723040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.83.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859941/; classtype:trojan-activity;sid:84723041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859939/; classtype:trojan-activity;sid:84723039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.243.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859938/; classtype:trojan-activity;sid:84723038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.243.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859937/; classtype:trojan-activity;sid:84723037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.0.119"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859936/; classtype:trojan-activity;sid:84723036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.107.68"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859935/; classtype:trojan-activity;sid:84723035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.25.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859934/; classtype:trojan-activity;sid:84723034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=36ec9410-9437-4903-b055-e17becfc6a88"; depth:47; endswith; nocase; http.host; content:"mhjzma3p.betebetwin.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859933/; classtype:trojan-activity;sid:84723033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a119d529-4f16-4b98-9861-ac5bf9e47a2c"; depth:37; endswith; nocase; http.host; content:"knstbms.nardtakhte.app"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859932/; classtype:trojan-activity;sid:84723032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.100.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859931/; classtype:trojan-activity;sid:84723031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.1.80"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859930/; classtype:trojan-activity;sid:84723030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.54.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859929/; classtype:trojan-activity;sid:84723029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.111.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859928/; classtype:trojan-activity;sid:84723028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.107.68"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859927/; classtype:trojan-activity;sid:84723027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859926/; classtype:trojan-activity;sid:84723026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2624b39c-ec54-4aa4-85e3-71935549e195"; depth:47; endswith; nocase; http.host; content:"4h79jvxe.metrobahiscark.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859925/; classtype:trojan-activity;sid:84723025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.112.56"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859924/; classtype:trojan-activity;sid:84723024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.1.80"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859923/; classtype:trojan-activity;sid:84723023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a30e304-eb79-4b88-b41c-c6761423f25c"; depth:37; endswith; nocase; http.host; content:"lvgnygm.nannafreving.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859922/; classtype:trojan-activity;sid:84723022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.111.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859921/; classtype:trojan-activity;sid:84723021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.158.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859920/; classtype:trojan-activity;sid:84723020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.54.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859919/; classtype:trojan-activity;sid:84723019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859918/; classtype:trojan-activity;sid:84723018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859917/; classtype:trojan-activity;sid:84723017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.19.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859916/; classtype:trojan-activity;sid:84723016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859915/; classtype:trojan-activity;sid:84723015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/261d7175-1601-45ab-aef3-8278ff3f326f"; depth:37; endswith; nocase; http.host; content:"ylccwf.jamjahani.games"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859914/; classtype:trojan-activity;sid:84723014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.247.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859912/; classtype:trojan-activity;sid:84723012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.252.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859913/; classtype:trojan-activity;sid:84723013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.119.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859911/; classtype:trojan-activity;sid:84723011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c91f81a6-d9c5-4fc7-a9cd-ff77a0634dec"; depth:37; endswith; nocase; http.host; content:"enkkxbi.n1betiran.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859910/; classtype:trojan-activity;sid:84723010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859909/; classtype:trojan-activity;sid:84723009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.252.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859908/; classtype:trojan-activity;sid:84723008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.189.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859907/; classtype:trojan-activity;sid:84723007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.163.150.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859906/; classtype:trojan-activity;sid:84723006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.49.213.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859905/; classtype:trojan-activity;sid:84723005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.233.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859904/; classtype:trojan-activity;sid:84723004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f808480-24cd-4263-87c1-d074285a8b9c"; depth:37; endswith; nocase; http.host; content:"ybyvozc.jamjahani.vip"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859903/; classtype:trojan-activity;sid:84723003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859902/; classtype:trojan-activity;sid:84723002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab302412-ae27-45e4-b436-98014d48ce68"; depth:37; endswith; nocase; http.host; content:"dbnnsjv.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859901/; classtype:trojan-activity;sid:84723001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.250.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859900/; classtype:trojan-activity;sid:84723000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.250.171"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859899/; classtype:trojan-activity;sid:84722999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b477ab7d-084d-4ec5-9e37-3c2776fcbd6d"; depth:37; endswith; nocase; http.host; content:"npawoli.jamjahani.world"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859898/; classtype:trojan-activity;sid:84722998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.27.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859897/; classtype:trojan-activity;sid:84722997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/04ae5ae6-5230-45ce-aa7a-33fc9e1f6444"; depth:37; endswith; nocase; http.host; content:"hetljl.jamjahani.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859896/; classtype:trojan-activity;sid:84722996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.200.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859895/; classtype:trojan-activity;sid:84722995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.103.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859894/; classtype:trojan-activity;sid:84722994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"179.49.213.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859893/; classtype:trojan-activity;sid:84722993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859892/; classtype:trojan-activity;sid:84722992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.7.155.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859891/; classtype:trojan-activity;sid:84722991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.222"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859890/; classtype:trojan-activity;sid:84722990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.200.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859889/; classtype:trojan-activity;sid:84722989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36c53e51-0ab6-46ff-bce4-b20db3a6dab6"; depth:37; endswith; nocase; http.host; content:"rvlpcvr.jogodobicho.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859888/; classtype:trojan-activity;sid:84722988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.126.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859887/; classtype:trojan-activity;sid:84722987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8611510537/5swxpda.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859885/; classtype:trojan-activity;sid:84722985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5279938618/ugnrvhc.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859886/; classtype:trojan-activity;sid:84722986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.103.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859884/; classtype:trojan-activity;sid:84722984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.95.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859883/; classtype:trojan-activity;sid:84722983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.222"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859882/; classtype:trojan-activity;sid:84722982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.136.102.112"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859881/; classtype:trojan-activity;sid:84722981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.218.59.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859880/; classtype:trojan-activity;sid:84722980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/73d87ffb-2c1b-4ae6-ad04-e4aafec2b1ce"; depth:37; endswith; nocase; http.host; content:"viopkdh.kbshavanese.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859879/; classtype:trojan-activity;sid:84722979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.136.102.112"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859878/; classtype:trojan-activity;sid:84722978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.218.59.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859877/; classtype:trojan-activity;sid:84722977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.30.14"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859876/; classtype:trojan-activity;sid:84722976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/db364957-eb58-4179-b72b-094d585a0bc7"; depth:37; endswith; nocase; http.host; content:"xhqkuit.kvbel.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859875/; classtype:trojan-activity;sid:84722975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.30.14"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859874/; classtype:trojan-activity;sid:84722974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7070e65a-2f2b-442a-87f0-2735fc6a7ca6"; depth:47; endswith; nocase; http.host; content:"7tzr8pjb.mattheneus-healthcare.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859873/; classtype:trojan-activity;sid:84722973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.242.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859872/; classtype:trojan-activity;sid:84722972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859871/; classtype:trojan-activity;sid:84722971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.167.25.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859870/; classtype:trojan-activity;sid:84722970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.33.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859869/; classtype:trojan-activity;sid:84722969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.201.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859868/; classtype:trojan-activity;sid:84722968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=62caff92-ce75-458f-b1c9-f56b1cf62f56"; depth:47; endswith; nocase; http.host; content:"s3unirpm.bet90land.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859867/; classtype:trojan-activity;sid:84722967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cee2e7f4-f165-4dc7-90d7-26dcfac6e73d"; depth:37; endswith; nocase; http.host; content:"rxxgnn.jamjahani.cash"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859866/; classtype:trojan-activity;sid:84722966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859865/; classtype:trojan-activity;sid:84722965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.136.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859864/; classtype:trojan-activity;sid:84722964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.242.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859863/; classtype:trojan-activity;sid:84722963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/785b4df3-2198-46fb-93c0-b0f63650a59f"; depth:37; endswith; nocase; http.host; content:"yghqghh.lolsurpriseball.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859862/; classtype:trojan-activity;sid:84722962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.216.243.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859861/; classtype:trojan-activity;sid:84722961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.40.242"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859860/; classtype:trojan-activity;sid:84722960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.120.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859859/; classtype:trojan-activity;sid:84722959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/be09e16f-39e2-47cd-a910-3682c1995a65"; depth:37; endswith; nocase; http.host; content:"zqgqzuo.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859858/; classtype:trojan-activity;sid:84722958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.136.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859857/; classtype:trojan-activity;sid:84722957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.255.251.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859856/; classtype:trojan-activity;sid:84722956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.220.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859855/; classtype:trojan-activity;sid:84722955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/379bd89f-0379-4c99-ac20-f52e355f2c37"; depth:37; endswith; nocase; http.host; content:"eycgzaa.jamjahani.site"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859854/; classtype:trojan-activity;sid:84722954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.200.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859853/; classtype:trojan-activity;sid:84722953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.29.214.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859851/; classtype:trojan-activity;sid:84722951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"45.120.161.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859852/; classtype:trojan-activity;sid:84722952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.39.244.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859850/; classtype:trojan-activity;sid:84722950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.220.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859849/; classtype:trojan-activity;sid:84722949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.200.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859848/; classtype:trojan-activity;sid:84722948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859846/; classtype:trojan-activity;sid:84722946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.156.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859847/; classtype:trojan-activity;sid:84722947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=278be8f4-87b7-4438-be67-2f447ea57a51"; depth:47; endswith; nocase; http.host; content:"is34r2fh.marc90bet.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859845/; classtype:trojan-activity;sid:84722945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859844/; classtype:trojan-activity;sid:84722944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"176.65.132.109"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859843/; classtype:trojan-activity;sid:84722943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.i686"; depth:15; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859842/; classtype:trojan-activity;sid:84722942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nova.sh"; depth:8; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859841/; classtype:trojan-activity;sid:84722941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7782139129/tyolms8.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859840/; classtype:trojan-activity;sid:84722940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.104.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859839/; classtype:trojan-activity;sid:84722939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.104.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859838/; classtype:trojan-activity;sid:84722938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/452841ac-082a-409f-8b22-a924f8c94cde"; depth:37; endswith; nocase; http.host; content:"fgeszrs.dahdahtoys.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859837/; classtype:trojan-activity;sid:84722937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859836/; classtype:trojan-activity;sid:84722936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.160.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859835/; classtype:trojan-activity;sid:84722935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f9460d"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859822/; classtype:trojan-activity;sid:84722922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8f4c61"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859823/; classtype:trojan-activity;sid:84722923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7dc165"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859824/; classtype:trojan-activity;sid:84722924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/badf9b"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859825/; classtype:trojan-activity;sid:84722925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4de1fb"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859826/; classtype:trojan-activity;sid:84722926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cff527"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859827/; classtype:trojan-activity;sid:84722927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f79a43"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859828/; classtype:trojan-activity;sid:84722928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35cdda"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859829/; classtype:trojan-activity;sid:84722929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18a84f"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859830/; classtype:trojan-activity;sid:84722930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2fc2f3"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859831/; classtype:trojan-activity;sid:84722931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1bedf9"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859832/; classtype:trojan-activity;sid:84722932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1fbb47"; depth:7; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859833/; classtype:trojan-activity;sid:84722933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok"; depth:3; endswith; nocase; http.host; content:"45.205.1.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859834/; classtype:trojan-activity;sid:84722934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.38.40.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859821/; classtype:trojan-activity;sid:84722921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859820/; classtype:trojan-activity;sid:84722920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2be3a3ae-4afa-4b5f-aaf4-a010647e6e60"; depth:37; endswith; nocase; http.host; content:"xvbfkf.jamjahani.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859819/; classtype:trojan-activity;sid:84722919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20.exe"; depth:7; endswith; nocase; http.host; content:"62.60.226.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859817/; classtype:trojan-activity;sid:84722917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s287.exe"; depth:9; endswith; nocase; http.host; content:"62.60.226.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859818/; classtype:trojan-activity;sid:84722918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/16.exe"; depth:7; endswith; nocase; http.host; content:"62.60.226.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859816/; classtype:trojan-activity;sid:84722916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859815/; classtype:trojan-activity;sid:84722915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.33.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859814/; classtype:trojan-activity;sid:84722914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.38.40.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859813/; classtype:trojan-activity;sid:84722913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"108.168.10.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859812/; classtype:trojan-activity;sid:84722912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb9549a1-6721-459d-8b1c-bd9815fbc566"; depth:37; endswith; nocase; http.host; content:"tvonayz.jamjahani.vip"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859811/; classtype:trojan-activity;sid:84722911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"108.168.10.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859810/; classtype:trojan-activity;sid:84722910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wife.ppc440"; depth:12; endswith; nocase; http.host; content:"176.65.139.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859809/; classtype:trojan-activity;sid:84722909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"192.159.99.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859808/; classtype:trojan-activity;sid:84722908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"192.159.99.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859807/; classtype:trojan-activity;sid:84722907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.33.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859806/; classtype:trojan-activity;sid:84722906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.242.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859805/; classtype:trojan-activity;sid:84722905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.182.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859804/; classtype:trojan-activity;sid:84722904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.126.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859803/; classtype:trojan-activity;sid:84722903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02fc6260-c8a4-47ad-8767-59961747f203"; depth:37; endswith; nocase; http.host; content:"arihanp.jamjahani.website"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859802/; classtype:trojan-activity;sid:84722902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.250.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859801/; classtype:trojan-activity;sid:84722901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859800/; classtype:trojan-activity;sid:84722900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859799/; classtype:trojan-activity;sid:84722899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859798/; classtype:trojan-activity;sid:84722898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859796/; classtype:trojan-activity;sid:84722896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859797/; classtype:trojan-activity;sid:84722897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859795/; classtype:trojan-activity;sid:84722895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massload"; depth:9; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859794/; classtype:trojan-activity;sid:84722894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"vitacocoyougoloco.potassium.st"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859793/; classtype:trojan-activity;sid:84722893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.31.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859792/; classtype:trojan-activity;sid:84722892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.250.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859791/; classtype:trojan-activity;sid:84722891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.41.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859790/; classtype:trojan-activity;sid:84722890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.178.3.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859789/; classtype:trojan-activity;sid:84722889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2c535a6c-5bdf-4422-9498-47886a84aec1"; depth:47; endswith; nocase; http.host; content:"923nr8dp.chloroquineser.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859788/; classtype:trojan-activity;sid:84722888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5c486b01-ad6a-4374-8739-5f19b677b491"; depth:37; endswith; nocase; http.host; content:"urdjsnn.jamjahani.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859787/; classtype:trojan-activity;sid:84722887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859786/; classtype:trojan-activity;sid:84722886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.31.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859785/; classtype:trojan-activity;sid:84722885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kozak.sh"; depth:14; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859772/; classtype:trojan-activity;sid:84722872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/psh4"; depth:10; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859773/; classtype:trojan-activity;sid:84722873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/o.xml"; depth:11; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859774/; classtype:trojan-activity;sid:84722874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859775/; classtype:trojan-activity;sid:84722875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859776/; classtype:trojan-activity;sid:84722876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859777/; classtype:trojan-activity;sid:84722877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pppc"; depth:10; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859778/; classtype:trojan-activity;sid:84722878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859779/; classtype:trojan-activity;sid:84722879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859780/; classtype:trojan-activity;sid:84722880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pm68k"; depth:11; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859781/; classtype:trojan-activity;sid:84722881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pspc"; depth:10; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859782/; classtype:trojan-activity;sid:84722882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859783/; classtype:trojan-activity;sid:84722883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"45.202.246.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859784/; classtype:trojan-activity;sid:84722884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v49922.exe"; depth:11; endswith; nocase; http.host; content:"62.60.226.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859771/; classtype:trojan-activity;sid:84722871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.41.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859770/; classtype:trojan-activity;sid:84722870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.10.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859769/; classtype:trojan-activity;sid:84722869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"212.178.3.64"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859768/; classtype:trojan-activity;sid:84722868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a896ac04-ebfe-462f-94ab-d0324e8bb73a"; depth:37; endswith; nocase; http.host; content:"rmbvag.jamjahani2026shartbandi.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859767/; classtype:trojan-activity;sid:84722867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859766/; classtype:trojan-activity;sid:84722866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.10.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859765/; classtype:trojan-activity;sid:84722865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37f1b5b2-5665-4b06-ad5f-58a735bfd3d0"; depth:37; endswith; nocase; http.host; content:"caxvhiw.jamjahani.org"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859764/; classtype:trojan-activity;sid:84722864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"210.97.100.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859763/; classtype:trojan-activity;sid:84722863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"210.97.100.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859762/; classtype:trojan-activity;sid:84722862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.156.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859761/; classtype:trojan-activity;sid:84722861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89feb712-a453-42cc-b6f8-a803be54d631"; depth:37; endswith; nocase; http.host; content:"dkrbvhs.jamjahani.site"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859760/; classtype:trojan-activity;sid:84722860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6ad529b4-2258-40df-b312-1df6db19911e"; depth:47; endswith; nocase; http.host; content:"po9isauo.bet90boro.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859759/; classtype:trojan-activity;sid:84722859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68e30188-7d96-40bf-af39-b7214ba7ff35"; depth:37; endswith; nocase; http.host; content:"uwxrhkk.mangobetfarsi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859758/; classtype:trojan-activity;sid:84722858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.3.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859757/; classtype:trojan-activity;sid:84722857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.3.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859756/; classtype:trojan-activity;sid:84722856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4907547e-8a7d-41a9-a116-a5c43c8df800"; depth:47; endswith; nocase; http.host; content:"v47m17r8.cerocarey.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859755/; classtype:trojan-activity;sid:84722855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab24aa56-3f0f-45a5-8115-1032edc05f6a"; depth:37; endswith; nocase; http.host; content:"nzfcrki.lolsurpriseball.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859754/; classtype:trojan-activity;sid:84722854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.86.62.239"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859753/; classtype:trojan-activity;sid:84722853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/33101bcd-fd90-48ef-a8bd-f1b5429658e1"; depth:37; endswith; nocase; http.host; content:"dlklyo.jamjahani2026.football"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859752/; classtype:trojan-activity;sid:84722852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.86.62.239"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859751/; classtype:trojan-activity;sid:84722851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9f7eda19-fac9-451e-a68a-033499bf7a72"; depth:37; endswith; nocase; http.host; content:"errcxxn.libertabet.tv"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859750/; classtype:trojan-activity;sid:84722850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.184.28.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859749/; classtype:trojan-activity;sid:84722849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859748/; classtype:trojan-activity;sid:84722848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.150.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859747/; classtype:trojan-activity;sid:84722847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.160.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859746/; classtype:trojan-activity;sid:84722846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.255.179"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859745/; classtype:trojan-activity;sid:84722845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.212.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859744/; classtype:trojan-activity;sid:84722844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.160.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859743/; classtype:trojan-activity;sid:84722843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.212.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859742/; classtype:trojan-activity;sid:84722842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.184.28.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859741/; classtype:trojan-activity;sid:84722841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.150.61"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859740/; classtype:trojan-activity;sid:84722840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.53.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859739/; classtype:trojan-activity;sid:84722839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.244.36.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859738/; classtype:trojan-activity;sid:84722838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d47f6aba-834e-4c96-ae2f-a6861381c18a"; depth:37; endswith; nocase; http.host; content:"mgyhtpm.libertabetgiris.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859737/; classtype:trojan-activity;sid:84722837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.233.94.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859735/; classtype:trojan-activity;sid:84722835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.190.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859736/; classtype:trojan-activity;sid:84722836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.233.94.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859734/; classtype:trojan-activity;sid:84722834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.255.179"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859733/; classtype:trojan-activity;sid:84722833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.147.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859732/; classtype:trojan-activity;sid:84722832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.222.44.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859731/; classtype:trojan-activity;sid:84722831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.244.36.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859730/; classtype:trojan-activity;sid:84722830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.79.160.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859729/; classtype:trojan-activity;sid:84722829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.190.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859728/; classtype:trojan-activity;sid:84722828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.147.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859727/; classtype:trojan-activity;sid:84722827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.21.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859726/; classtype:trojan-activity;sid:84722826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8036ce7c-3d90-4ad5-821c-d9e59cf3512b"; depth:47; endswith; nocase; http.host; content:"34bbeito.canlibahis1xbet.click"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859725/; classtype:trojan-activity;sid:84722825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bd49d22d-aa5a-440b-9181-3f81161f941f"; depth:37; endswith; nocase; http.host; content:"wcrvlfe.kvbel.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859724/; classtype:trojan-activity;sid:84722824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f6fe481f-ce20-4f12-bf20-3988ccbb5d5d"; depth:37; endswith; nocase; http.host; content:"wvquvzx.kenzobet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859723/; classtype:trojan-activity;sid:84722823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.167.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859722/; classtype:trojan-activity;sid:84722822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.222.44.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859721/; classtype:trojan-activity;sid:84722821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.21.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859720/; classtype:trojan-activity;sid:84722820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24648e82-9988-406f-8296-ce55b457ade9"; depth:37; endswith; nocase; http.host; content:"lfwboc.jamejahani.win"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859719/; classtype:trojan-activity;sid:84722819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.58.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859718/; classtype:trojan-activity;sid:84722818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.240.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859717/; classtype:trojan-activity;sid:84722817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.167.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859715/; classtype:trojan-activity;sid:84722815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.240.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859716/; classtype:trojan-activity;sid:84722816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.189.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859714/; classtype:trojan-activity;sid:84722814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859713/; classtype:trojan-activity;sid:84722813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859712/; classtype:trojan-activity;sid:84722812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3269fb46-d1f7-448e-a6b3-c961f0afe2d9"; depth:37; endswith; nocase; http.host; content:"bdyqsrv.kbshavanese.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859711/; classtype:trojan-activity;sid:84722811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859706/; classtype:trojan-activity;sid:84722806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859707/; classtype:trojan-activity;sid:84722807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859708/; classtype:trojan-activity;sid:84722808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859709/; classtype:trojan-activity;sid:84722809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859710/; classtype:trojan-activity;sid:84722810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859701/; classtype:trojan-activity;sid:84722801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859702/; classtype:trojan-activity;sid:84722802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859703/; classtype:trojan-activity;sid:84722803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859704/; classtype:trojan-activity;sid:84722804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859705/; classtype:trojan-activity;sid:84722805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859683/; classtype:trojan-activity;sid:84722783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859684/; classtype:trojan-activity;sid:84722784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859685/; classtype:trojan-activity;sid:84722785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859686/; classtype:trojan-activity;sid:84722786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859687/; classtype:trojan-activity;sid:84722787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859688/; classtype:trojan-activity;sid:84722788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859689/; classtype:trojan-activity;sid:84722789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859690/; classtype:trojan-activity;sid:84722790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859691/; classtype:trojan-activity;sid:84722791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859692/; classtype:trojan-activity;sid:84722792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859693/; classtype:trojan-activity;sid:84722793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859694/; classtype:trojan-activity;sid:84722794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859695/; classtype:trojan-activity;sid:84722795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859696/; classtype:trojan-activity;sid:84722796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859697/; classtype:trojan-activity;sid:84722797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"disrupt.anondns.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859698/; classtype:trojan-activity;sid:84722798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859699/; classtype:trojan-activity;sid:84722799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"no7shmh.shop"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859700/; classtype:trojan-activity;sid:84722800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859682/; classtype:trojan-activity;sid:84722782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.58.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859681/; classtype:trojan-activity;sid:84722781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.124.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859680/; classtype:trojan-activity;sid:84722780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.62.241.196"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859679/; classtype:trojan-activity;sid:84722779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.131.133.189"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859678/; classtype:trojan-activity;sid:84722778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.117.58.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859677/; classtype:trojan-activity;sid:84722777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6ff7a8b2-b82d-4677-93e5-3556ae2a72fd"; depth:37; endswith; nocase; http.host; content:"jjotnoj.jojobetuyelik.info"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859676/; classtype:trojan-activity;sid:84722776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859675/; classtype:trojan-activity;sid:84722775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.9.35.137"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859674/; classtype:trojan-activity;sid:84722774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.182.186"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859673/; classtype:trojan-activity;sid:84722773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.124.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859672/; classtype:trojan-activity;sid:84722772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.9.35.137"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859671/; classtype:trojan-activity;sid:84722771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.120.105"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859670/; classtype:trojan-activity;sid:84722770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b62bc1c0-326f-4cf3-b82e-8ce3c4f1a6b5"; depth:37; endswith; nocase; http.host; content:"zvxeaqm.jogodobicho.games"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859669/; classtype:trojan-activity;sid:84722769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859668/; classtype:trojan-activity;sid:84722768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.100.225.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859667/; classtype:trojan-activity;sid:84722767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d7d4aa57-22fe-4967-9339-ef9137170c91"; depth:47; endswith; nocase; http.host; content:"6ju7fjjz.bordoo.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859666/; classtype:trojan-activity;sid:84722766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.92.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859665/; classtype:trojan-activity;sid:84722765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.205.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859664/; classtype:trojan-activity;sid:84722764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"149.71.39.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859663/; classtype:trojan-activity;sid:84722763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.189.31.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859662/; classtype:trojan-activity;sid:84722762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859661/; classtype:trojan-activity;sid:84722761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9c789c9a-2500-4ff9-876e-a0f1fe073b29"; depth:47; endswith; nocase; http.host; content:"4lm4v3bu.bet404.games"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859660/; classtype:trojan-activity;sid:84722760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.146.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859659/; classtype:trojan-activity;sid:84722759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.93.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859658/; classtype:trojan-activity;sid:84722758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7c6c8d19-6269-4bbc-b56f-ee0ab6b3fdce"; depth:37; endswith; nocase; http.host; content:"jrpzgr.jamejahani.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859657/; classtype:trojan-activity;sid:84722757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.221.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859656/; classtype:trojan-activity;sid:84722756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.100.225.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859655/; classtype:trojan-activity;sid:84722755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ebe27db7-5c7b-43e4-91f2-e6929b5fa13e"; depth:37; endswith; nocase; http.host; content:"vvxcqgv.jamjahani.world"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859654/; classtype:trojan-activity;sid:84722754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"162.250.16.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859653/; classtype:trojan-activity;sid:84722753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.248.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859652/; classtype:trojan-activity;sid:84722752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s5test"; depth:7; endswith; nocase; http.host; content:"xn--b1amdnf.st-rpl-diff-node.in.net"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859651/; classtype:trojan-activity;sid:84722751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.83.229"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859650/; classtype:trojan-activity;sid:84722750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.248.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859649/; classtype:trojan-activity;sid:84722749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.161"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859648/; classtype:trojan-activity;sid:84722748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bf4ef6f9-1fe4-4657-9899-5432e1c48309"; depth:37; endswith; nocase; http.host; content:"ubzfosw.jamjahani.win"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859647/; classtype:trojan-activity;sid:84722747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.159.34.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859646/; classtype:trojan-activity;sid:84722746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.138.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859645/; classtype:trojan-activity;sid:84722745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b6e8e0d1-e909-4732-8870-effba4034f5a"; depth:37; endswith; nocase; http.host; content:"ofwbhuk.jamjahani.website"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859644/; classtype:trojan-activity;sid:84722744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.186.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859643/; classtype:trojan-activity;sid:84722743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.39.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859642/; classtype:trojan-activity;sid:84722742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e90c3f51-c48a-47c2-b8b4-b3eb26393406"; depth:47; endswith; nocase; http.host; content:"zxuq0oha.bord90.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859641/; classtype:trojan-activity;sid:84722741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.140.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859640/; classtype:trojan-activity;sid:84722740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ejdhukab"; depth:9; endswith; nocase; http.host; content:"jolly-bread-f04e.deborahbmuellerziytqsjw7623.workers.dev"; depth:56; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859639/; classtype:trojan-activity;sid:84722739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ejdhukab.html"; depth:14; endswith; nocase; http.host; content:"jolly-bread-f04e.deborahbmuellerziytqsjw7623.workers.dev"; depth:56; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859638/; classtype:trojan-activity;sid:84722738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859635/; classtype:trojan-activity;sid:84722735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm64"; depth:6; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859636/; classtype:trojan-activity;sid:84722736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859637/; classtype:trojan-activity;sid:84722737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64le"; depth:8; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859634/; classtype:trojan-activity;sid:84722734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859633/; classtype:trojan-activity;sid:84722733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s390x"; depth:6; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859632/; classtype:trojan-activity;sid:84722732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859631/; classtype:trojan-activity;sid:84722731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859630/; classtype:trojan-activity;sid:84722730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qubz"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859629/; classtype:trojan-activity;sid:84722729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ari"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859624/; classtype:trojan-activity;sid:84722724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6gfv"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859625/; classtype:trojan-activity;sid:84722725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gsn"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859626/; classtype:trojan-activity;sid:84722726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t7jm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859627/; classtype:trojan-activity;sid:84722727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lqcu"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859628/; classtype:trojan-activity;sid:84722728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859605/; classtype:trojan-activity;sid:84722705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859606/; classtype:trojan-activity;sid:84722706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859607/; classtype:trojan-activity;sid:84722707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859608/; classtype:trojan-activity;sid:84722708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64el"; depth:9; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859609/; classtype:trojan-activity;sid:84722709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859610/; classtype:trojan-activity;sid:84722710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w1s"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859611/; classtype:trojan-activity;sid:84722711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyh"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859612/; classtype:trojan-activity;sid:84722712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/olpe"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859613/; classtype:trojan-activity;sid:84722713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fhax"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859614/; classtype:trojan-activity;sid:84722714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hvss"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859615/; classtype:trojan-activity;sid:84722715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ubi"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859616/; classtype:trojan-activity;sid:84722716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cl0x"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859617/; classtype:trojan-activity;sid:84722717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859618/; classtype:trojan-activity;sid:84722718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyld"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859619/; classtype:trojan-activity;sid:84722719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859620/; classtype:trojan-activity;sid:84722720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gga"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859621/; classtype:trojan-activity;sid:84722721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qx2n"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859622/; classtype:trojan-activity;sid:84722722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sxv"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859623/; classtype:trojan-activity;sid:84722723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vxyc"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859602/; classtype:trojan-activity;sid:84722702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q6yy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859603/; classtype:trojan-activity;sid:84722703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcgc"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859604/; classtype:trojan-activity;sid:84722704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vscc"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859597/; classtype:trojan-activity;sid:84722697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yjjk"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859598/; classtype:trojan-activity;sid:84722698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ill"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859599/; classtype:trojan-activity;sid:84722699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adah"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859600/; classtype:trojan-activity;sid:84722700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tjgr"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859601/; classtype:trojan-activity;sid:84722701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.101.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859596/; classtype:trojan-activity;sid:84722696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm5"; depth:17; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859595/; classtype:trojan-activity;sid:84722695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm6"; depth:17; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859594/; classtype:trojan-activity;sid:84722694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.m68k"; depth:17; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859589/; classtype:trojan-activity;sid:84722689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.mpsl"; depth:17; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859590/; classtype:trojan-activity;sid:84722690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm64"; depth:18; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859591/; classtype:trojan-activity;sid:84722691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.ppc"; depth:16; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859592/; classtype:trojan-activity;sid:84722692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.x86_64"; depth:19; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859593/; classtype:trojan-activity;sid:84722693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm7"; depth:17; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859583/; classtype:trojan-activity;sid:84722683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.sh4"; depth:16; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859584/; classtype:trojan-activity;sid:84722684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm"; depth:16; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859585/; classtype:trojan-activity;sid:84722685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.x86_64_srv"; depth:23; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859586/; classtype:trojan-activity;sid:84722686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.mips64"; depth:19; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859587/; classtype:trojan-activity;sid:84722687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.mips"; depth:17; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859588/; classtype:trojan-activity;sid:84722688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.x86"; depth:16; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859581/; classtype:trojan-activity;sid:84722681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.spc"; depth:16; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859582/; classtype:trojan-activity;sid:84722682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859579/; classtype:trojan-activity;sid:84722679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859580/; classtype:trojan-activity;sid:84722680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa031150-2790-446f-8996-d9d7e288a614"; depth:37; endswith; nocase; http.host; content:"khndao.x50wheel.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859578/; classtype:trojan-activity;sid:84722678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.161"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859577/; classtype:trojan-activity;sid:84722677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859576/; classtype:trojan-activity;sid:84722676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859574/; classtype:trojan-activity;sid:84722674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859575/; classtype:trojan-activity;sid:84722675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c6e061ed-9452-4c71-abd5-afc8e4bee6ed"; depth:37; endswith; nocase; http.host; content:"piciidq.jamjahani.vip"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859573/; classtype:trojan-activity;sid:84722673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciabins.sh"; depth:11; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859571/; classtype:trojan-activity;sid:84722671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859572/; classtype:trojan-activity;sid:84722672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859565/; classtype:trojan-activity;sid:84722665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859566/; classtype:trojan-activity;sid:84722666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859567/; classtype:trojan-activity;sid:84722667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859568/; classtype:trojan-activity;sid:84722668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859569/; classtype:trojan-activity;sid:84722669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859570/; classtype:trojan-activity;sid:84722670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlink.sh"; depth:9; endswith; nocase; http.host; content:"176.65.149.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859564/; classtype:trojan-activity;sid:84722664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlink.sh"; depth:9; endswith; nocase; http.host; content:"176.65.149.168.ptr.pfcloud.network"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859563/; classtype:trojan-activity;sid:84722663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.231.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859562/; classtype:trojan-activity;sid:84722662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.140.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859561/; classtype:trojan-activity;sid:84722661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.83.229"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859560/; classtype:trojan-activity;sid:84722660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.211.63.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859559/; classtype:trojan-activity;sid:84722659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.199.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859558/; classtype:trojan-activity;sid:84722658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.122.31"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859557/; classtype:trojan-activity;sid:84722657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd2011b0-8d5e-4f6e-a213-d97626ad40d7"; depth:37; endswith; nocase; http.host; content:"mipcepl.jamjahani.site"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859556/; classtype:trojan-activity;sid:84722656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.199.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859555/; classtype:trojan-activity;sid:84722655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.158.161.158"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859554/; classtype:trojan-activity;sid:84722654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859553/; classtype:trojan-activity;sid:84722653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ludashi7.zip"; depth:13; endswith; nocase; http.host; content:"pub-334a6be7ee8b454c80d466d86642d2f1.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859551/; classtype:trojan-activity;sid:84722651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aianl"; depth:6; endswith; nocase; http.host; content:"www.pekj1403.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859550/; classtype:trojan-activity;sid:84722650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zb.sh"; depth:6; endswith; nocase; http.host; content:"31.56.209.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859549/; classtype:trojan-activity;sid:84722649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm7"; depth:6; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859547/; classtype:trojan-activity;sid:84722647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859548/; classtype:trojan-activity;sid:84722648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.125.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859546/; classtype:trojan-activity;sid:84722646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.36.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859545/; classtype:trojan-activity;sid:84722645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"211.158.161.158"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859544/; classtype:trojan-activity;sid:84722644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83ea7fa9-1ef1-4b7e-a572-031fc2cb10d2"; depth:37; endswith; nocase; http.host; content:"gvrrgvn.jamjahani.promo"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859543/; classtype:trojan-activity;sid:84722643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.125.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859542/; classtype:trojan-activity;sid:84722642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.222.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859541/; classtype:trojan-activity;sid:84722641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.222.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859540/; classtype:trojan-activity;sid:84722640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1006c035-3b09-458d-85af-ef2999bf8d1d"; depth:47; endswith; nocase; http.host; content:"kaxofkea.bizbetslot.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859539/; classtype:trojan-activity;sid:84722639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4a69775a-13f6-4b60-a5fe-d706cf5f429e"; depth:37; endswith; nocase; http.host; content:"zwbnyop.jamjahani.org"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859538/; classtype:trojan-activity;sid:84722638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e7f3743-f802-4657-b764-185641e1e8ba"; depth:37; endswith; nocase; http.host; content:"eizgbh.xenicalby6.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859537/; classtype:trojan-activity;sid:84722637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.64.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859536/; classtype:trojan-activity;sid:84722636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.85.110.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859535/; classtype:trojan-activity;sid:84722635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.137.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859534/; classtype:trojan-activity;sid:84722634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08b79f05-9125-42fa-8a9f-ea1c4dd0f962"; depth:37; endswith; nocase; http.host; content:"rmjjmzw.jamjahani.online"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859533/; classtype:trojan-activity;sid:84722633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.107.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859532/; classtype:trojan-activity;sid:84722632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.137.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859531/; classtype:trojan-activity;sid:84722631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f010821d-6c31-43eb-a91d-77e2dc1a6955"; depth:47; endswith; nocase; http.host; content:"zbc7yta5.taktiik.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859530/; classtype:trojan-activity;sid:84722630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.95.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859529/; classtype:trojan-activity;sid:84722629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.202.54.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859528/; classtype:trojan-activity;sid:84722628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.113.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859527/; classtype:trojan-activity;sid:84722627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.71.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859526/; classtype:trojan-activity;sid:84722626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e555b4a-3d63-4fa2-af74-1be6c6c267c4"; depth:37; endswith; nocase; http.host; content:"mltwwtn.jamjahani.one"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859525/; classtype:trojan-activity;sid:84722625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.95.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859524/; classtype:trojan-activity;sid:84722624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.188.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859523/; classtype:trojan-activity;sid:84722623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.42.90.43"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859522/; classtype:trojan-activity;sid:84722622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.107.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859521/; classtype:trojan-activity;sid:84722621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859520/; classtype:trojan-activity;sid:84722620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a027b003-c199-4191-90c5-c03802495f9c"; depth:47; endswith; nocase; http.host; content:"e6ce6uwg.bingobet90.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859519/; classtype:trojan-activity;sid:84722619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.188.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859518/; classtype:trojan-activity;sid:84722618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.42.90.43"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859517/; classtype:trojan-activity;sid:84722617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.80.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859516/; classtype:trojan-activity;sid:84722616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4dd869f3-d2d5-46cb-bd77-e04cd21ec65e"; depth:37; endswith; nocase; http.host; content:"kyxuncq.jamjahani.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859515/; classtype:trojan-activity;sid:84722615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9161f977-669c-438c-90ec-c172e0d1b429"; depth:37; endswith; nocase; http.host; content:"gukxgn.yasbet90.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859514/; classtype:trojan-activity;sid:84722614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859513/; classtype:trojan-activity;sid:84722613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.221.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859512/; classtype:trojan-activity;sid:84722612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.166.194"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859511/; classtype:trojan-activity;sid:84722611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.211.63.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859510/; classtype:trojan-activity;sid:84722610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.80.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859509/; classtype:trojan-activity;sid:84722609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19876d21-b11c-4e85-9759-bb17bf25d7b5"; depth:37; endswith; nocase; http.host; content:"drlycjl.jamjahani.mobi"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859508/; classtype:trojan-activity;sid:84722608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.208.111.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859507/; classtype:trojan-activity;sid:84722607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7d1195a3-60e7-43d3-ad2e-9b938bee3e2e"; depth:37; endswith; nocase; http.host; content:"pjnmfyn.yekbetiran.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859506/; classtype:trojan-activity;sid:84722606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82af0036-6a64-4584-a1fe-e8e460f8c6cc"; depth:37; endswith; nocase; http.host; content:"qffjprx.yektbet.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859505/; classtype:trojan-activity;sid:84722605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859504/; classtype:trojan-activity;sid:84722604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d939d304-3934-4934-86af-d157a8c012f0"; depth:37; endswith; nocase; http.host; content:"fljmkds.venusbet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859503/; classtype:trojan-activity;sid:84722603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.208.111.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859502/; classtype:trojan-activity;sid:84722602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.147.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859501/; classtype:trojan-activity;sid:84722601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859500/; classtype:trojan-activity;sid:84722600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859492/; classtype:trojan-activity;sid:84722592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.i486"; depth:12; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859493/; classtype:trojan-activity;sid:84722593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.x86_64"; depth:14; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859494/; classtype:trojan-activity;sid:84722594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.aarch64"; depth:15; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859495/; classtype:trojan-activity;sid:84722595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.mipsel"; depth:14; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859496/; classtype:trojan-activity;sid:84722596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.mips"; depth:12; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859497/; classtype:trojan-activity;sid:84722597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.sh4"; depth:11; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859498/; classtype:trojan-activity;sid:84722598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv6l"; depth:14; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859499/; classtype:trojan-activity;sid:84722599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.arc"; depth:11; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859491/; classtype:trojan-activity;sid:84722591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.m68k"; depth:12; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859490/; classtype:trojan-activity;sid:84722590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv4l"; depth:14; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859486/; classtype:trojan-activity;sid:84722586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv5l"; depth:14; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859487/; classtype:trojan-activity;sid:84722587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.sparc"; depth:13; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859488/; classtype:trojan-activity;sid:84722588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv7l"; depth:14; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859489/; classtype:trojan-activity;sid:84722589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.powerpc"; depth:15; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859485/; classtype:trojan-activity;sid:84722585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859484/; classtype:trojan-activity;sid:84722584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.91.62.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859483/; classtype:trojan-activity;sid:84722583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2f890b55-33a2-41b4-88be-458bc1054cf3"; depth:37; endswith; nocase; http.host; content:"hwujtlx.dahdahtoys.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859481/; classtype:trojan-activity;sid:84722581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8e718128-66f8-434e-91d9-1d243197c78b"; depth:47; endswith; nocase; http.host; content:"1822jtv8.betwoonuyelik.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859482/; classtype:trojan-activity;sid:84722582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.132.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859480/; classtype:trojan-activity;sid:84722580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.84.128"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859479/; classtype:trojan-activity;sid:84722579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3c1c00ee-ea95-424b-87e6-69a688ac19fc"; depth:37; endswith; nocase; http.host; content:"qyqetw.yasbetapp.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859478/; classtype:trojan-activity;sid:84722578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.158.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859477/; classtype:trojan-activity;sid:84722577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.245.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859476/; classtype:trojan-activity;sid:84722576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.158.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859475/; classtype:trojan-activity;sid:84722575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a9b3ec9d-623c-4e1d-b021-cee264643b3f"; depth:37; endswith; nocase; http.host; content:"jbwhmuq.i90.bet"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859474/; classtype:trojan-activity;sid:84722574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.120.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859473/; classtype:trojan-activity;sid:84722573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e04bd510-3684-495a-8d21-aac426081c6a"; depth:37; endswith; nocase; http.host; content:"aknkoyw.homa.bet"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859472/; classtype:trojan-activity;sid:84722572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.84.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859471/; classtype:trojan-activity;sid:84722571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.245.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859470/; classtype:trojan-activity;sid:84722570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.120.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859469/; classtype:trojan-activity;sid:84722569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.49.31"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859468/; classtype:trojan-activity;sid:84722568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsle"; depth:7; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859466/; classtype:trojan-activity;sid:84722566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859467/; classtype:trojan-activity;sid:84722567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859465/; classtype:trojan-activity;sid:84722565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859463/; classtype:trojan-activity;sid:84722563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859464/; classtype:trojan-activity;sid:84722564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.120.169.148"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859462/; classtype:trojan-activity;sid:84722562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.120.169.148"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859461/; classtype:trojan-activity;sid:84722561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.49.31"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859460/; classtype:trojan-activity;sid:84722560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.52.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859459/; classtype:trojan-activity;sid:84722559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859458/; classtype:trojan-activity;sid:84722558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/110b0bd2-17df-4390-a4a6-07f3580c1ab2"; depth:37; endswith; nocase; http.host; content:"gcwsnip.hokm.casino"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859457/; classtype:trojan-activity;sid:84722557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.77.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859456/; classtype:trojan-activity;sid:84722556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.168.52.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859455/; classtype:trojan-activity;sid:84722555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859454/; classtype:trojan-activity;sid:84722554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.193.5"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859453/; classtype:trojan-activity;sid:84722553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f1dff2af-87ce-47f8-a2ec-a81f521921aa"; depth:47; endswith; nocase; http.host; content:"wp0ljlux.betwana.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859452/; classtype:trojan-activity;sid:84722552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859451/; classtype:trojan-activity;sid:84722551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.24.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859450/; classtype:trojan-activity;sid:84722550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.61.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859449/; classtype:trojan-activity;sid:84722549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd940dce-bd92-40d0-9a6e-48d97dd41f8c"; depth:37; endswith; nocase; http.host; content:"gmtzkxm.hit4bet1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859448/; classtype:trojan-activity;sid:84722548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.208.105"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859447/; classtype:trojan-activity;sid:84722547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0da07b4e-5156-4745-b104-f75d6f07563a"; depth:47; endswith; nocase; http.host; content:"6go1tq9f.takbet90.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859446/; classtype:trojan-activity;sid:84722546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859445/; classtype:trojan-activity;sid:84722545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.40.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859444/; classtype:trojan-activity;sid:84722544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.157.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859443/; classtype:trojan-activity;sid:84722543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb0daa90-9a6b-4fe1-acf4-dec647faf674"; depth:37; endswith; nocase; http.host; content:"lulfav.bet404farsi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859442/; classtype:trojan-activity;sid:84722542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.xml"; depth:6; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859441/; classtype:trojan-activity;sid:84722541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"45.13.186.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859440/; classtype:trojan-activity;sid:84722540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.24.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859439/; classtype:trojan-activity;sid:84722539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859438/; classtype:trojan-activity;sid:84722538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67219fcb-e0cd-4d95-bb43-0fe0f18be4a6"; depth:37; endswith; nocase; http.host; content:"vctiae.bet360pro.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859437/; classtype:trojan-activity;sid:84722537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.253.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859436/; classtype:trojan-activity;sid:84722536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.40.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859435/; classtype:trojan-activity;sid:84722535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.157.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859434/; classtype:trojan-activity;sid:84722534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tkr.exe"; depth:8; endswith; nocase; http.host; content:"62.60.226.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859433/; classtype:trojan-activity;sid:84722533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.242.12.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859432/; classtype:trojan-activity;sid:84722532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/5279938618/ocnuppj.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859431/; classtype:trojan-activity;sid:84722531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b38267e7-f3bb-4610-8baa-4d1f882848eb"; depth:37; endswith; nocase; http.host; content:"nahcjeo.hezarfencrash.bet"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859430/; classtype:trojan-activity;sid:84722530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859429/; classtype:trojan-activity;sid:84722529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.30.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859428/; classtype:trojan-activity;sid:84722528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859427/; classtype:trojan-activity;sid:84722527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.149.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859426/; classtype:trojan-activity;sid:84722526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.57.51.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859425/; classtype:trojan-activity;sid:84722525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.253.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859424/; classtype:trojan-activity;sid:84722524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.113.57"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859423/; classtype:trojan-activity;sid:84722523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.30.127"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859422/; classtype:trojan-activity;sid:84722522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.149.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859421/; classtype:trojan-activity;sid:84722521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.247.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859420/; classtype:trojan-activity;sid:84722520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/796c3ca6-ba68-45ee-ad04-7c572c2f7232"; depth:37; endswith; nocase; http.host; content:"korpihy.herz-frank.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859419/; classtype:trojan-activity;sid:84722519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.68.249.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859418/; classtype:trojan-activity;sid:84722518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.237.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859417/; classtype:trojan-activity;sid:84722517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.247.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859416/; classtype:trojan-activity;sid:84722516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.81.185"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859415/; classtype:trojan-activity;sid:84722515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=28590d40-9bea-41fc-a91d-4b183f8e1aaf"; depth:47; endswith; nocase; http.host; content:"mjdkxzn7.betvolleyball.net"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859414/; classtype:trojan-activity;sid:84722514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.239.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859413/; classtype:trojan-activity;sid:84722513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.103.116.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859412/; classtype:trojan-activity;sid:84722512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f613253d-4dd5-4f4b-b951-015a597657f6"; depth:37; endswith; nocase; http.host; content:"tbbhdjx.golfbetpro.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859411/; classtype:trojan-activity;sid:84722511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.47.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859410/; classtype:trojan-activity;sid:84722510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.217.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859409/; classtype:trojan-activity;sid:84722509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.103.116.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859408/; classtype:trojan-activity;sid:84722508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61db9285-dc37-4b9b-89d4-21ce3333ced6"; depth:37; endswith; nocase; http.host; content:"nmnntl.bet303casino.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859407/; classtype:trojan-activity;sid:84722507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.217.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859406/; classtype:trojan-activity;sid:84722506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa2fd131-abd0-412f-a029-0c211eab787c"; depth:37; endswith; nocase; http.host; content:"zdxibl.bet212.casino"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859405/; classtype:trojan-activity;sid:84722505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38956f45-9a35-4da2-b7eb-690d0161f76d"; depth:37; endswith; nocase; http.host; content:"duizlfe.funbet24.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859404/; classtype:trojan-activity;sid:84722504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.79.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859403/; classtype:trojan-activity;sid:84722503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15a91cc8-e3b8-4763-808c-2fc17678b281"; depth:37; endswith; nocase; http.host; content:"ldgssv.bazipoop.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859402/; classtype:trojan-activity;sid:84722502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.47.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859401/; classtype:trojan-activity;sid:84722501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859400/; classtype:trojan-activity;sid:84722500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.149.107.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859399/; classtype:trojan-activity;sid:84722499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.79.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859398/; classtype:trojan-activity;sid:84722498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.50.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859397/; classtype:trojan-activity;sid:84722497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859396/; classtype:trojan-activity;sid:84722496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4c9e067f-64b0-4d9c-9048-c1f9893acace"; depth:37; endswith; nocase; http.host; content:"bwqzszo.football2026.world"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859395/; classtype:trojan-activity;sid:84722495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.232.91.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859394/; classtype:trojan-activity;sid:84722494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff30e4ad-6451-480d-8bb2-bbf44c763d62"; depth:37; endswith; nocase; http.host; content:"wntgjbu.footbalbet.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859393/; classtype:trojan-activity;sid:84722493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.50.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859392/; classtype:trojan-activity;sid:84722492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.166.194"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859391/; classtype:trojan-activity;sid:84722491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.97.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859390/; classtype:trojan-activity;sid:84722490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.204.197.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859389/; classtype:trojan-activity;sid:84722489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"201.149.107.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859388/; classtype:trojan-activity;sid:84722488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.133.212"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859387/; classtype:trojan-activity;sid:84722487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.51.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859386/; classtype:trojan-activity;sid:84722486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b11adec1-89ce-4f52-8988-16303d511c55"; depth:47; endswith; nocase; http.host; content:"zttxgpqq.jacksorbetter.casino"; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859385/; classtype:trojan-activity;sid:84722485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859384/; classtype:trojan-activity;sid:84722484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.51.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859383/; classtype:trojan-activity;sid:84722483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.97.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859382/; classtype:trojan-activity;sid:84722482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/521d3e20-1cc5-48b5-b5aa-9a22e8671766"; depth:37; endswith; nocase; http.host; content:"qavsqox.footbal90bet.app"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859381/; classtype:trojan-activity;sid:84722481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.142.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859380/; classtype:trojan-activity;sid:84722480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.133.212"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859379/; classtype:trojan-activity;sid:84722479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859378/; classtype:trojan-activity;sid:84722478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.202.142.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859377/; classtype:trojan-activity;sid:84722477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.206.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859376/; classtype:trojan-activity;sid:84722476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.231.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859375/; classtype:trojan-activity;sid:84722475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.214.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859374/; classtype:trojan-activity;sid:84722474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5fac70ea-bcb4-4c87-bb05-1c8b33828bd0"; depth:37; endswith; nocase; http.host; content:"udqmerf.fibi-ireland.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859372/; classtype:trojan-activity;sid:84722472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36a950f4-34eb-4a26-9cb0-faac5b70c1c7"; depth:37; endswith; nocase; http.host; content:"wisvfr.basketballiran.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859373/; classtype:trojan-activity;sid:84722473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.214.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859371/; classtype:trojan-activity;sid:84722471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.254.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859370/; classtype:trojan-activity;sid:84722470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mips"; depth:15; endswith; nocase; http.host; content:"176.65.149.124.ptr.pfcloud.network"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859369/; classtype:trojan-activity;sid:84722469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859367/; classtype:trojan-activity;sid:84722467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mips"; depth:15; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859368/; classtype:trojan-activity;sid:84722468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.162.189"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859366/; classtype:trojan-activity;sid:84722466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2eccae7c-f65b-41b4-8aab-660244b861a6"; depth:37; endswith; nocase; http.host; content:"wrersk.ar888starz.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859365/; classtype:trojan-activity;sid:84722465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.231.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859363/; classtype:trojan-activity;sid:84722463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.254.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859364/; classtype:trojan-activity;sid:84722464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2d27cc39-bb86-49c0-aae4-5e7f1ea773b6"; depth:37; endswith; nocase; http.host; content:"onoizuz.fibi-ireland.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859362/; classtype:trojan-activity;sid:84722462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.162.189"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859361/; classtype:trojan-activity;sid:84722461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3528a521-7848-4782-b20b-abbc68e1a540"; depth:47; endswith; nocase; http.host; content:"o2w2806g.tagat120art.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859360/; classtype:trojan-activity;sid:84722460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.77.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859359/; classtype:trojan-activity;sid:84722459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859358/; classtype:trojan-activity;sid:84722458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.125.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859357/; classtype:trojan-activity;sid:84722457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1d490039-c7a8-4ef2-9134-1d77000bbbad"; depth:37; endswith; nocase; http.host; content:"ytmjwql.eurothrombosis2018.com"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859356/; classtype:trojan-activity;sid:84722456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.123.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859355/; classtype:trojan-activity;sid:84722455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.246.99"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859354/; classtype:trojan-activity;sid:84722454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859353/; classtype:trojan-activity;sid:84722453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.246.153"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859352/; classtype:trojan-activity;sid:84722452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8216055e-3934-4fb2-98d9-c356af95e15b"; depth:47; endswith; nocase; http.host; content:"1v55nk51.irantennis.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859351/; classtype:trojan-activity;sid:84722451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.86.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859350/; classtype:trojan-activity;sid:84722450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.218.77"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859349/; classtype:trojan-activity;sid:84722449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.123.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859348/; classtype:trojan-activity;sid:84722448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psd8ezaw/plugins/cred64.dll"; depth:28; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859346/; classtype:trojan-activity;sid:84722446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clp2.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859347/; classtype:trojan-activity;sid:84722447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psd8ezaw/plugins/cred.dll"; depth:26; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859344/; classtype:trojan-activity;sid:84722444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clp1.exe"; depth:9; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859345/; classtype:trojan-activity;sid:84722445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amadey_x64.zip"; depth:15; endswith; nocase; http.host; content:"196.251.107.104"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859343/; classtype:trojan-activity;sid:84722443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.37.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859342/; classtype:trojan-activity;sid:84722442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/478d16c3-630d-4879-bdb2-1e5196e209e2"; depth:37; endswith; nocase; http.host; content:"xcaejii.enobahis.co"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859341/; classtype:trojan-activity;sid:84722441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.251.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859340/; classtype:trojan-activity;sid:84722440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.48.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859339/; classtype:trojan-activity;sid:84722439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.37.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859338/; classtype:trojan-activity;sid:84722438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.227.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859337/; classtype:trojan-activity;sid:84722437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.218.77"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859336/; classtype:trojan-activity;sid:84722436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859335/; classtype:trojan-activity;sid:84722435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.4.22"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859334/; classtype:trojan-activity;sid:84722434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.133.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859333/; classtype:trojan-activity;sid:84722433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/194b3080-5502-4716-b439-ce9ecc751afa"; depth:37; endswith; nocase; http.host; content:"mmhaqx.sigari.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859332/; classtype:trojan-activity;sid:84722432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.48.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859331/; classtype:trojan-activity;sid:84722431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.31.141"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859330/; classtype:trojan-activity;sid:84722430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b2be3260-d419-4c63-84f1-88d87c1bded9"; depth:37; endswith; nocase; http.host; content:"trlclzb.enfejar.game"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859329/; classtype:trojan-activity;sid:84722429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.24.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859328/; classtype:trojan-activity;sid:84722428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.239.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859327/; classtype:trojan-activity;sid:84722427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.133.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859326/; classtype:trojan-activity;sid:84722426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.133.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859325/; classtype:trojan-activity;sid:84722425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.24.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859324/; classtype:trojan-activity;sid:84722424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65ec78ee-1e37-4521-a55d-ee063b52e8e3"; depth:37; endswith; nocase; http.host; content:"dqgfigs.enfejarbazii.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859323/; classtype:trojan-activity;sid:84722423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859322/; classtype:trojan-activity;sid:84722422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9553a464-8210-4f70-9353-94a2bc2ed155"; depth:47; endswith; nocase; http.host; content:"1djqvowq.iaap2019.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859321/; classtype:trojan-activity;sid:84722421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.91.33.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859320/; classtype:trojan-activity;sid:84722420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.196.208.209"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859319/; classtype:trojan-activity;sid:84722419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7667f86a-1a5c-4028-a7fc-ca6f4ba51616"; depth:37; endswith; nocase; http.host; content:"bdbxwze.electriccrash.bet"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859318/; classtype:trojan-activity;sid:84722418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6a394140-a786-43cf-95da-013caf432300"; depth:37; endswith; nocase; http.host; content:"ghuctqf.ef90bet.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859317/; classtype:trojan-activity;sid:84722417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859315/; classtype:trojan-activity;sid:84722415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.228.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859316/; classtype:trojan-activity;sid:84722416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.196.208.209"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859314/; classtype:trojan-activity;sid:84722414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"117.211.44.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859313/; classtype:trojan-activity;sid:84722413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.228.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859312/; classtype:trojan-activity;sid:84722412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/256fff3c-3044-4efd-9865-e48c395b332b"; depth:37; endswith; nocase; http.host; content:"huyndo.shirbetfarsi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859311/; classtype:trojan-activity;sid:84722411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.246.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859310/; classtype:trojan-activity;sid:84722410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.93.228.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859309/; classtype:trojan-activity;sid:84722409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.219.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859308/; classtype:trojan-activity;sid:84722408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc86b4a2-8250-41f5-982d-cb8892b8bdbf"; depth:37; endswith; nocase; http.host; content:"zzvfyei.dahdahtoys.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859307/; classtype:trojan-activity;sid:84722407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.246.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859306/; classtype:trojan-activity;sid:84722406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.173.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859305/; classtype:trojan-activity;sid:84722405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"193.93.228.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859304/; classtype:trojan-activity;sid:84722404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05507d4a-990e-4efc-bed7-e74742e3f5aa"; depth:37; endswith; nocase; http.host; content:"usetlnl.volleyball.vip"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859303/; classtype:trojan-activity;sid:84722403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.193.5"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859302/; classtype:trojan-activity;sid:84722402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859301/; classtype:trojan-activity;sid:84722401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlink"; depth:6; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859297/; classtype:trojan-activity;sid:84722397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859298/; classtype:trojan-activity;sid:84722398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k"; depth:2; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859299/; classtype:trojan-activity;sid:84722399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859300/; classtype:trojan-activity;sid:84722400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859296/; classtype:trojan-activity;sid:84722396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859295/; classtype:trojan-activity;sid:84722395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859293/; classtype:trojan-activity;sid:84722393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massload"; depth:9; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859294/; classtype:trojan-activity;sid:84722394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859292/; classtype:trojan-activity;sid:84722392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a18ba29-7d29-49f4-91a8-9c115b832354"; depth:37; endswith; nocase; http.host; content:"mnejbrs.volleyball.vin"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859291/; classtype:trojan-activity;sid:84722391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.88.186.70"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859290/; classtype:trojan-activity;sid:84722390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"194.26.192.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859289/; classtype:trojan-activity;sid:84722389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"193.26.115.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859288/; classtype:trojan-activity;sid:84722388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"203.159.90.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859285/; classtype:trojan-activity;sid:84722385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"203.159.90.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859286/; classtype:trojan-activity;sid:84722386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"194.26.192.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859287/; classtype:trojan-activity;sid:84722387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.237.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859284/; classtype:trojan-activity;sid:84722384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qnu"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859283/; classtype:trojan-activity;sid:84722383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2r0"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859274/; classtype:trojan-activity;sid:84722374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-8.6-.sakura"; depth:14; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859275/; classtype:trojan-activity;sid:84722375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-6.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859276/; classtype:trojan-activity;sid:84722376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-p.s-l.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859277/; classtype:trojan-activity;sid:84722377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-5.8-6.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859278/; classtype:trojan-activity;sid:84722378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9eb"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859279/; classtype:trojan-activity;sid:84722379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9hf"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859280/; classtype:trojan-activity;sid:84722380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-7.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859281/; classtype:trojan-activity;sid:84722381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-i.p-s.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859282/; classtype:trojan-activity;sid:84722382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lvud"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859272/; classtype:trojan-activity;sid:84722372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohk7"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859273/; classtype:trojan-activity;sid:84722373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-4.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859263/; classtype:trojan-activity;sid:84722363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s-h.4-.sakura"; depth:14; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859264/; classtype:trojan-activity;sid:84722364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x-3.2-.sakura"; depth:14; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859265/; classtype:trojan-activity;sid:84722365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a-r.m-5.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859266/; classtype:trojan-activity;sid:84722366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bqj"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859267/; classtype:trojan-activity;sid:84722367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jja"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859268/; classtype:trojan-activity;sid:84722368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rrsb"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859269/; classtype:trojan-activity;sid:84722369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hks"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859270/; classtype:trojan-activity;sid:84722370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vwgm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859271/; classtype:trojan-activity;sid:84722371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m-6.8-k.sakura"; depth:15; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859261/; classtype:trojan-activity;sid:84722361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8px"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859262/; classtype:trojan-activity;sid:84722362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gxk"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859257/; classtype:trojan-activity;sid:84722357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4qgx"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859258/; classtype:trojan-activity;sid:84722358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p-p.c-.sakura"; depth:14; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859259/; classtype:trojan-activity;sid:84722359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dpo"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859260/; classtype:trojan-activity;sid:84722360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.84.128"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859256/; classtype:trojan-activity;sid:84722356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a69fc497-1a12-4680-b01c-df31d3068610"; depth:47; endswith; nocase; http.host; content:"pacsuhw1.pishbini90.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859255/; classtype:trojan-activity;sid:84722355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.229.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859254/; classtype:trojan-activity;sid:84722354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/css/colors/modem/omada.exe"; depth:36; endswith; nocase; http.host; content:"concilicartoes.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859253/; classtype:trojan-activity;sid:84722353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/487070b1-5a5d-40ba-aec8-6a1b1557a940"; depth:37; endswith; nocase; http.host; content:"ptrpzfj.volleyball.poker"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859252/; classtype:trojan-activity;sid:84722352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mim/jaskkff.txt"; depth:16; endswith; nocase; http.host; content:"iwd21.icu"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859251/; classtype:trojan-activity;sid:84722351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stego_pyloa.png"; depth:16; endswith; nocase; http.host; content:"ritubohara.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859249/; classtype:trojan-activity;sid:84722349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stegopay.png"; depth:13; endswith; nocase; http.host; content:"corwineagles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859250/; classtype:trojan-activity;sid:84722350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.22.196.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859248/; classtype:trojan-activity;sid:84722348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.237.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859247/; classtype:trojan-activity;sid:84722347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads.png"; depth:13; endswith; nocase; http.host; content:"corwineagles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859246/; classtype:trojan-activity;sid:84722346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859245/; classtype:trojan-activity;sid:84722345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/setup.msi"; depth:10; endswith; nocase; http.host; content:"pub-9682d5896df841679c5a17eb41273f89.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859244/; classtype:trojan-activity;sid:84722344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859243/; classtype:trojan-activity;sid:84722343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"94.183.232.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859242/; classtype:trojan-activity;sid:84722342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859231/; classtype:trojan-activity;sid:84722331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859232/; classtype:trojan-activity;sid:84722332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859233/; classtype:trojan-activity;sid:84722333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859234/; classtype:trojan-activity;sid:84722334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859235/; classtype:trojan-activity;sid:84722335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859236/; classtype:trojan-activity;sid:84722336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859237/; classtype:trojan-activity;sid:84722337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859238/; classtype:trojan-activity;sid:84722338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859239/; classtype:trojan-activity;sid:84722339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink"; depth:7; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859240/; classtype:trojan-activity;sid:84722340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859241/; classtype:trojan-activity;sid:84722341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859229/; classtype:trojan-activity;sid:84722329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859230/; classtype:trojan-activity;sid:84722330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=65784c7b-45e5-4382-a648-abf5b5134e2f"; depth:47; endswith; nocase; http.host; content:"owps0tha.staffbulldesign.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859228/; classtype:trojan-activity;sid:84722328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.22.196.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859227/; classtype:trojan-activity;sid:84722327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.58.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859226/; classtype:trojan-activity;sid:84722326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.229.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859225/; classtype:trojan-activity;sid:84722325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.232.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859224/; classtype:trojan-activity;sid:84722324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.155.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859222/; classtype:trojan-activity;sid:84722322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.61.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859223/; classtype:trojan-activity;sid:84722323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.91.62.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859221/; classtype:trojan-activity;sid:84722321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d69ed109-8c88-4ebd-9e7c-85722004accb"; depth:37; endswith; nocase; http.host; content:"wgzufvo.volleyball.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859220/; classtype:trojan-activity;sid:84722320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.168.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859219/; classtype:trojan-activity;sid:84722319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.58.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859218/; classtype:trojan-activity;sid:84722318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.155.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859217/; classtype:trojan-activity;sid:84722317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.149.111.45"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859216/; classtype:trojan-activity;sid:84722316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.69.86.7"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859215/; classtype:trojan-activity;sid:84722315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5088506f-38dc-4a01-9ebd-7fc29591247a"; depth:37; endswith; nocase; http.host; content:"bnhxiy.yasbetapp.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859214/; classtype:trojan-activity;sid:84722314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.229.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859213/; classtype:trojan-activity;sid:84722313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.120.105"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859212/; classtype:trojan-activity;sid:84722312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859211/; classtype:trojan-activity;sid:84722311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57f3c81f-d04e-46e8-9fc6-50c1d62a0583"; depth:37; endswith; nocase; http.host; content:"shgaxiz.volleyball.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859210/; classtype:trojan-activity;sid:84722310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"164.163.25.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859209/; classtype:trojan-activity;sid:84722309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.81.159"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859208/; classtype:trojan-activity;sid:84722308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.81.159"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859207/; classtype:trojan-activity;sid:84722307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.107.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859206/; classtype:trojan-activity;sid:84722306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"94.199.218.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859205/; classtype:trojan-activity;sid:84722305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.69.86.7"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859204/; classtype:trojan-activity;sid:84722304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.118.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859203/; classtype:trojan-activity;sid:84722303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.168.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859202/; classtype:trojan-activity;sid:84722302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"164.163.25.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859201/; classtype:trojan-activity;sid:84722301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d04e913-8ea9-4573-95e4-2260893a9eb6"; depth:37; endswith; nocase; http.host; content:"vvlainw.vip.tennis"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859200/; classtype:trojan-activity;sid:84722300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.33.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859199/; classtype:trojan-activity;sid:84722299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ee7635fa-c412-4f3c-a40e-03b4292e63a2"; depth:47; endswith; nocase; http.host; content:"gh6fn4zq.i90.bet"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859198/; classtype:trojan-activity;sid:84722298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.229.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859197/; classtype:trojan-activity;sid:84722297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.232.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859196/; classtype:trojan-activity;sid:84722296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77740b73-cbea-424a-ac9e-6c35c4d7712d"; depth:37; endswith; nocase; http.host; content:"mudeurb.vezaratshart.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859195/; classtype:trojan-activity;sid:84722295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbg"; depth:4; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859194/; classtype:trojan-activity;sid:84722294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859193/; classtype:trojan-activity;sid:84722293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859191/; classtype:trojan-activity;sid:84722291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859192/; classtype:trojan-activity;sid:84722292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sakura.sh"; depth:10; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859179/; classtype:trojan-activity;sid:84722279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859180/; classtype:trojan-activity;sid:84722280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859181/; classtype:trojan-activity;sid:84722281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859182/; classtype:trojan-activity;sid:84722282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859183/; classtype:trojan-activity;sid:84722283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859184/; classtype:trojan-activity;sid:84722284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859185/; classtype:trojan-activity;sid:84722285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859186/; classtype:trojan-activity;sid:84722286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859187/; classtype:trojan-activity;sid:84722287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859188/; classtype:trojan-activity;sid:84722288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859189/; classtype:trojan-activity;sid:84722289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859190/; classtype:trojan-activity;sid:84722290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859177/; classtype:trojan-activity;sid:84722277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859178/; classtype:trojan-activity;sid:84722278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859170/; classtype:trojan-activity;sid:84722270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.107.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859171/; classtype:trojan-activity;sid:84722271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859172/; classtype:trojan-activity;sid:84722272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859173/; classtype:trojan-activity;sid:84722273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859174/; classtype:trojan-activity;sid:84722274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859175/; classtype:trojan-activity;sid:84722275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859176/; classtype:trojan-activity;sid:84722276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cat.sh"; depth:12; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859169/; classtype:trojan-activity;sid:84722269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859168/; classtype:trojan-activity;sid:84722268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7ddadb26-fdee-4e7a-800d-4c5cfa404997"; depth:37; endswith; nocase; http.host; content:"zltxdjx.venusbet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859167/; classtype:trojan-activity;sid:84722267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.86.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859166/; classtype:trojan-activity;sid:84722266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.202.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859165/; classtype:trojan-activity;sid:84722265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.1.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859164/; classtype:trojan-activity;sid:84722264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.115.226"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859163/; classtype:trojan-activity;sid:84722263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.33.196"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859162/; classtype:trojan-activity;sid:84722262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.32.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859161/; classtype:trojan-activity;sid:84722261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.53.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859160/; classtype:trojan-activity;sid:84722260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edfb54aa-d429-454e-b5be-0d6ac675f87d"; depth:37; endswith; nocase; http.host; content:"ffrpwns.vbetirani.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859159/; classtype:trojan-activity;sid:84722259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.202.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859158/; classtype:trojan-activity;sid:84722258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.77.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859157/; classtype:trojan-activity;sid:84722257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f8565b3-e7f7-4d0c-a14c-755db680c2ba"; depth:37; endswith; nocase; http.host; content:"ukmcha.yasbet90.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859156/; classtype:trojan-activity;sid:84722256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.77.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859155/; classtype:trojan-activity;sid:84722255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.151.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859154/; classtype:trojan-activity;sid:84722254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.98.97.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859153/; classtype:trojan-activity;sid:84722253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.78.182.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859152/; classtype:trojan-activity;sid:84722252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1f167c13-e345-4be0-917f-e6ab2e011b28"; depth:37; endswith; nocase; http.host; content:"nekdncv.usa2026.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859151/; classtype:trojan-activity;sid:84722251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.178.140"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859150/; classtype:trojan-activity;sid:84722250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.53.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859149/; classtype:trojan-activity;sid:84722249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.114.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859148/; classtype:trojan-activity;sid:84722248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.71.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859147/; classtype:trojan-activity;sid:84722247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.78.182.101"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859146/; classtype:trojan-activity;sid:84722246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.178.140"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859145/; classtype:trojan-activity;sid:84722245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.31.141"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859144/; classtype:trojan-activity;sid:84722244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0f9964f0-6866-45fb-abd1-3f855955f13b"; depth:47; endswith; nocase; http.host; content:"edfwndp0.chloroquineser.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859143/; classtype:trojan-activity;sid:84722243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.98.97.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859142/; classtype:trojan-activity;sid:84722242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5fee984e-a5a5-4153-b9c5-0c434d92d224"; depth:37; endswith; nocase; http.host; content:"dnmjqvy.trmegapari.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859141/; classtype:trojan-activity;sid:84722241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.156.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859140/; classtype:trojan-activity;sid:84722240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stego_payloa.png"; depth:17; endswith; nocase; http.host; content:"ritubohara.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859139/; classtype:trojan-activity;sid:84722239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/450/img_230050.png"; depth:19; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859137/; classtype:trojan-activity;sid:84722237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xw/phan.dat"; depth:12; endswith; nocase; http.host; content:"dofahospitals.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859138/; classtype:trojan-activity;sid:84722238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/450/mybestgirlfriendonmybestfeelnigsforme.hta"; depth:46; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859136/; classtype:trojan-activity;sid:84722236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beascuyr/obdsaif.txt"; depth:21; endswith; nocase; http.host; content:"globaltechnosoft.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859135/; classtype:trojan-activity;sid:84722235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lqjxi6ru/raw"; depth:13; endswith; nocase; http.host; content:"pastefy.app"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859134/; classtype:trojan-activity;sid:84722234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msbuil.png"; depth:11; endswith; nocase; http.host; content:"pub-33172110f57a4bbfa0c089261c8b7d4d.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859133/; classtype:trojan-activity;sid:84722233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/euaeq"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859132/; classtype:trojan-activity;sid:84722232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cas1.png"; depth:9; endswith; nocase; http.host; content:"pub-33172110f57a4bbfa0c089261c8b7d4d.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859131/; classtype:trojan-activity;sid:84722231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/network/wp-debug/stubz.ps1"; depth:36; endswith; nocase; http.host; content:"trade-eprex.pro"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859130/; classtype:trojan-activity;sid:84722230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuyu/yunewbuy.png"; depth:18; endswith; nocase; http.host; content:"www.tradedsglobal.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859129/; classtype:trojan-activity;sid:84722229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuyu/rumpyu.png"; depth:16; endswith; nocase; http.host; content:"www.tradedsglobal.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859128/; classtype:trojan-activity;sid:84722228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.223.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859127/; classtype:trojan-activity;sid:84722227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.223.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859126/; classtype:trojan-activity;sid:84722226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.177.28.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859125/; classtype:trojan-activity;sid:84722225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.14.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859124/; classtype:trojan-activity;sid:84722224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/04e8ad7c-0a7c-46ff-a488-1c880eb0131c"; depth:37; endswith; nocase; http.host; content:"bagkqzj.zeppelin.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859123/; classtype:trojan-activity;sid:84722223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.197.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859122/; classtype:trojan-activity;sid:84722222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59ef435c-fc65-4a8d-b686-84252cd4309a"; depth:37; endswith; nocase; http.host; content:"kgebll.xenicalby6.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859121/; classtype:trojan-activity;sid:84722221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.244.185"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859120/; classtype:trojan-activity;sid:84722220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdca0698-2006-4001-88ff-16389c533193"; depth:37; endswith; nocase; http.host; content:"tjvdbbc.yektbet.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859119/; classtype:trojan-activity;sid:84722219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.244.185"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859118/; classtype:trojan-activity;sid:84722218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/freda01.exe"; depth:12; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859115/; classtype:trojan-activity;sid:84722215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1vuvhzf-shhquhtyvcv1cq7yohxe6qrb4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859116/; classtype:trojan-activity;sid:84722216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pxgis9si8wdghxg7tmi5hiobg4l_ukyq"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859117/; classtype:trojan-activity;sid:84722217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightcord/nightcord/releases/download/v1.19.4/nightcord-installer.exe"; depth:70; endswith; nocase; http.host; content:"git.nightcord.ru"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859114/; classtype:trojan-activity;sid:84722214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859113/; classtype:trojan-activity;sid:84722213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859110/; classtype:trojan-activity;sid:84722210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859111/; classtype:trojan-activity;sid:84722211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859112/; classtype:trojan-activity;sid:84722212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa7ee749-23f8-4679-8332-f2cce7b74e3e"; depth:37; endswith; nocase; http.host; content:"cpteijd.yekbetiran.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859109/; classtype:trojan-activity;sid:84722209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ca942a90-68b5-4f2e-bc48-a0b451072474"; depth:47; endswith; nocase; http.host; content:"kazwbt9n.2026.futbol"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859108/; classtype:trojan-activity;sid:84722208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/372a3933-716e-489a-ac9f-b72662c39d71"; depth:37; endswith; nocase; http.host; content:"lgwzmtt.yek1bet.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859107/; classtype:trojan-activity;sid:84722207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.151.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859106/; classtype:trojan-activity;sid:84722206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.117.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859105/; classtype:trojan-activity;sid:84722205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.103.32"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859104/; classtype:trojan-activity;sid:84722204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.26.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859103/; classtype:trojan-activity;sid:84722203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.14.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859102/; classtype:trojan-activity;sid:84722202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.26.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859101/; classtype:trojan-activity;sid:84722201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3dddd506-1f0d-43b9-83a9-0fdeb20be67e"; depth:37; endswith; nocase; http.host; content:"afdaqyu.yasbet.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859100/; classtype:trojan-activity;sid:84722200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.80.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859099/; classtype:trojan-activity;sid:84722199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=100582df-2acc-4be2-a34c-ef20bc4a569d"; depth:47; endswith; nocase; http.host; content:"xcpvjq6r.cerocarey.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859098/; classtype:trojan-activity;sid:84722198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.182.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859097/; classtype:trojan-activity;sid:84722197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.80.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859096/; classtype:trojan-activity;sid:84722196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/252500e7-98e9-48d9-9c16-53a0d896024c"; depth:37; endswith; nocase; http.host; content:"tqdtntx.hotbet90.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859095/; classtype:trojan-activity;sid:84722195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.127.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859094/; classtype:trojan-activity;sid:84722194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.81.185"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859093/; classtype:trojan-activity;sid:84722193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.161"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859092/; classtype:trojan-activity;sid:84722192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859084/; classtype:trojan-activity;sid:84722184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859085/; classtype:trojan-activity;sid:84722185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859086/; classtype:trojan-activity;sid:84722186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859087/; classtype:trojan-activity;sid:84722187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859088/; classtype:trojan-activity;sid:84722188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859089/; classtype:trojan-activity;sid:84722189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859090/; classtype:trojan-activity;sid:84722190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859091/; classtype:trojan-activity;sid:84722191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859082/; classtype:trojan-activity;sid:84722182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859083/; classtype:trojan-activity;sid:84722183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"45.135.194.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859080/; classtype:trojan-activity;sid:84722180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.224.251.135"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859081/; classtype:trojan-activity;sid:84722181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e1583cb-5e86-4b46-8aa0-cc6151ddd088"; depth:37; endswith; nocase; http.host; content:"xeanui.x50wheel.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859079/; classtype:trojan-activity;sid:84722179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.127.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859078/; classtype:trojan-activity;sid:84722178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859076/; classtype:trojan-activity;sid:84722176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859077/; classtype:trojan-activity;sid:84722177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859075/; classtype:trojan-activity;sid:84722175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859073/; classtype:trojan-activity;sid:84722173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.65.139.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859074/; classtype:trojan-activity;sid:84722174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.61.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859072/; classtype:trojan-activity;sid:84722172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/jcrop/jcropmin.exe"; depth:34; endswith; nocase; http.host; content:"rosebaie.ma"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859071/; classtype:trojan-activity;sid:84722171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/jcrop/jcropgif.exe"; depth:34; endswith; nocase; http.host; content:"rosebaie.ma"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859069/; classtype:trojan-activity;sid:84722169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/jcrop/jqueryjcrop.php"; depth:37; endswith; nocase; http.host; content:"rosebaie.ma"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859070/; classtype:trojan-activity;sid:84722170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/82728660-32b7-415c-a77f-fc0e14afa762"; depth:37; endswith; nocase; http.host; content:"dlkcsdq.hotbet90app.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859068/; classtype:trojan-activity;sid:84722168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.144.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859067/; classtype:trojan-activity;sid:84722167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7463fdb1-6ddc-4820-a2ae-0a92b0e59578"; depth:37; endswith; nocase; http.host; content:"eehjqhe.homa.bet"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859066/; classtype:trojan-activity;sid:84722166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.9.122.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859064/; classtype:trojan-activity;sid:84722164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"72.255.18.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859065/; classtype:trojan-activity;sid:84722165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"105.186.143.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859054/; classtype:trojan-activity;sid:84722154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.123.35.47"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859055/; classtype:trojan-activity;sid:84722155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.229.33.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859056/; classtype:trojan-activity;sid:84722156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.176.16.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859057/; classtype:trojan-activity;sid:84722157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"119.189.212.129"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859058/; classtype:trojan-activity;sid:84722158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"124.29.194.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859059/; classtype:trojan-activity;sid:84722159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"153.117.32.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859060/; classtype:trojan-activity;sid:84722160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.181.160.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859061/; classtype:trojan-activity;sid:84722161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.82.118.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859062/; classtype:trojan-activity;sid:84722162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.38.218.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859063/; classtype:trojan-activity;sid:84722163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"72.255.19.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859053/; classtype:trojan-activity;sid:84722153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"206.135.174.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859046/; classtype:trojan-activity;sid:84722146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.123.42.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859047/; classtype:trojan-activity;sid:84722147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"202.70.139.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859048/; classtype:trojan-activity;sid:84722148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.176.16.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859049/; classtype:trojan-activity;sid:84722149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.38.254.160"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859050/; classtype:trojan-activity;sid:84722150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"153.117.37.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859051/; classtype:trojan-activity;sid:84722151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"111.55.74.100"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859052/; classtype:trojan-activity;sid:84722152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"189.174.142.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859045/; classtype:trojan-activity;sid:84722145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dissarm4"; depth:9; endswith; nocase; http.host; content:"217.60.199.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859044/; classtype:trojan-activity;sid:84722144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"smart.abuse.st"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859042/; classtype:trojan-activity;sid:84722142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.176.80.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859043/; classtype:trojan-activity;sid:84722143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859040/; classtype:trojan-activity;sid:84722140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859041/; classtype:trojan-activity;sid:84722141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859039/; classtype:trojan-activity;sid:84722139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859038/; classtype:trojan-activity;sid:84722138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859037/; classtype:trojan-activity;sid:84722137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859035/; classtype:trojan-activity;sid:84722135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859036/; classtype:trojan-activity;sid:84722136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859033/; classtype:trojan-activity;sid:84722133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859034/; classtype:trojan-activity;sid:84722134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.187.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859032/; classtype:trojan-activity;sid:84722132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.61.135"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859031/; classtype:trojan-activity;sid:84722131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.210.61"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859030/; classtype:trojan-activity;sid:84722130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859029/; classtype:trojan-activity;sid:84722129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859026/; classtype:trojan-activity;sid:84722126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859027/; classtype:trojan-activity;sid:84722127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"46.23.108.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859028/; classtype:trojan-activity;sid:84722128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.230.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859025/; classtype:trojan-activity;sid:84722125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.187.118"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859023/; classtype:trojan-activity;sid:84722123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.233.40"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859024/; classtype:trojan-activity;sid:84722124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.144.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859022/; classtype:trojan-activity;sid:84722122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.141.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859021/; classtype:trojan-activity;sid:84722121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc/mdw"; depth:8; endswith; nocase; http.host; content:"bloomglow9.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859020/; classtype:trojan-activity;sid:84722120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc/kito"; depth:9; endswith; nocase; http.host; content:"bloomglow9.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859019/; classtype:trojan-activity;sid:84722119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl/76011de550817b5869456ca678d74d1d4fb86045d51749bb87e1f2ef6d40bc12"; depth:70; endswith; nocase; http.host; content:"anvil-89.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859015/; classtype:trojan-activity;sid:84722115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zyemb6slon_3vwvlkskdijurcyhy5cfntchnavrnmgu/jetbrains/update"; depth:61; endswith; nocase; http.host; content:"anvil-89.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859016/; classtype:trojan-activity;sid:84722116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x7gkp2mq9zl4/student_1.bin"; depth:27; endswith; nocase; http.host; content:"158.94.208.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859017/; classtype:trojan-activity;sid:84722117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/"; depth:10; endswith; nocase; http.host; content:"159.89.171.49"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859018/; classtype:trojan-activity;sid:84722118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv5l"; depth:14; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859014/; classtype:trojan-activity;sid:84722114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.sparc"; depth:13; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859013/; classtype:trojan-activity;sid:84722113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.mips64"; depth:24; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859012/; classtype:trojan-activity;sid:84722112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.powerpc"; depth:15; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859011/; classtype:trojan-activity;sid:84722111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19io"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859008/; classtype:trojan-activity;sid:84722108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.ppc"; depth:21; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859009/; classtype:trojan-activity;sid:84722109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.x86"; depth:21; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859010/; classtype:trojan-activity;sid:84722110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_aarch64"; depth:13; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859006/; classtype:trojan-activity;sid:84722106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmgg"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859007/; classtype:trojan-activity;sid:84722107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mn0r"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859005/; classtype:trojan-activity;sid:84722105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azaj"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859002/; classtype:trojan-activity;sid:84722102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lxhz"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859003/; classtype:trojan-activity;sid:84722103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ell"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859004/; classtype:trojan-activity;sid:84722104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm6"; depth:22; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859000/; classtype:trojan-activity;sid:84722100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.m68k"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859001/; classtype:trojan-activity;sid:84722101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o2d"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858997/; classtype:trojan-activity;sid:84722097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm7"; depth:22; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858998/; classtype:trojan-activity;sid:84722098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm6"; depth:10; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858999/; classtype:trojan-activity;sid:84722099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h87q"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858995/; classtype:trojan-activity;sid:84722095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hskk"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858996/; classtype:trojan-activity;sid:84722096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ok4"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858992/; classtype:trojan-activity;sid:84722092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/305b"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858993/; classtype:trojan-activity;sid:84722093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcm5"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858994/; classtype:trojan-activity;sid:84722094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm5"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858990/; classtype:trojan-activity;sid:84722090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.x86_64"; depth:14; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858991/; classtype:trojan-activity;sid:84722091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.sh4"; depth:11; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858986/; classtype:trojan-activity;sid:84722086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.i486"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858987/; classtype:trojan-activity;sid:84722087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858988/; classtype:trojan-activity;sid:84722088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv6l"; depth:14; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858989/; classtype:trojan-activity;sid:84722089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv7l"; depth:14; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858984/; classtype:trojan-activity;sid:84722084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.mipsel"; depth:14; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858985/; classtype:trojan-activity;sid:84722085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm6"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858981/; classtype:trojan-activity;sid:84722081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.arc"; depth:11; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858982/; classtype:trojan-activity;sid:84722082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.aarch64"; depth:15; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858983/; classtype:trojan-activity;sid:84722083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm7"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858980/; classtype:trojan-activity;sid:84722080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.m68k"; depth:22; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858976/; classtype:trojan-activity;sid:84722076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.mips"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858977/; classtype:trojan-activity;sid:84722077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm4"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858978/; classtype:trojan-activity;sid:84722078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.sassy.armv4l"; depth:14; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858979/; classtype:trojan-activity;sid:84722079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mipsel"; depth:12; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858969/; classtype:trojan-activity;sid:84722069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips-uclibc"; depth:17; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858970/; classtype:trojan-activity;sid:84722070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.i686"; depth:22; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858971/; classtype:trojan-activity;sid:84722071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.sh4"; depth:21; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858972/; classtype:trojan-activity;sid:84722072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.mips"; depth:22; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858973/; classtype:trojan-activity;sid:84722073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arc"; depth:21; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858974/; classtype:trojan-activity;sid:84722074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.x86_64"; depth:24; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858975/; classtype:trojan-activity;sid:84722075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.mpsl"; depth:22; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858967/; classtype:trojan-activity;sid:84722067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.sparc"; depth:23; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858968/; classtype:trojan-activity;sid:84722068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm7"; depth:10; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858959/; classtype:trojan-activity;sid:84722059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm5"; depth:10; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858960/; classtype:trojan-activity;sid:84722060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_powerpc"; depth:13; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858961/; classtype:trojan-activity;sid:84722061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_arm4"; depth:10; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858962/; classtype:trojan-activity;sid:84722062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mips"; depth:10; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858963/; classtype:trojan-activity;sid:84722063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_x86_64"; depth:12; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858964/; classtype:trojan-activity;sid:84722064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_mipsel-uclibc"; depth:19; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858965/; classtype:trojan-activity;sid:84722065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed5h"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858966/; classtype:trojan-activity;sid:84722066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nqd"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858958/; classtype:trojan-activity;sid:84722058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rny"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858957/; classtype:trojan-activity;sid:84722057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaqy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858953/; classtype:trojan-activity;sid:84722053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l5v7"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858954/; classtype:trojan-activity;sid:84722054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zjf5"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858955/; classtype:trojan-activity;sid:84722055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f9f5"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858956/; classtype:trojan-activity;sid:84722056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm"; depth:21; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858952/; classtype:trojan-activity;sid:84722052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data_x86"; depth:9; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858951/; classtype:trojan-activity;sid:84722051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/mystic.arm5"; depth:22; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858950/; classtype:trojan-activity;sid:84722050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/odb"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858949/; classtype:trojan-activity;sid:84722049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ee297f5-167a-4dd9-aa63-8a4ca3468a91"; depth:37; endswith; nocase; http.host; content:"pqycltd.hokm.casino"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858948/; classtype:trojan-activity;sid:84722048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.32.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858947/; classtype:trojan-activity;sid:84722047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=024e1d06-9217-4d11-b12f-225abaafcc0f"; depth:47; endswith; nocase; http.host; content:"f0rfdtvf.canlibahis1xbet.click"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858946/; classtype:trojan-activity;sid:84722046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.15.89.112"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858945/; classtype:trojan-activity;sid:84722045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.186.27"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858942/; classtype:trojan-activity;sid:84722042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.50.204.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858943/; classtype:trojan-activity;sid:84722043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"223.123.72.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858944/; classtype:trojan-activity;sid:84722044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/4.jpg"; depth:9; endswith; nocase; http.host; content:"itskuba.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858928/; classtype:trojan-activity;sid:84722028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/2.jpg"; depth:9; endswith; nocase; http.host; content:"www.itskuba.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858929/; classtype:trojan-activity;sid:84722029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6.jpg"; depth:6; endswith; nocase; http.host; content:"worthknowing.us"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858930/; classtype:trojan-activity;sid:84722030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/5.jpg"; depth:9; endswith; nocase; http.host; content:"www.itskuba.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858931/; classtype:trojan-activity;sid:84722031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/3.jpg"; depth:9; endswith; nocase; http.host; content:"itskuba.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858932/; classtype:trojan-activity;sid:84722032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/1.jpg"; depth:9; endswith; nocase; http.host; content:"itskuba.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858933/; classtype:trojan-activity;sid:84722033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5.jpg"; depth:6; endswith; nocase; http.host; content:"worthknowing.us"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858934/; classtype:trojan-activity;sid:84722034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7.jpg"; depth:6; endswith; nocase; http.host; content:"worthknowing.us"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858935/; classtype:trojan-activity;sid:84722035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/3.jpg"; depth:9; endswith; nocase; http.host; content:"www.itskuba.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858936/; classtype:trojan-activity;sid:84722036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.jpg"; depth:6; endswith; nocase; http.host; content:"worthknowing.us"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858937/; classtype:trojan-activity;sid:84722037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/6.jpg"; depth:9; endswith; nocase; http.host; content:"itskuba.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858938/; classtype:trojan-activity;sid:84722038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4.jpg"; depth:6; endswith; nocase; http.host; content:"worthknowing.us"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858939/; classtype:trojan-activity;sid:84722039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2.jpg"; depth:6; endswith; nocase; http.host; content:"worthknowing.us"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858940/; classtype:trojan-activity;sid:84722040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1g/2.jpg"; depth:9; endswith; nocase; http.host; content:"itskuba.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858941/; classtype:trojan-activity;sid:84722041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sysupdate.sh"; depth:13; endswith; nocase; http.host; content:"176.65.139.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858927/; classtype:trojan-activity;sid:84722027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"123.148.242.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858926/; classtype:trojan-activity;sid:84722026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intelix.exe"; depth:12; endswith; nocase; http.host; content:"angel0chek.duckdns.org"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858925/; classtype:trojan-activity;sid:84722025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.230.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858924/; classtype:trojan-activity;sid:84722024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.38.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858923/; classtype:trojan-activity;sid:84722023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/94ba5a51-207f-4c04-b5b7-eb1189584e3f"; depth:37; endswith; nocase; http.host; content:"ageqour.hit4bet1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858922/; classtype:trojan-activity;sid:84722022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.78.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858921/; classtype:trojan-activity;sid:84722021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.29.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858920/; classtype:trojan-activity;sid:84722020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.38.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858919/; classtype:trojan-activity;sid:84722019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.225.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858918/; classtype:trojan-activity;sid:84722018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.3.220"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858917/; classtype:trojan-activity;sid:84722017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.29.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858916/; classtype:trojan-activity;sid:84722016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d7fe837d-dab3-4ab3-8830-2fd34192249c"; depth:37; endswith; nocase; http.host; content:"vobyslb.hilo.casino"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858915/; classtype:trojan-activity;sid:84722015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.235.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858914/; classtype:trojan-activity;sid:84722014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858913/; classtype:trojan-activity;sid:84722013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.225.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858912/; classtype:trojan-activity;sid:84722012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a90ed365-1a8c-420b-acdc-31a1d0c047cc"; depth:37; endswith; nocase; http.host; content:"myofcdr.hezarfencrash.bet"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858911/; classtype:trojan-activity;sid:84722011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.tok"; depth:6; endswith; nocase; http.host; content:"107.148.158.112"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858910/; classtype:trojan-activity;sid:84722010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.249.70.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858909/; classtype:trojan-activity;sid:84722009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.32.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858908/; classtype:trojan-activity;sid:84722008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.41.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858907/; classtype:trojan-activity;sid:84722007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=08c9d615-a227-4114-9dd8-ef5ccf289fec"; depth:47; endswith; nocase; http.host; content:"4q4880m7.bwin90.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858906/; classtype:trojan-activity;sid:84722006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.100.205.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858905/; classtype:trojan-activity;sid:84722005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=884a8c24-84c7-42e3-b95f-b1826d174b7e"; depth:47; endswith; nocase; http.host; content:"3p1x6btm.1xbet90.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858904/; classtype:trojan-activity;sid:84722004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ec2d480-9439-4afd-a57a-39460464022e"; depth:37; endswith; nocase; http.host; content:"youykxp.herz-frank.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858903/; classtype:trojan-activity;sid:84722003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.255.30.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858902/; classtype:trojan-activity;sid:84722002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.249.70.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858901/; classtype:trojan-activity;sid:84722001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.100.205.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858900/; classtype:trojan-activity;sid:84722000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.182.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858899/; classtype:trojan-activity;sid:84721999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858898/; classtype:trojan-activity;sid:84721998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"72.255.30.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858897/; classtype:trojan-activity;sid:84721997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59b087c9-e45a-4647-8afb-dd018520c531"; depth:37; endswith; nocase; http.host; content:"emwzmsp.hazaratbetapp.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858896/; classtype:trojan-activity;sid:84721996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.244.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858895/; classtype:trojan-activity;sid:84721995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"160.30.142.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858894/; classtype:trojan-activity;sid:84721994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"160.30.142.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858893/; classtype:trojan-activity;sid:84721993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/df01dac2-ac14-4ee5-a827-e595af75f3ea"; depth:37; endswith; nocase; http.host; content:"gxtryif.hattrickbetapp.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858892/; classtype:trojan-activity;sid:84721992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.158.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858891/; classtype:trojan-activity;sid:84721991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.242.18.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858890/; classtype:trojan-activity;sid:84721990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.147.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858889/; classtype:trojan-activity;sid:84721989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=951b3f1b-9a30-41ab-84f6-ac1c4530e359"; depth:47; endswith; nocase; http.host; content:"gqjz709j.bordoo.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858888/; classtype:trojan-activity;sid:84721988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f8fc9499-e5bd-4d8d-b470-ea338f1776c5"; depth:37; endswith; nocase; http.host; content:"hwfbwco.hamvarzesh90.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858887/; classtype:trojan-activity;sid:84721987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.211.45.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858886/; classtype:trojan-activity;sid:84721986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2b7803ae-d578-4460-a876-fe47de88c8a1"; depth:37; endswith; nocase; http.host; content:"qcwvat.1kickbet90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858885/; classtype:trojan-activity;sid:84721985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.158.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858884/; classtype:trojan-activity;sid:84721984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e1ea726f-c0de-4994-bad8-8015e01514c2"; depth:37; endswith; nocase; http.host; content:"qkqxbb.doobixbet.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858883/; classtype:trojan-activity;sid:84721983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858882/; classtype:trojan-activity;sid:84721982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.22.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858881/; classtype:trojan-activity;sid:84721981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.147.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858880/; classtype:trojan-activity;sid:84721980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.132.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858879/; classtype:trojan-activity;sid:84721979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.151.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858878/; classtype:trojan-activity;sid:84721978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/565345d4-199f-44b6-9506-72f526f56e6b"; depth:37; endswith; nocase; http.host; content:"zyhhuar.golfbetpro.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858877/; classtype:trojan-activity;sid:84721977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.236"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858876/; classtype:trojan-activity;sid:84721976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.12.237.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858875/; classtype:trojan-activity;sid:84721975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45a2b379-a2d0-48ab-b5a9-0ae836ca60c4"; depth:37; endswith; nocase; http.host; content:"dybkohl.goldenroulette.bet"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858874/; classtype:trojan-activity;sid:84721974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858873/; classtype:trojan-activity;sid:84721973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.178.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858872/; classtype:trojan-activity;sid:84721972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3aa00428-3f0f-4aa6-bb23-4799729448d6"; depth:37; endswith; nocase; http.host; content:"ttowige.goldenroulette.bet"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858871/; classtype:trojan-activity;sid:84721971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.39.221"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858870/; classtype:trojan-activity;sid:84721970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858869/; classtype:trojan-activity;sid:84721969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858868/; classtype:trojan-activity;sid:84721968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.178.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858867/; classtype:trojan-activity;sid:84721967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6aad78a9-38ef-429a-af0a-05e0bf1e91e0"; depth:37; endswith; nocase; http.host; content:"sqzzsnr.gardune.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858866/; classtype:trojan-activity;sid:84721966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"151.233.144.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858865/; classtype:trojan-activity;sid:84721965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.205.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858864/; classtype:trojan-activity;sid:84721964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858863/; classtype:trojan-activity;sid:84721963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.151.124.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858862/; classtype:trojan-activity;sid:84721962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e429f601-18da-4107-8310-96ac56b1a83e"; depth:37; endswith; nocase; http.host; content:"nienzsq.funbet24.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858861/; classtype:trojan-activity;sid:84721961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4fc935b7-f7dc-4205-8dd8-3dfe3786f432"; depth:47; endswith; nocase; http.host; content:"jzl98lpw.betbuilder.promo"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858860/; classtype:trojan-activity;sid:84721960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.224.5"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858859/; classtype:trojan-activity;sid:84721959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.224.5"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858858/; classtype:trojan-activity;sid:84721958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.205.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858857/; classtype:trojan-activity;sid:84721957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.192.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858856/; classtype:trojan-activity;sid:84721956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.149.51.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858855/; classtype:trojan-activity;sid:84721955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858854/; classtype:trojan-activity;sid:84721954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0eaba1ad-aecd-4d8d-b3e9-53cc8cca6b9b"; depth:37; endswith; nocase; http.host; content:"iddmpon.football2026.world"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858853/; classtype:trojan-activity;sid:84721953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.192.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858852/; classtype:trojan-activity;sid:84721952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5569ff72-a1fa-4618-9292-b4f8e18d13a0"; depth:37; endswith; nocase; http.host; content:"hityspe.footbalbet.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858851/; classtype:trojan-activity;sid:84721951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.191.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858850/; classtype:trojan-activity;sid:84721950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.191.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858849/; classtype:trojan-activity;sid:84721949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858848/; classtype:trojan-activity;sid:84721948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"151.233.144.58"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858847/; classtype:trojan-activity;sid:84721947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.149.51.138"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858846/; classtype:trojan-activity;sid:84721946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.31.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858845/; classtype:trojan-activity;sid:84721945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.83.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858844/; classtype:trojan-activity;sid:84721944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.83.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858843/; classtype:trojan-activity;sid:84721943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ab0b8ce8-9e1f-44ae-99ff-a8717c3b1b9b"; depth:47; endswith; nocase; http.host; content:"ne6nzi7r.1shart.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858842/; classtype:trojan-activity;sid:84721942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9dc9cad0-9346-4e81-8f81-be96d7e64b48"; depth:37; endswith; nocase; http.host; content:"thnivbk.footbal90bet.app"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858841/; classtype:trojan-activity;sid:84721941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.31.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858840/; classtype:trojan-activity;sid:84721940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.108.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858839/; classtype:trojan-activity;sid:84721939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.83.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858838/; classtype:trojan-activity;sid:84721938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.27.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858837/; classtype:trojan-activity;sid:84721937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.83.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858836/; classtype:trojan-activity;sid:84721936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80efc71d-72cd-44a7-a1d8-acc40663f4f0"; depth:37; endswith; nocase; http.host; content:"mhepihh.footbal90bet.app"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858835/; classtype:trojan-activity;sid:84721935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.140.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858834/; classtype:trojan-activity;sid:84721934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7ce4b7ee-3b86-4990-9527-dadeed8e276d"; depth:47; endswith; nocase; http.host; content:"7aaxg4kb.betbatis.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858833/; classtype:trojan-activity;sid:84721933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.135.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858832/; classtype:trojan-activity;sid:84721932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.140.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858831/; classtype:trojan-activity;sid:84721931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.232.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858830/; classtype:trojan-activity;sid:84721930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dda41b26-d1c9-4b49-be09-fe63e1e21bc2"; depth:37; endswith; nocase; http.host; content:"syjgiug.fibi-ireland.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858829/; classtype:trojan-activity;sid:84721929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.161.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858828/; classtype:trojan-activity;sid:84721928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.197.138"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858827/; classtype:trojan-activity;sid:84721927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79fbc845-b116-4d29-89b6-b758a6b7e38e"; depth:37; endswith; nocase; http.host; content:"gbueeqa.eurothrombosis2018.com"; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858826/; classtype:trojan-activity;sid:84721926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n.exe"; depth:6; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858824/; classtype:trojan-activity;sid:84721924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x.exe"; depth:6; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858825/; classtype:trojan-activity;sid:84721925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a4d13b32-41cb-4dac-9f71-9662bb1a7626"; depth:37; endswith; nocase; http.host; content:"bfdibp.dahdahtoys.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858823/; classtype:trojan-activity;sid:84721923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.161.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858822/; classtype:trojan-activity;sid:84721922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.197.138"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858821/; classtype:trojan-activity;sid:84721921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.92.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858820/; classtype:trojan-activity;sid:84721920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kaizen.arm7"; depth:17; endswith; nocase; http.host; content:"kaizen22.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858819/; classtype:trojan-activity;sid:84721919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.152.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858817/; classtype:trojan-activity;sid:84721917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.141.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858818/; classtype:trojan-activity;sid:84721918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ade8d41e-e143-4b16-b708-c8d8badea2c4"; depth:47; endswith; nocase; http.host; content:"5ay2qa01.electriccrash.bet"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858816/; classtype:trojan-activity;sid:84721916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca36e73d-15c5-4683-a676-327642efb378"; depth:37; endswith; nocase; http.host; content:"kihjmjx.enobahis.co"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858815/; classtype:trojan-activity;sid:84721915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.92.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858814/; classtype:trojan-activity;sid:84721914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.217.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858813/; classtype:trojan-activity;sid:84721913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.177.28.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858812/; classtype:trojan-activity;sid:84721912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2b3bc6aa-f509-4b4e-853a-ebca1ab50d40"; depth:47; endswith; nocase; http.host; content:"6vk8lpd5.betball90.casino"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858811/; classtype:trojan-activity;sid:84721911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/79b5e3c6-e8f5-4efe-9c09-71e232e8baeb"; depth:37; endswith; nocase; http.host; content:"wvvbpwt.enfejar.game"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858810/; classtype:trojan-activity;sid:84721910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.203.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858809/; classtype:trojan-activity;sid:84721909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.219.172.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858808/; classtype:trojan-activity;sid:84721908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.238.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858807/; classtype:trojan-activity;sid:84721907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.226.161.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858806/; classtype:trojan-activity;sid:84721906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.7.204"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858805/; classtype:trojan-activity;sid:84721905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.199.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858804/; classtype:trojan-activity;sid:84721904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ups/cuh.vbs"; depth:12; endswith; nocase; http.host; content:"dralexandrecoura.com.br"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858803/; classtype:trojan-activity;sid:84721903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.203.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858802/; classtype:trojan-activity;sid:84721902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.219.172.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858801/; classtype:trojan-activity;sid:84721901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.202.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858800/; classtype:trojan-activity;sid:84721900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"38.226.161.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858799/; classtype:trojan-activity;sid:84721899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"bubblekip.info"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858798/; classtype:trojan-activity;sid:84721898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/edcfc2a2-82bd-490a-97d8-f35c94a4a599"; depth:37; endswith; nocase; http.host; content:"jswnqpn.enfejarbazii.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858797/; classtype:trojan-activity;sid:84721897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"xzxni-135-134-92-71.run.pinggy-free.link"; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858796/; classtype:trojan-activity;sid:84721896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.28.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858795/; classtype:trojan-activity;sid:84721895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3.exe"; depth:6; endswith; nocase; http.host; content:"science4u.co.in"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858794/; classtype:trojan-activity;sid:84721894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/144.exe"; depth:8; endswith; nocase; http.host; content:"science4u.co.in"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858793/; classtype:trojan-activity;sid:84721893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mim/inkopph.txt"; depth:16; endswith; nocase; http.host; content:"iwd21.icu"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858792/; classtype:trojan-activity;sid:84721892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.238.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858791/; classtype:trojan-activity;sid:84721891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"viceete.lol"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858790/; classtype:trojan-activity;sid:84721890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1232af70460f33e6.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858787/; classtype:trojan-activity;sid:84721887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_678a638ac5fc633b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858788/; classtype:trojan-activity;sid:84721888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b6b65062e1a97e1e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858789/; classtype:trojan-activity;sid:84721889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.163.52.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858786/; classtype:trojan-activity;sid:84721886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8560243644/9pyoraz.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858785/; classtype:trojan-activity;sid:84721885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f6e8b42a-a64d-4966-a515-fea433a72b8f"; depth:37; endswith; nocase; http.host; content:"ldkrhyp.emshab.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858784/; classtype:trojan-activity;sid:84721884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.141.53"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858783/; classtype:trojan-activity;sid:84721883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.163.52.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858782/; classtype:trojan-activity;sid:84721882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.241.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858781/; classtype:trojan-activity;sid:84721881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b0788a7a-40cd-49d0-80e5-f65772ad49e2"; depth:47; endswith; nocase; http.host; content:"ex7gv4y7.bet90land.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858780/; classtype:trojan-activity;sid:84721880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.9.225"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858779/; classtype:trojan-activity;sid:84721879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/af0df9e4-a648-4f16-9435-8e337d042bb2"; depth:37; endswith; nocase; http.host; content:"atnvjyj.emroze.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858778/; classtype:trojan-activity;sid:84721878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.241.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858777/; classtype:trojan-activity;sid:84721877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.81.84.187"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858776/; classtype:trojan-activity;sid:84721876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1df8503c-b180-4603-ba92-7d6c3ac6c7a9"; depth:37; endswith; nocase; http.host; content:"tpvggeb.bordino.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858775/; classtype:trojan-activity;sid:84721875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858770/; classtype:trojan-activity;sid:84721870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858771/; classtype:trojan-activity;sid:84721871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858772/; classtype:trojan-activity;sid:84721872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858773/; classtype:trojan-activity;sid:84721873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858774/; classtype:trojan-activity;sid:84721874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"5.83.134.26"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858769/; classtype:trojan-activity;sid:84721869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858764/; classtype:trojan-activity;sid:84721864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858765/; classtype:trojan-activity;sid:84721865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858766/; classtype:trojan-activity;sid:84721866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858767/; classtype:trojan-activity;sid:84721867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858768/; classtype:trojan-activity;sid:84721868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858763/; classtype:trojan-activity;sid:84721863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858759/; classtype:trojan-activity;sid:84721859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.aarch64"; depth:13; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858760/; classtype:trojan-activity;sid:84721860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsrouter"; depth:16; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858761/; classtype:trojan-activity;sid:84721861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858762/; classtype:trojan-activity;sid:84721862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858753/; classtype:trojan-activity;sid:84721853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858754/; classtype:trojan-activity;sid:84721854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858755/; classtype:trojan-activity;sid:84721855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858756/; classtype:trojan-activity;sid:84721856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858757/; classtype:trojan-activity;sid:84721857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"176.65.139.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858758/; classtype:trojan-activity;sid:84721858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/03e33117-8fbf-4672-8632-88b6ff1f2f44"; depth:37; endswith; nocase; http.host; content:"amcbvlw.bordbet.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858752/; classtype:trojan-activity;sid:84721852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.8.88.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858751/; classtype:trojan-activity;sid:84721851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.151.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858750/; classtype:trojan-activity;sid:84721850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.156.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858749/; classtype:trojan-activity;sid:84721849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.8.88.59"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858748/; classtype:trojan-activity;sid:84721848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.126.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858747/; classtype:trojan-activity;sid:84721847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"142.90.8.60"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858746/; classtype:trojan-activity;sid:84721846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.188.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858745/; classtype:trojan-activity;sid:84721845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.126.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858744/; classtype:trojan-activity;sid:84721844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.67.212.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858743/; classtype:trojan-activity;sid:84721843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb507668-f86f-4d75-a682-1e1af73322eb"; depth:37; endswith; nocase; http.host; content:"fzgktgh.bord90.bet"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858742/; classtype:trojan-activity;sid:84721842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty3"; depth:5; endswith; nocase; http.host; content:"142.93.255.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858739/; classtype:trojan-activity;sid:84721839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty4"; depth:5; endswith; nocase; http.host; content:"142.93.255.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858740/; classtype:trojan-activity;sid:84721840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty10"; depth:6; endswith; nocase; http.host; content:"142.93.255.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858741/; classtype:trojan-activity;sid:84721841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.67.212.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858738/; classtype:trojan-activity;sid:84721838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.200.53"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858736/; classtype:trojan-activity;sid:84721836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.98.224"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858737/; classtype:trojan-activity;sid:84721837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.98.224"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858735/; classtype:trojan-activity;sid:84721835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.188.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858734/; classtype:trojan-activity;sid:84721834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"142.90.8.60"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858733/; classtype:trojan-activity;sid:84721833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d8db853d-3c1c-4eeb-80b9-c0eab866ae37"; depth:47; endswith; nocase; http.host; content:"bofcv8ir.bet90boro.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858732/; classtype:trojan-activity;sid:84721832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.109.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858731/; classtype:trojan-activity;sid:84721831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30885085-cd04-482b-915b-8e9b2668f8bb"; depth:37; endswith; nocase; http.host; content:"drckscr.bizbetslot.net"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858730/; classtype:trojan-activity;sid:84721830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"confirmyouarehuman.top"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858729/; classtype:trojan-activity;sid:84721829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dd0e4c98-8d22-4065-9b7f-f6dfc0b91b16"; depth:37; endswith; nocase; http.host; content:"ltncnvk.bingobet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858728/; classtype:trojan-activity;sid:84721828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f8b5f70c-843d-412a-8a86-93ff2f423d0d"; depth:37; endswith; nocase; http.host; content:"yertdw.3sefr3.ir"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858727/; classtype:trojan-activity;sid:84721827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4567.exe"; depth:9; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858726/; classtype:trojan-activity;sid:84721826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5f88b9f0-3f38-4e2d-a6d7-3a963e55febc"; depth:37; endswith; nocase; http.host; content:"gxhztve.bingobet90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858725/; classtype:trojan-activity;sid:84721825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.88.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858724/; classtype:trojan-activity;sid:84721824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.118.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858723/; classtype:trojan-activity;sid:84721823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.118.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858722/; classtype:trojan-activity;sid:84721822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jqpw8uhpsy5ps3nkofkyo2ql4hc23mew"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858721/; classtype:trojan-activity;sid:84721821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1u0g1dovudc5vcep653aze60sglhs3efq"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858719/; classtype:trojan-activity;sid:84721819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1fa9tvcakcgferdlaejijbeofjui9gb6r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858720/; classtype:trojan-activity;sid:84721820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daldalkim/cuddly-octo-waddle/releases/download/v1.0.0/tax_notice.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858715/; classtype:trojan-activity;sid:84721815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daldalkim/cuddly-octo-waddle/releases/download/v1.0.0/payment_due_notice.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858716/; classtype:trojan-activity;sid:84721816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daldalkim/cuddly-octo-waddle/releases/download/v1.0.0/tax_refund.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858717/; classtype:trojan-activity;sid:84721817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daldalkim/cuddly-octo-waddle/releases/download/v1.0.0/pwko.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858718/; classtype:trojan-activity;sid:84721818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wem/stego_payloaad.png"; depth:23; endswith; nocase; http.host; content:"45.61.150.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858714/; classtype:trojan-activity;sid:84721814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//common/caches/snake.png"; depth:25; endswith; nocase; http.host; content:"kpmmg.org"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858712/; classtype:trojan-activity;sid:84721812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//common/caches/phantom_tg.png"; depth:30; endswith; nocase; http.host; content:"kpmmg.org"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858713/; classtype:trojan-activity;sid:84721813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoynesdoubled"; depth:14; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858711/; classtype:trojan-activity;sid:84721811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uni.png"; depth:8; endswith; nocase; http.host; content:"pub-33172110f57a4bbfa0c089261c8b7d4d.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858710/; classtype:trojan-activity;sid:84721810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pmnia"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858709/; classtype:trojan-activity;sid:84721809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tinubu.png"; depth:11; endswith; nocase; http.host; content:"pub-ce02802067934e0eb072f69bf6427bf6.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858708/; classtype:trojan-activity;sid:84721808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ridmb"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858707/; classtype:trojan-activity;sid:84721807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//common/caches/xwbin.png"; depth:25; endswith; nocase; http.host; content:"kpmmg.org"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858706/; classtype:trojan-activity;sid:84721806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.jpg"; depth:6; endswith; nocase; http.host; content:"nanshiin.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858704/; classtype:trojan-activity;sid:84721804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obayj3ui/raw"; depth:13; endswith; nocase; http.host; content:"pastefy.app"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858705/; classtype:trojan-activity;sid:84721805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/400/goodpersonforbetterone.hta"; depth:31; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858703/; classtype:trojan-activity;sid:84721803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70/img_001939.png"; depth:18; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858701/; classtype:trojan-activity;sid:84721801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70/goodformulafodme.hta"; depth:24; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858702/; classtype:trojan-activity;sid:84721802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/img_212549.png"; depth:18; endswith; nocase; http.host; content:"172.245.209.218"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858700/; classtype:trojan-activity;sid:84721800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/400/img_033451.png"; depth:19; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858699/; classtype:trojan-activity;sid:84721799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80/goodthingsforbetterperson.hta"; depth:33; endswith; nocase; http.host; content:"172.245.209.218"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858698/; classtype:trojan-activity;sid:84721798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_808d5e8e6a974796.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858697/; classtype:trojan-activity;sid:84721797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fbf49a3f-26f7-4638-b5d0-239c23c6a491"; depth:47; endswith; nocase; http.host; content:"3i8e3aty.ef90bet.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858696/; classtype:trojan-activity;sid:84721796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/kb/nc/greatrankcreationforbestshipping.hta"; depth:47; endswith; nocase; http.host; content:"96.44.167.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858695/; classtype:trojan-activity;sid:84721795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"onceuponatimethebabyangelcamebacktotheearthtogoformebestwishesg.ydns.eu"; depth:71; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858694/; classtype:trojan-activity;sid:84721794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/httpswww.tcs.comwhat-we-doindustriespublic-servicessolutiontcs-sovereignsecure-cloud-ring.php"; depth:94; endswith; nocase; http.host; content:"96.44.167.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858693/; classtype:trojan-activity;sid:84721793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c9ed23eb-3dd5-4066-96a2-e8cd0c7e4f4a"; depth:37; endswith; nocase; http.host; content:"mlvzrpw.betyyy.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858692/; classtype:trojan-activity;sid:84721792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.69.89.142"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858691/; classtype:trojan-activity;sid:84721791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.well-known/acme-challenge/img_20260531_214059_714.png"; depth:55; endswith; nocase; http.host; content:"kits.frog.tw"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858690/; classtype:trojan-activity;sid:84721790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/funny.png"; depth:17; endswith; nocase; http.host; content:"kits.frog.tw"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858689/; classtype:trojan-activity;sid:84721789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.69.89.142"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858688/; classtype:trojan-activity;sid:84721788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2023/04/taskhost.exe"; depth:40; endswith; nocase; http.host; content:"hqp-llc.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858687/; classtype:trojan-activity;sid:84721787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/mips"; depth:13; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858683/; classtype:trojan-activity;sid:84721783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/arm"; depth:12; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858684/; classtype:trojan-activity;sid:84721784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/mpsl"; depth:13; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858685/; classtype:trojan-activity;sid:84721785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/arm5"; depth:13; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858686/; classtype:trojan-activity;sid:84721786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gigatex/arm7"; depth:13; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858681/; classtype:trojan-activity;sid:84721781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.244.40.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858682/; classtype:trojan-activity;sid:84721782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.132.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858680/; classtype:trojan-activity;sid:84721780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9de42a33-f1b3-4683-8402-c5600ad3b0dc"; depth:37; endswith; nocase; http.host; content:"jojxmyi.betwoonuyelik.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858679/; classtype:trojan-activity;sid:84721779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.23.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858678/; classtype:trojan-activity;sid:84721778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858677/; classtype:trojan-activity;sid:84721777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.132.228"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858676/; classtype:trojan-activity;sid:84721776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stego_paload.png"; depth:17; endswith; nocase; http.host; content:"ybhub.com.au"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858675/; classtype:trojan-activity;sid:84721775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.244.40.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858674/; classtype:trojan-activity;sid:84721774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3a1be5a4-980c-47b7-8750-846326c80c97"; depth:47; endswith; nocase; http.host; content:"fq5lyk18.bet404.games"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858673/; classtype:trojan-activity;sid:84721773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.152.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858672/; classtype:trojan-activity;sid:84721772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.67.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858671/; classtype:trojan-activity;sid:84721771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3gc972.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858670/; classtype:trojan-activity;sid:84721770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.179.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858669/; classtype:trojan-activity;sid:84721769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6e9fb347-67ee-4518-8668-88397420ceaf"; depth:37; endswith; nocase; http.host; content:"ptapgsl.betwana.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858668/; classtype:trojan-activity;sid:84721768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mp/file.png"; depth:12; endswith; nocase; http.host; content:"188.213.175.222"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858667/; classtype:trojan-activity;sid:84721767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.sh"; depth:5; endswith; nocase; http.host; content:"151.245.104.193"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858665/; classtype:trojan-activity;sid:84721765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi"; depth:5; endswith; nocase; http.host; content:"223.123.38.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858666/; classtype:trojan-activity;sid:84721766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.85.110.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858663/; classtype:trojan-activity;sid:84721763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"115.57.183.40"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858664/; classtype:trojan-activity;sid:84721764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ash"; depth:4; endswith; nocase; http.host; content:"fluffynoodle.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858662/; classtype:trojan-activity;sid:84721762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_30ecb0a5dbaa1ba1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858658/; classtype:trojan-activity;sid:84721758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.sh"; depth:5; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858659/; classtype:trojan-activity;sid:84721759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_367971ed01760582.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858660/; classtype:trojan-activity;sid:84721760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_61494061c939bae3.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858661/; classtype:trojan-activity;sid:84721761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858657/; classtype:trojan-activity;sid:84721757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858656/; classtype:trojan-activity;sid:84721756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.67.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858655/; classtype:trojan-activity;sid:84721755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.179.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858654/; classtype:trojan-activity;sid:84721754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.204.157.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858653/; classtype:trojan-activity;sid:84721753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86b4c01f-221b-44f4-a129-328538bf2012"; depth:37; endswith; nocase; http.host; content:"zchjlsi.betwana.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858652/; classtype:trojan-activity;sid:84721752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.64.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858651/; classtype:trojan-activity;sid:84721751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.22.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858650/; classtype:trojan-activity;sid:84721750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.217.155"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858649/; classtype:trojan-activity;sid:84721749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.204.157.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858648/; classtype:trojan-activity;sid:84721748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07d9cd3a-6350-4cc5-aa58-e14ec597d8f6"; depth:37; endswith; nocase; http.host; content:"yzqorlb.betvolleyball.net"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858647/; classtype:trojan-activity;sid:84721747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.9.215"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858646/; classtype:trojan-activity;sid:84721746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.129.130.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858645/; classtype:trojan-activity;sid:84721745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/99110a79-c0b7-4eab-8097-0659e271070d"; depth:37; endswith; nocase; http.host; content:"byucosm.bettime.win"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858644/; classtype:trojan-activity;sid:84721744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858643/; classtype:trojan-activity;sid:84721743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858642/; classtype:trojan-activity;sid:84721742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e2a2cce5-71b2-4d93-958e-e409450973ee"; depth:47; endswith; nocase; http.host; content:"6dg7sjam.bet404farsi.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858641/; classtype:trojan-activity;sid:84721741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858640/; classtype:trojan-activity;sid:84721740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.144.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858639/; classtype:trojan-activity;sid:84721739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.241.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858638/; classtype:trojan-activity;sid:84721738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.126.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858637/; classtype:trojan-activity;sid:84721737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/691c76f9-784c-4137-b14f-313760339a85"; depth:37; endswith; nocase; http.host; content:"clmkghe.bettime90.casino"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858636/; classtype:trojan-activity;sid:84721736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.254"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858635/; classtype:trojan-activity;sid:84721735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tr"; depth:3; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858634/; classtype:trojan-activity;sid:84721734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.144.157"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858633/; classtype:trojan-activity;sid:84721733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm72"; depth:6; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858609/; classtype:trojan-activity;sid:84721709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giga.sh"; depth:8; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858610/; classtype:trojan-activity;sid:84721710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old"; depth:4; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858611/; classtype:trojan-activity;sid:84721711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858612/; classtype:trojan-activity;sid:84721712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netis.sh"; depth:9; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858613/; classtype:trojan-activity;sid:84721713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm4"; depth:9; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858614/; classtype:trojan-activity;sid:84721714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i686"; depth:18; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858615/; classtype:trojan-activity;sid:84721715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.sh4"; depth:17; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858616/; classtype:trojan-activity;sid:84721716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.spc"; depth:17; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858617/; classtype:trojan-activity;sid:84721717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858618/; classtype:trojan-activity;sid:84721718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mipsl"; depth:19; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858619/; classtype:trojan-activity;sid:84721719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm5"; depth:18; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858621/; classtype:trojan-activity;sid:84721721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.mips"; depth:18; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858622/; classtype:trojan-activity;sid:84721722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_32"; depth:20; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858623/; classtype:trojan-activity;sid:84721723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.i486"; depth:18; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858624/; classtype:trojan-activity;sid:84721724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc"; depth:17; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858625/; classtype:trojan-activity;sid:84721725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arc"; depth:17; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858626/; classtype:trojan-activity;sid:84721726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858627/; classtype:trojan-activity;sid:84721727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.ppc440"; depth:20; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858628/; classtype:trojan-activity;sid:84721728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858629/; classtype:trojan-activity;sid:84721729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm"; depth:17; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858630/; classtype:trojan-activity;sid:84721730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858631/; classtype:trojan-activity;sid:84721731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.m68k"; depth:18; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858632/; classtype:trojan-activity;sid:84721732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmips"; depth:6; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858608/; classtype:trojan-activity;sid:84721708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm6"; depth:18; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858607/; classtype:trojan-activity;sid:84721707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cc06ec3e-7275-44d9-9cb5-f0cf8621d8d0"; depth:37; endswith; nocase; http.host; content:"kfvgvcb.betrophy90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858606/; classtype:trojan-activity;sid:84721706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.135.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858605/; classtype:trojan-activity;sid:84721705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.11.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858604/; classtype:trojan-activity;sid:84721704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/34e1e67f-c08b-4ce9-aca5-a5d252536caa"; depth:37; endswith; nocase; http.host; content:"swmzey.3sefr3.ir"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858603/; classtype:trojan-activity;sid:84721703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858602/; classtype:trojan-activity;sid:84721702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jbd2_sda1d"; depth:16; endswith; nocase; http.host; content:"160.191.243.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858601/; classtype:trojan-activity;sid:84721701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworker_u8"; depth:16; endswith; nocase; http.host; content:"160.191.243.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858600/; classtype:trojan-activity;sid:84721700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ksoftirqd0"; depth:16; endswith; nocase; http.host; content:"160.191.243.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858599/; classtype:trojan-activity;sid:84721699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/loader.sh"; depth:15; endswith; nocase; http.host; content:"160.191.243.187"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858597/; classtype:trojan-activity;sid:84721697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858598/; classtype:trojan-activity;sid:84721698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; depth:33; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858596/; classtype:trojan-activity;sid:84721696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858594/; classtype:trojan-activity;sid:84721694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sexy.apk"; depth:9; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858595/; classtype:trojan-activity;sid:84721695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.arm7"; depth:18; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858592/; classtype:trojan-activity;sid:84721692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; depth:30; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858593/; classtype:trojan-activity;sid:84721693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858590/; classtype:trojan-activity;sid:84721690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug"; depth:6; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858591/; classtype:trojan-activity;sid:84721691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858589/; classtype:trojan-activity;sid:84721689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858582/; classtype:trojan-activity;sid:84721682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858583/; classtype:trojan-activity;sid:84721683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huhu/titanjr.x86_64"; depth:20; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858584/; classtype:trojan-activity;sid:84721684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858585/; classtype:trojan-activity;sid:84721685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; depth:37; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858586/; classtype:trojan-activity;sid:84721686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858587/; classtype:trojan-activity;sid:84721687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858588/; classtype:trojan-activity;sid:84721688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858581/; classtype:trojan-activity;sid:84721681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858576/; classtype:trojan-activity;sid:84721676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; depth:29; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858577/; classtype:trojan-activity;sid:84721677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858578/; classtype:trojan-activity;sid:84721678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; depth:33; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858579/; classtype:trojan-activity;sid:84721679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858580/; classtype:trojan-activity;sid:84721680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; depth:30; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858575/; classtype:trojan-activity;sid:84721675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858565/; classtype:trojan-activity;sid:84721665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858566/; classtype:trojan-activity;sid:84721666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858567/; classtype:trojan-activity;sid:84721667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858568/; classtype:trojan-activity;sid:84721668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858569/; classtype:trojan-activity;sid:84721669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858570/; classtype:trojan-activity;sid:84721670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858571/; classtype:trojan-activity;sid:84721671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858572/; classtype:trojan-activity;sid:84721672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858573/; classtype:trojan-activity;sid:84721673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858574/; classtype:trojan-activity;sid:84721674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; depth:33; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858553/; classtype:trojan-activity;sid:84721653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858554/; classtype:trojan-activity;sid:84721654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858555/; classtype:trojan-activity;sid:84721655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858556/; classtype:trojan-activity;sid:84721656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858557/; classtype:trojan-activity;sid:84721657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858558/; classtype:trojan-activity;sid:84721658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858559/; classtype:trojan-activity;sid:84721659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; depth:29; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858560/; classtype:trojan-activity;sid:84721660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; depth:37; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858561/; classtype:trojan-activity;sid:84721661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858562/; classtype:trojan-activity;sid:84721662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858563/; classtype:trojan-activity;sid:84721663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858564/; classtype:trojan-activity;sid:84721664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858552/; classtype:trojan-activity;sid:84721652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858550/; classtype:trojan-activity;sid:84721650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858551/; classtype:trojan-activity;sid:84721651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858546/; classtype:trojan-activity;sid:84721646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; depth:36; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858547/; classtype:trojan-activity;sid:84721647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858548/; classtype:trojan-activity;sid:84721648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858549/; classtype:trojan-activity;sid:84721649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858541/; classtype:trojan-activity;sid:84721641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_0e9171fdd91b657d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858542/; classtype:trojan-activity;sid:84721642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858543/; classtype:trojan-activity;sid:84721643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; depth:36; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858544/; classtype:trojan-activity;sid:84721644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858545/; classtype:trojan-activity;sid:84721645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858539/; classtype:trojan-activity;sid:84721639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858540/; classtype:trojan-activity;sid:84721640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858538/; classtype:trojan-activity;sid:84721638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858526/; classtype:trojan-activity;sid:84721626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858527/; classtype:trojan-activity;sid:84721627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858528/; classtype:trojan-activity;sid:84721628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858529/; classtype:trojan-activity;sid:84721629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858530/; classtype:trojan-activity;sid:84721630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858531/; classtype:trojan-activity;sid:84721631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858532/; classtype:trojan-activity;sid:84721632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; depth:30; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858533/; classtype:trojan-activity;sid:84721633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858534/; classtype:trojan-activity;sid:84721634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858535/; classtype:trojan-activity;sid:84721635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858536/; classtype:trojan-activity;sid:84721636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"94.183.182.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858537/; classtype:trojan-activity;sid:84721637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; depth:37; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858521/; classtype:trojan-activity;sid:84721621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; depth:29; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858522/; classtype:trojan-activity;sid:84721622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858523/; classtype:trojan-activity;sid:84721623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; depth:36; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858524/; classtype:trojan-activity;sid:84721624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858525/; classtype:trojan-activity;sid:84721625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858520/; classtype:trojan-activity;sid:84721620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.aarch64"; depth:13; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858519/; classtype:trojan-activity;sid:84721619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"185.242.3.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858518/; classtype:trojan-activity;sid:84721618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.sh"; depth:7; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858509/; classtype:trojan-activity;sid:84721609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb"; depth:4; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858510/; classtype:trojan-activity;sid:84721610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"45.153.34.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858511/; classtype:trojan-activity;sid:84721611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"64.89.162.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858512/; classtype:trojan-activity;sid:84721612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"82.25.63.213"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858513/; classtype:trojan-activity;sid:84721613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink.sh"; depth:10; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858514/; classtype:trojan-activity;sid:84721614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858515/; classtype:trojan-activity;sid:84721615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/all.sh"; depth:7; endswith; nocase; http.host; content:"23.238.39.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858516/; classtype:trojan-activity;sid:84721616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"78.153.155.152"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858517/; classtype:trojan-activity;sid:84721617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858507/; classtype:trojan-activity;sid:84721607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858508/; classtype:trojan-activity;sid:84721608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get.sh"; depth:7; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858506/; classtype:trojan-activity;sid:84721606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.43.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858505/; classtype:trojan-activity;sid:84721605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vvvvvvvvv.ps1"; depth:14; endswith; nocase; http.host; content:"ecomarkperu.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858504/; classtype:trojan-activity;sid:84721604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sudsss-02-06/magazine25348.ecw"; depth:31; endswith; nocase; http.host; content:"hottestline.pro"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858503/; classtype:trojan-activity;sid:84721603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sudsss-02-06/droop/actively/amount/6/4/2026/ay25348.kdc"; depth:56; endswith; nocase; http.host; content:"db0.chris-smart.workers.dev"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858502/; classtype:trojan-activity;sid:84721602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spx/spx.vbs"; depth:12; endswith; nocase; http.host; content:"baolongwes.oss-ap-southeast-1.aliyuncs.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858501/; classtype:trojan-activity;sid:84721601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spx/ficeo.zip"; depth:14; endswith; nocase; http.host; content:"baolongwes.oss-ap-southeast-1.aliyuncs.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858500/; classtype:trojan-activity;sid:84721600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blaoso/uac399.txt"; depth:18; endswith; nocase; http.host; content:"baolongwes.oss-ap-southeast-1.aliyuncs.com"; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858499/; classtype:trojan-activity;sid:84721599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.135.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858498/; classtype:trojan-activity;sid:84721598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/stego_payload.png"; depth:22; endswith; nocase; http.host; content:"inervadores.life"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858497/; classtype:trojan-activity;sid:84721597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mp/files.png"; depth:13; endswith; nocase; http.host; content:"188.213.175.222"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858496/; classtype:trojan-activity;sid:84721596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/587.exe"; depth:15; endswith; nocase; http.host; content:"delte-mobrey.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858495/; classtype:trojan-activity;sid:84721595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc84e8a9-e44b-47de-b068-ba0379defd7a"; depth:37; endswith; nocase; http.host; content:"ffeqlui.betrayon.casino"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858494/; classtype:trojan-activity;sid:84721594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.148.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858488/; classtype:trojan-activity;sid:84721588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.148.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858489/; classtype:trojan-activity;sid:84721589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.148.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858490/; classtype:trojan-activity;sid:84721590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.148.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858491/; classtype:trojan-activity;sid:84721591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.148.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858492/; classtype:trojan-activity;sid:84721592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.148.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858493/; classtype:trojan-activity;sid:84721593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.148.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858487/; classtype:trojan-activity;sid:84721587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fi/fantas.inf"; depth:14; endswith; nocase; http.host; content:"silvion.uk"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858485/; classtype:trojan-activity;sid:84721585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pg/pg.js"; depth:9; endswith; nocase; http.host; content:"gomc.uk"; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858486/; classtype:trojan-activity;sid:84721586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kim/kim.bin"; depth:12; endswith; nocase; http.host; content:"www.webangelo.it"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858483/; classtype:trojan-activity;sid:84721583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ucd/ucc.pdf"; depth:12; endswith; nocase; http.host; content:"gomc.uk"; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858484/; classtype:trojan-activity;sid:84721584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"photo-62454.cfd"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858482/; classtype:trojan-activity;sid:84721582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"hubsecure.info"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858481/; classtype:trojan-activity;sid:84721581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/bin.dat"; depth:10; endswith; nocase; http.host; content:"sterich.online"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858480/; classtype:trojan-activity;sid:84721580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggggggggggggggggg.ps1"; depth:22; endswith; nocase; http.host; content:"ecomarkperu.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858479/; classtype:trojan-activity;sid:84721579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/jbcrdfs.txt"; depth:22; endswith; nocase; http.host; content:"www.websenorllc.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858478/; classtype:trojan-activity;sid:84721578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rovingrandy"; depth:12; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858477/; classtype:trojan-activity;sid:84721577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.43.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858476/; classtype:trojan-activity;sid:84721576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enter/stego_payload.png"; depth:24; endswith; nocase; http.host; content:"inervadores.life"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858475/; classtype:trojan-activity;sid:84721575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bopqmq.ps1"; depth:11; endswith; nocase; http.host; content:"files.catbox.moe"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858474/; classtype:trojan-activity;sid:84721574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.231.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858473/; classtype:trojan-activity;sid:84721573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//grabme/stub.ps1"; depth:17; endswith; nocase; http.host; content:"progroup.top"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858472/; classtype:trojan-activity;sid:84721572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"180.20.254.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858471/; classtype:trojan-activity;sid:84721571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1vj3yx2uwqwmv3od6nixqa6z7gbwdzs9z"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858468/; classtype:trojan-activity;sid:84721568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1fro4tdyaj_lmq0xhmxtllmq6lj3r04bw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858469/; classtype:trojan-activity;sid:84721569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nuq93ap9qlsxlxogumzjwv3ecnkcy2cw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858470/; classtype:trojan-activity;sid:84721570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dpk0sbpsx/image/upload/v1780468521/img_233448_rg8vd6.jpg"; depth:57; endswith; nocase; http.host; content:"res.cloudinary.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858467/; classtype:trojan-activity;sid:84721567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=13qm47n4tkeemhxmzslwc8esrz60itk-r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858466/; classtype:trojan-activity;sid:84721566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zyg14rkv6r02sp4jqc0lbbcbkp9thaso"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858463/; classtype:trojan-activity;sid:84721563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1f_b2yvl_g3exwlpnrqznwncybmspfe7p"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858464/; classtype:trojan-activity;sid:84721564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rrftr30qyyhi17timrov6yle7glsbemk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858465/; classtype:trojan-activity;sid:84721565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hl3e50kb0ctdwkaaxznbkranwljnrvsy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858462/; classtype:trojan-activity;sid:84721562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.22.13"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858461/; classtype:trojan-activity;sid:84721561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app1.msi"; depth:9; endswith; nocase; http.host; content:"edgeviewruntime.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858460/; classtype:trojan-activity;sid:84721560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uccrfq/ucc.pdf"; depth:15; endswith; nocase; http.host; content:"newmans.it.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858458/; classtype:trojan-activity;sid:84721558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gs/ms.js"; depth:9; endswith; nocase; http.host; content:"newmans.it.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858459/; classtype:trojan-activity;sid:84721559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/pnscan.tar"; depth:17; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858454/; classtype:trojan-activity;sid:84721554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/masscan-1.0.4.tar.gz"; depth:27; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858455/; classtype:trojan-activity;sid:84721555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/masscan-1.0.4.tar.gz"; depth:27; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858456/; classtype:trojan-activity;sid:84721556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tools/pnscan.tar"; depth:17; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858457/; classtype:trojan-activity;sid:84721557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f37497a2-61d1-468a-ba39-d842fe0ad2c1"; depth:47; endswith; nocase; http.host; content:"t7gjz81d.bet360pro.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858453/; classtype:trojan-activity;sid:84721553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuyu/yu20th.png"; depth:16; endswith; nocase; http.host; content:"www.tradedsglobal.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858452/; classtype:trojan-activity;sid:84721552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//common/caches/june.png"; depth:24; endswith; nocase; http.host; content:"kpmmg.org"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858450/; classtype:trojan-activity;sid:84721550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuyu/rump20th.png"; depth:18; endswith; nocase; http.host; content:"www.tradedsglobal.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858451/; classtype:trojan-activity;sid:84721551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//common/caches/optimized.png"; depth:29; endswith; nocase; http.host; content:"kpmmg.org"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858449/; classtype:trojan-activity;sid:84721549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/folkting.asi"; depth:13; endswith; nocase; http.host; content:"194.87.24.96"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858448/; classtype:trojan-activity;sid:84721548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrnybie147.rar"; depth:15; endswith; nocase; http.host; content:"194.87.24.96"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858447/; classtype:trojan-activity;sid:84721547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.173.159.67"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858446/; classtype:trojan-activity;sid:84721546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d82fafeb-e737-4d0b-bd8a-e58d4cdb2d0c"; depth:37; endswith; nocase; http.host; content:"cmzgymj.betobet90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858445/; classtype:trojan-activity;sid:84721545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_16447db4987d422f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858444/; classtype:trojan-activity;sid:84721544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.94.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858443/; classtype:trojan-activity;sid:84721543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/708680ca-ef9f-4d93-954e-fa3c3f87c333"; depth:37; endswith; nocase; http.host; content:"bkbopol.betlikegirisi.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858441/; classtype:trojan-activity;sid:84721541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.156.192"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858442/; classtype:trojan-activity;sid:84721542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.210.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858439/; classtype:trojan-activity;sid:84721539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.151.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858440/; classtype:trojan-activity;sid:84721540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; depth:63; endswith; nocase; http.host; content:"hsh1serverboarding.xyz"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858438/; classtype:trojan-activity;sid:84721538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.18.41"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858437/; classtype:trojan-activity;sid:84721537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.90.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858436/; classtype:trojan-activity;sid:84721536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.156.192"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858435/; classtype:trojan-activity;sid:84721535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.183.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858434/; classtype:trojan-activity;sid:84721534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.200.53"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858433/; classtype:trojan-activity;sid:84721533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.186.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858432/; classtype:trojan-activity;sid:84721532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.210.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858431/; classtype:trojan-activity;sid:84721531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.241.53.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858430/; classtype:trojan-activity;sid:84721530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.24.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858429/; classtype:trojan-activity;sid:84721529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f627ed93-abf3-4c95-bf9a-ffe62ac65b54"; depth:37; endswith; nocase; http.host; content:"zthnnrr.betistmobil.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858428/; classtype:trojan-activity;sid:84721528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.148.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858427/; classtype:trojan-activity;sid:84721527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.183.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858426/; classtype:trojan-activity;sid:84721526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.90.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858425/; classtype:trojan-activity;sid:84721525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.34.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858424/; classtype:trojan-activity;sid:84721524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.127.71.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858423/; classtype:trojan-activity;sid:84721523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.241.53.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858422/; classtype:trojan-activity;sid:84721522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.252.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858421/; classtype:trojan-activity;sid:84721521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imgo/optimized_msi.png"; depth:23; endswith; nocase; http.host; content:"tmcksa.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858420/; classtype:trojan-activity;sid:84721520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_133443.png"; depth:15; endswith; nocase; http.host; content:"pub-f36b05599c3043ddb16520acf6cc3cce.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858419/; classtype:trojan-activity;sid:84721519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cewiw"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858418/; classtype:trojan-activity;sid:84721518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.127.71.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858417/; classtype:trojan-activity;sid:84721517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smx1.exe"; depth:9; endswith; nocase; http.host; content:"sandyadamspodcast.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858416/; classtype:trojan-activity;sid:84721516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/requests/src/stubppp.ps1"; depth:37; endswith; nocase; http.host; content:"mediafacundo.varascundo.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858415/; classtype:trojan-activity;sid:84721515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.148.15"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858414/; classtype:trojan-activity;sid:84721514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7ef1e1c4-7db5-40c0-955f-c7fde7263248"; depth:47; endswith; nocase; http.host; content:"ty7zctpt.bet303casino.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858413/; classtype:trojan-activity;sid:84721513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.11.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858412/; classtype:trojan-activity;sid:84721512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stego_payload.png"; depth:18; endswith; nocase; http.host; content:"corwineagles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858411/; classtype:trojan-activity;sid:84721511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.24.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858410/; classtype:trojan-activity;sid:84721510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kidda.exe"; depth:10; endswith; nocase; http.host; content:"vrdccbank.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858409/; classtype:trojan-activity;sid:84721509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaglestitan001.exe"; depth:19; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858408/; classtype:trojan-activity;sid:84721508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7b6912c6-c596-4261-9517-595ff8ea7f14"; depth:37; endswith; nocase; http.host; content:"wezdgtt.betistcomgiris.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858407/; classtype:trojan-activity;sid:84721507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dukqjhicy/image/upload/v1780541824/img_195534_bvj0ui.jpg"; depth:57; endswith; nocase; http.host; content:"res.cloudinary.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858406/; classtype:trojan-activity;sid:84721506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.103.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858404/; classtype:trojan-activity;sid:84721504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.227.38.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858405/; classtype:trojan-activity;sid:84721505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pearl-miner"; depth:12; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858403/; classtype:trojan-activity;sid:84721503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/zzh"; depth:13; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858401/; classtype:trojan-activity;sid:84721501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pearl-miner"; depth:12; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858402/; classtype:trojan-activity;sid:84721502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexi.png"; depth:20; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858400/; classtype:trojan-activity;sid:84721500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig-linux"; depth:12; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858398/; classtype:trojan-activity;sid:84721498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexis.png"; depth:21; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858399/; classtype:trojan-activity;sid:84721499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexi.png"; depth:20; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858397/; classtype:trojan-activity;sid:84721497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig-linux"; depth:12; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858395/; classtype:trojan-activity;sid:84721495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/zzh"; depth:13; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858396/; classtype:trojan-activity;sid:84721496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.11.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858394/; classtype:trojan-activity;sid:84721494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexrs.png"; depth:21; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858389/; classtype:trojan-activity;sid:84721489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexrs.png"; depth:21; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858390/; classtype:trojan-activity;sid:84721490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexni.png"; depth:21; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858391/; classtype:trojan-activity;sid:84721491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexis.png"; depth:21; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858392/; classtype:trojan-activity;sid:84721492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/indexni.png"; depth:21; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858393/; classtype:trojan-activity;sid:84721493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/rs.sh"; depth:15; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858387/; classtype:trojan-activity;sid:84721487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_234649.png"; depth:15; endswith; nocase; http.host; content:"hhhhh.fwh.is"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858388/; classtype:trojan-activity;sid:84721488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/set_simple.sh"; depth:14; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858386/; classtype:trojan-activity;sid:84721486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/rs.sh"; depth:15; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858379/; classtype:trojan-activity;sid:84721479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/is.sh"; depth:15; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858380/; classtype:trojan-activity;sid:84721480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/init.sh"; depth:17; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858381/; classtype:trojan-activity;sid:84721481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/newinit.sh"; depth:20; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858382/; classtype:trojan-activity;sid:84721482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/newinit.sh"; depth:20; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858383/; classtype:trojan-activity;sid:84721483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/is.sh"; depth:15; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858384/; classtype:trojan-activity;sid:84721484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payloads/init.sh"; depth:17; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858385/; classtype:trojan-activity;sid:84721485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/set_simple.sh"; depth:14; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858376/; classtype:trojan-activity;sid:84721476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/set.sh"; depth:7; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858377/; classtype:trojan-activity;sid:84721477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/set.sh"; depth:7; endswith; nocase; http.host; content:"s.littleshabby.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858378/; classtype:trojan-activity;sid:84721478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wrkwf"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858375/; classtype:trojan-activity;sid:84721475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dukqjhicy/image/upload/v1780541932/img_195827_okj88q.jpg"; depth:57; endswith; nocase; http.host; content:"res.cloudinary.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858374/; classtype:trojan-activity;sid:84721474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wem/img_000209.png"; depth:19; endswith; nocase; http.host; content:"45.61.150.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858373/; classtype:trojan-activity;sid:84721473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wem/img_113747.png"; depth:19; endswith; nocase; http.host; content:"45.61.150.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858372/; classtype:trojan-activity;sid:84721472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvqpt"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858371/; classtype:trojan-activity;sid:84721471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdatm"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858370/; classtype:trojan-activity;sid:84721470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_174531.png"; depth:15; endswith; nocase; http.host; content:"pub-f36b05599c3043ddb16520acf6cc3cce.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858369/; classtype:trojan-activity;sid:84721469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pktrg"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858368/; classtype:trojan-activity;sid:84721468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_165545.png"; depth:15; endswith; nocase; http.host; content:"hhhhh.fwh.is"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858367/; classtype:trojan-activity;sid:84721467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4f123d5a-fb1b-4004-9266-27e69dfd41c4"; depth:37; endswith; nocase; http.host; content:"cxgbphg.betgopro.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858366/; classtype:trojan-activity;sid:84721466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_e8p1t3.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858365/; classtype:trojan-activity;sid:84721465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqib-j3ob-picl-3175/img_id20y0.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858363/; classtype:trojan-activity;sid:84721463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/encrypt/client.exe"; depth:19; endswith; nocase; http.host; content:"cstaipas.pt"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858364/; classtype:trojan-activity;sid:84721464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kbpluthfi48.bin"; depth:16; endswith; nocase; http.host; content:"importersexportersinc.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858361/; classtype:trojan-activity;sid:84721461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.252.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858362/; classtype:trojan-activity;sid:84721462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fyldor.u32"; depth:11; endswith; nocase; http.host; content:"importersexportersinc.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858360/; classtype:trojan-activity;sid:84721460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e.mips"; depth:7; endswith; nocase; http.host; content:"45.198.224.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858359/; classtype:trojan-activity;sid:84721459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5184f8da-c551-4fc1-8e25-11babf5fa049"; depth:37; endswith; nocase; http.host; content:"bijmduj.betforward.now"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858358/; classtype:trojan-activity;sid:84721458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.75.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858357/; classtype:trojan-activity;sid:84721457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.227.38.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858356/; classtype:trojan-activity;sid:84721456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.108.94"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858354/; classtype:trojan-activity;sid:84721454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.206.84.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858355/; classtype:trojan-activity;sid:84721455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.108.94"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858353/; classtype:trojan-activity;sid:84721453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.50.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858352/; classtype:trojan-activity;sid:84721452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.75.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858351/; classtype:trojan-activity;sid:84721451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/013f26b1-8fc0-40be-bdc5-bace41214b70"; depth:37; endswith; nocase; http.host; content:"mcqkkmc.betfootbal90.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858350/; classtype:trojan-activity;sid:84721450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.22.151"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858349/; classtype:trojan-activity;sid:84721449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/211/img_022106.png"; depth:19; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858348/; classtype:trojan-activity;sid:84721448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/211/wemadebstthingsforbetterpeoplesar.hta"; depth:42; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858347/; classtype:trojan-activity;sid:84721447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50/img_174257.png"; depth:18; endswith; nocase; http.host; content:"172.245.209.218"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858346/; classtype:trojan-activity;sid:84721446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50/goodcommunicationskillforbestpersonhave.hta"; depth:47; endswith; nocase; http.host; content:"172.245.209.218"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858345/; classtype:trojan-activity;sid:84721445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/350/wesiwhsbesttingswithbetterwaysgivne.js"; depth:43; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858344/; classtype:trojan-activity;sid:84721444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/350/wes/soombestthingsfrobetteplace.hta"; depth:40; endswith; nocase; http.host; content:"104.168.115.123"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858343/; classtype:trojan-activity;sid:84721443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.50.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858342/; classtype:trojan-activity;sid:84721442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/40/seetehbestthingsforbestkinfsforhifhgoodthings.js"; depth:52; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858341/; classtype:trojan-activity;sid:84721441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/40/ec/goodthingsformebestfeelthingswids.hta"; depth:44; endswith; nocase; http.host; content:"107.172.13.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858340/; classtype:trojan-activity;sid:84721440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70/img_080039.png"; depth:18; endswith; nocase; http.host; content:"172.245.209.218"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858339/; classtype:trojan-activity;sid:84721439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70/besttingswithbetterplacestounderstand.hta"; depth:45; endswith; nocase; http.host; content:"172.245.209.218"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858338/; classtype:trojan-activity;sid:84721438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssr.txt"; depth:8; endswith; nocase; http.host; content:"timely-puffpuff-dc7879.netlify.app"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858337/; classtype:trojan-activity;sid:84721437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tusop.txt"; depth:10; endswith; nocase; http.host; content:"timely-puffpuff-dc7879.netlify.app"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858336/; classtype:trojan-activity;sid:84721436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.246.153"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858335/; classtype:trojan-activity;sid:84721435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index/caches/rumped_msi.png"; depth:28; endswith; nocase; http.host; content:"elmap.smarthost.pl"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858334/; classtype:trojan-activity;sid:84721434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index/caches/optimized.png"; depth:27; endswith; nocase; http.host; content:"elmap.smarthost.pl"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858333/; classtype:trojan-activity;sid:84721433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/index/caches/xwbin.png"; depth:23; endswith; nocase; http.host; content:"elmap.smarthost.pl"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858332/; classtype:trojan-activity;sid:84721432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.26.86.254"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858330/; classtype:trojan-activity;sid:84721430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"72.255.3.219"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858331/; classtype:trojan-activity;sid:84721431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.121.160.147"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858325/; classtype:trojan-activity;sid:84721425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"139.135.45.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858326/; classtype:trojan-activity;sid:84721426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"223.123.44.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858327/; classtype:trojan-activity;sid:84721427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"115.42.75.111"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858328/; classtype:trojan-activity;sid:84721428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.103.106.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858329/; classtype:trojan-activity;sid:84721429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"190.196.250.1"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858324/; classtype:trojan-activity;sid:84721424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlink%20-o%20-%3e%20/tmp/kh"; depth:28; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858323/; classtype:trojan-activity;sid:84721423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"110.37.50.41"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858322/; classtype:trojan-activity;sid:84721422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.56.142.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858319/; classtype:trojan-activity;sid:84721419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"221.200.219.36"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858320/; classtype:trojan-activity;sid:84721420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"101.108.3.228"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858321/; classtype:trojan-activity;sid:84721421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858318/; classtype:trojan-activity;sid:84721418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"193.46.217.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858316/; classtype:trojan-activity;sid:84721416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"193.46.217.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858317/; classtype:trojan-activity;sid:84721417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/womp"; depth:5; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858315/; classtype:trojan-activity;sid:84721415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"45.198.224.42"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858313/; classtype:trojan-activity;sid:84721413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858314/; classtype:trojan-activity;sid:84721414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/154d2797-7ba2-4938-a2d0-861767fd647b"; depth:37; endswith; nocase; http.host; content:"sfmbqki.betfa90.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858312/; classtype:trojan-activity;sid:84721412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.63.222"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858311/; classtype:trojan-activity;sid:84721411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i99"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858310/; classtype:trojan-activity;sid:84721410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0xfn"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858309/; classtype:trojan-activity;sid:84721409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tro"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858308/; classtype:trojan-activity;sid:84721408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okfh"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858306/; classtype:trojan-activity;sid:84721406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/url2"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858307/; classtype:trojan-activity;sid:84721407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7zl"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858302/; classtype:trojan-activity;sid:84721402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65j"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858303/; classtype:trojan-activity;sid:84721403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm5"; depth:9; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858304/; classtype:trojan-activity;sid:84721404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm7"; depth:9; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858305/; classtype:trojan-activity;sid:84721405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seod"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858284/; classtype:trojan-activity;sid:84721384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skw8"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858285/; classtype:trojan-activity;sid:84721385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pxeu"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858286/; classtype:trojan-activity;sid:84721386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zvgz"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858287/; classtype:trojan-activity;sid:84721387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lul.arm"; depth:8; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858288/; classtype:trojan-activity;sid:84721388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qcu"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858289/; classtype:trojan-activity;sid:84721389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8g7k"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858290/; classtype:trojan-activity;sid:84721390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t8r"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858291/; classtype:trojan-activity;sid:84721391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pok"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858292/; classtype:trojan-activity;sid:84721392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zvy"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858293/; classtype:trojan-activity;sid:84721393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2l"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858294/; classtype:trojan-activity;sid:84721394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msd"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858295/; classtype:trojan-activity;sid:84721395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wzed"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858296/; classtype:trojan-activity;sid:84721396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcc"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858297/; classtype:trojan-activity;sid:84721397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fs0"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858298/; classtype:trojan-activity;sid:84721398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7j3"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858299/; classtype:trojan-activity;sid:84721399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f9wu"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858300/; classtype:trojan-activity;sid:84721400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xr8"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858301/; classtype:trojan-activity;sid:84721401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02h"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858277/; classtype:trojan-activity;sid:84721377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ua5b"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858278/; classtype:trojan-activity;sid:84721378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ca9k"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858279/; classtype:trojan-activity;sid:84721379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kvg"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858280/; classtype:trojan-activity;sid:84721380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onm"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858281/; classtype:trojan-activity;sid:84721381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8lez"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858282/; classtype:trojan-activity;sid:84721382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tg2w"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858283/; classtype:trojan-activity;sid:84721383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q7q"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858268/; classtype:trojan-activity;sid:84721368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ewa"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858269/; classtype:trojan-activity;sid:84721369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v3ir"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858270/; classtype:trojan-activity;sid:84721370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xei"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858271/; classtype:trojan-activity;sid:84721371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nhx"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858272/; classtype:trojan-activity;sid:84721372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bzq"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858273/; classtype:trojan-activity;sid:84721373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er9"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858274/; classtype:trojan-activity;sid:84721374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohnb"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858275/; classtype:trojan-activity;sid:84721375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxm"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858276/; classtype:trojan-activity;sid:84721376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=86d981f1-ec8e-4f8c-8efe-f9f0d7afab1a"; depth:47; endswith; nocase; http.host; content:"gud6pt4u.bet212.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858267/; classtype:trojan-activity;sid:84721367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.21.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858266/; classtype:trojan-activity;sid:84721366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1b99aa43382fd479.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858265/; classtype:trojan-activity;sid:84721365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cavepaywallet.exe"; depth:18; endswith; nocase; http.host; content:"download.cavepay.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858264/; classtype:trojan-activity;sid:84721364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_bd5d11d39f6a5724.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858263/; classtype:trojan-activity;sid:84721363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afc9c3f8-44ef-4d73-be52-c177cae04e90"; depth:37; endswith; nocase; http.host; content:"tegbxmn.betebetwin.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858262/; classtype:trojan-activity;sid:84721362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b5074166-65d8-4097-a8ce-dcb7a92066b6"; depth:37; endswith; nocase; http.host; content:"zqhnvn.303-bet.xyz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858261/; classtype:trojan-activity;sid:84721361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.84.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858260/; classtype:trojan-activity;sid:84721360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.21.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858259/; classtype:trojan-activity;sid:84721359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.88.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858258/; classtype:trojan-activity;sid:84721358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.37.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858257/; classtype:trojan-activity;sid:84721357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.103.32"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858256/; classtype:trojan-activity;sid:84721356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab0a0b6b-2cc2-4a4f-827e-98ab18eb1c06"; depth:37; endswith; nocase; http.host; content:"emkilzh.betcityiran.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858255/; classtype:trojan-activity;sid:84721355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.162.203.214"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858254/; classtype:trojan-activity;sid:84721354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.190.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858253/; classtype:trojan-activity;sid:84721353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.37.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858252/; classtype:trojan-activity;sid:84721352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.236"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858251/; classtype:trojan-activity;sid:84721351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41c63a1c-c2ea-450c-9212-020c9d13a3e8"; depth:37; endswith; nocase; http.host; content:"vnacwzz.basketballiran.app"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858250/; classtype:trojan-activity;sid:84721350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c95ea92c-fd4c-42a5-acb8-0325b411a4d3"; depth:47; endswith; nocase; http.host; content:"04gzr1uh.alternatifdekorasyon.com"; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858249/; classtype:trojan-activity;sid:84721349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.214.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858248/; classtype:trojan-activity;sid:84721348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.103.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858247/; classtype:trojan-activity;sid:84721347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.214.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858246/; classtype:trojan-activity;sid:84721346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858245/; classtype:trojan-activity;sid:84721345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.14.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858244/; classtype:trojan-activity;sid:84721344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6022414e-b659-4ee0-a5ef-62d2e2b05b4b"; depth:37; endswith; nocase; http.host; content:"nllyafb.basketballbet.org"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858243/; classtype:trojan-activity;sid:84721343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=1c6571fb-81a4-4001-812e-c626525a0304"; depth:47; endswith; nocase; http.host; content:"db7orl54.bet120xpro.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858242/; classtype:trojan-activity;sid:84721342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.235.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858241/; classtype:trojan-activity;sid:84721341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.14.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858240/; classtype:trojan-activity;sid:84721340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.221.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858239/; classtype:trojan-activity;sid:84721339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.195.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858238/; classtype:trojan-activity;sid:84721338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.235.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858237/; classtype:trojan-activity;sid:84721337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.104.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858236/; classtype:trojan-activity;sid:84721336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.216.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858235/; classtype:trojan-activity;sid:84721335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.94.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858234/; classtype:trojan-activity;sid:84721334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/06e622e1-e7f9-4843-885d-28750cc88bfc"; depth:37; endswith; nocase; http.host; content:"tgyltcn.basketballbet.app"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858233/; classtype:trojan-activity;sid:84721333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858232/; classtype:trojan-activity;sid:84721332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858220/; classtype:trojan-activity;sid:84721320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858221/; classtype:trojan-activity;sid:84721321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858222/; classtype:trojan-activity;sid:84721322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858223/; classtype:trojan-activity;sid:84721323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858224/; classtype:trojan-activity;sid:84721324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858225/; classtype:trojan-activity;sid:84721325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858226/; classtype:trojan-activity;sid:84721326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858227/; classtype:trojan-activity;sid:84721327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858228/; classtype:trojan-activity;sid:84721328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858229/; classtype:trojan-activity;sid:84721329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858230/; classtype:trojan-activity;sid:84721330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858231/; classtype:trojan-activity;sid:84721331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.67.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858219/; classtype:trojan-activity;sid:84721319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858217/; classtype:trojan-activity;sid:84721317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"67.217.62.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858218/; classtype:trojan-activity;sid:84721318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"94.141.122.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858216/; classtype:trojan-activity;sid:84721316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"94.141.122.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858212/; classtype:trojan-activity;sid:84721312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"94.141.122.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858213/; classtype:trojan-activity;sid:84721313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"94.141.122.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858214/; classtype:trojan-activity;sid:84721314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"94.141.122.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858215/; classtype:trojan-activity;sid:84721315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.67.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858211/; classtype:trojan-activity;sid:84721311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.104.80"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858210/; classtype:trojan-activity;sid:84721310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.195.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858209/; classtype:trojan-activity;sid:84721309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.221.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858208/; classtype:trojan-activity;sid:84721308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.236.31"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858206/; classtype:trojan-activity;sid:84721306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.236.31"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858207/; classtype:trojan-activity;sid:84721307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.216.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858205/; classtype:trojan-activity;sid:84721305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa4301e5-9022-49a6-af8f-c9d4eacaa100"; depth:37; endswith; nocase; http.host; content:"zkvxphk.barandebash.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858204/; classtype:trojan-activity;sid:84721304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/75fa9c63-84a3-47fd-abda-01139811da0b"; depth:37; endswith; nocase; http.host; content:"rpvfsmg.bankiran.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858203/; classtype:trojan-activity;sid:84721303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=02da6180-7ad0-4e65-a8ae-9441f50b02d0"; depth:47; endswith; nocase; http.host; content:"8i927m8y.bcgamefarsi.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858202/; classtype:trojan-activity;sid:84721302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858201/; classtype:trojan-activity;sid:84721301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.71.95.86"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858200/; classtype:trojan-activity;sid:84721300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8d7943f7-3ca9-4b58-bfa9-f3f4787b4df1"; depth:37; endswith; nocase; http.host; content:"qxzwbbx.bakht.club"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858199/; classtype:trojan-activity;sid:84721299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.172.218.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858197/; classtype:trojan-activity;sid:84721297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.199.218.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858198/; classtype:trojan-activity;sid:84721298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.224.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858196/; classtype:trojan-activity;sid:84721296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.130.243"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858195/; classtype:trojan-activity;sid:84721295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.1.247.31"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858194/; classtype:trojan-activity;sid:84721294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"45.172.218.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858193/; classtype:trojan-activity;sid:84721293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1cd153b6-68f9-451b-bb81-b8d7f4f263cb"; depth:37; endswith; nocase; http.host; content:"zkenezc.baccaratbazi.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858192/; classtype:trojan-activity;sid:84721292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.133.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858191/; classtype:trojan-activity;sid:84721291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.77"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858190/; classtype:trojan-activity;sid:84721290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/71a19117-b8f9-4057-a033-54bfb2b5b2ac"; depth:37; endswith; nocase; http.host; content:"gunanx.303-bet.buzz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858189/; classtype:trojan-activity;sid:84721289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.1.247.31"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858188/; classtype:trojan-activity;sid:84721288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.175.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858187/; classtype:trojan-activity;sid:84721287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.71.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858186/; classtype:trojan-activity;sid:84721286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.114.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858185/; classtype:trojan-activity;sid:84721285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.146.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858184/; classtype:trojan-activity;sid:84721284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f85cb02-5ea1-49c7-b522-4ae14f718e40"; depth:37; endswith; nocase; http.host; content:"kpcifot.aypoker90.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858183/; classtype:trojan-activity;sid:84721283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.222.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858182/; classtype:trojan-activity;sid:84721282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; depth:37; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858181/; classtype:trojan-activity;sid:84721281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; depth:29; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858177/; classtype:trojan-activity;sid:84721277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; depth:36; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858178/; classtype:trojan-activity;sid:84721278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858179/; classtype:trojan-activity;sid:84721279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858180/; classtype:trojan-activity;sid:84721280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858175/; classtype:trojan-activity;sid:84721275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858176/; classtype:trojan-activity;sid:84721276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.25.99"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858169/; classtype:trojan-activity;sid:84721269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858170/; classtype:trojan-activity;sid:84721270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858171/; classtype:trojan-activity;sid:84721271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858172/; classtype:trojan-activity;sid:84721272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858173/; classtype:trojan-activity;sid:84721273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858174/; classtype:trojan-activity;sid:84721274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.xml"; depth:6; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858168/; classtype:trojan-activity;sid:84721268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858166/; classtype:trojan-activity;sid:84721266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"176.65.139.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858167/; classtype:trojan-activity;sid:84721267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.71.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858165/; classtype:trojan-activity;sid:84721265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.114.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858164/; classtype:trojan-activity;sid:84721264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a815c546-6abb-42e5-8ac0-b3f3472f6189"; depth:47; endswith; nocase; http.host; content:"7g5swyfn.bazipoop.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858163/; classtype:trojan-activity;sid:84721263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9df00411-b173-452b-8576-3f19224b5fa8"; depth:37; endswith; nocase; http.host; content:"gqxhbsg.asa90.bet"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858162/; classtype:trojan-activity;sid:84721262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4a791553-542b-424d-a05f-860ea25895c1"; depth:47; endswith; nocase; http.host; content:"xrb3ppl3.akharinbama.ir"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858161/; classtype:trojan-activity;sid:84721261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a0fa137f8e787565.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858160/; classtype:trojan-activity;sid:84721260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.148.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858159/; classtype:trojan-activity;sid:84721259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d03ee7ca7adf58d0.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858158/; classtype:trojan-activity;sid:84721258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.204.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858157/; classtype:trojan-activity;sid:84721257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e5015c82-bc06-4252-b16d-b63cc55e2bf2"; depth:37; endswith; nocase; http.host; content:"djkbtwq.aryabet.bet"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858156/; classtype:trojan-activity;sid:84721256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/454503574/hlgxy3t.exe"; depth:28; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858155/; classtype:trojan-activity;sid:84721255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.64.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858154/; classtype:trojan-activity;sid:84721254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.186.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858153/; classtype:trojan-activity;sid:84721253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/44e3fbae-4ef2-4ab9-ad12-1577a37a8bf9"; depth:37; endswith; nocase; http.host; content:"wjsuzxt.arian90bet.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858152/; classtype:trojan-activity;sid:84721252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.178.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858151/; classtype:trojan-activity;sid:84721251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.85.110.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858150/; classtype:trojan-activity;sid:84721250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.215.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858149/; classtype:trojan-activity;sid:84721249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ab89340-ef43-4c4e-9f48-0b4cb954e3d4"; depth:37; endswith; nocase; http.host; content:"pmieubk.arabs.promo"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858148/; classtype:trojan-activity;sid:84721248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/68cddf08-a7c3-4565-ab6f-a811339871f6"; depth:37; endswith; nocase; http.host; content:"zjtplqi.arabi.poker"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858147/; classtype:trojan-activity;sid:84721247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ef076ad3-dc75-4449-9735-04511cc13701"; depth:47; endswith; nocase; http.host; content:"t0uo8kf9.basketballiran.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858146/; classtype:trojan-activity;sid:84721246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.178.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858145/; classtype:trojan-activity;sid:84721245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.173.159.67"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858144/; classtype:trojan-activity;sid:84721244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.218.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858143/; classtype:trojan-activity;sid:84721243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.218.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858142/; classtype:trojan-activity;sid:84721242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4c2862f8-a934-4a49-b515-ae5e8eccf83a"; depth:37; endswith; nocase; http.host; content:"ihmqfsm.arabicbet.casino"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858141/; classtype:trojan-activity;sid:84721241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.236.65.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858140/; classtype:trojan-activity;sid:84721240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.125.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858139/; classtype:trojan-activity;sid:84721239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da58a8ec-dc07-4f47-a5c4-e32aff401e7b"; depth:37; endswith; nocase; http.host; content:"effgtty.ar888starz.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858138/; classtype:trojan-activity;sid:84721238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858137/; classtype:trojan-activity;sid:84721237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.151.220"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858136/; classtype:trojan-activity;sid:84721236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/40307153-9aef-4dbc-b1a7-edd1377e528f"; depth:37; endswith; nocase; http.host; content:"cxexxbb.apk.bet"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858135/; classtype:trojan-activity;sid:84721235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.106.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858134/; classtype:trojan-activity;sid:84721234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dc47a586-fc06-4f6d-81c3-275864896218"; depth:37; endswith; nocase; http.host; content:"cxfvahh.404bet.casino"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858133/; classtype:trojan-activity;sid:84721233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.125.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858132/; classtype:trojan-activity;sid:84721232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.106.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858131/; classtype:trojan-activity;sid:84721231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07fac9ea-f851-4a3f-882a-907cf78c448e"; depth:37; endswith; nocase; http.host; content:"khuqcze.303.audio"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858130/; classtype:trojan-activity;sid:84721230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.135.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858129/; classtype:trojan-activity;sid:84721229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.121.63"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858128/; classtype:trojan-activity;sid:84721228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.190.91"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858127/; classtype:trojan-activity;sid:84721227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re.sh"; depth:6; endswith; nocase; http.host; content:"83.168.110.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858126/; classtype:trojan-activity;sid:84721226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.113.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858125/; classtype:trojan-activity;sid:84721225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.135.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858124/; classtype:trojan-activity;sid:84721224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.35.206"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858123/; classtype:trojan-activity;sid:84721223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.121.63"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858122/; classtype:trojan-activity;sid:84721222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858121/; classtype:trojan-activity;sid:84721221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0eb725c0-7646-40d0-8a13-f81726a37a42"; depth:47; endswith; nocase; http.host; content:"8vjdfz8n.basketballiran.bet"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858120/; classtype:trojan-activity;sid:84721220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9300ff8c-e441-4a22-8e30-3dd808b51096"; depth:37; endswith; nocase; http.host; content:"hekjmsa.2026.futbol"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858119/; classtype:trojan-activity;sid:84721219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3cd781bcee69e6b7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858118/; classtype:trojan-activity;sid:84721218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.180.39.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858117/; classtype:trojan-activity;sid:84721217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef4352b4-ba4c-4235-a72f-de9d4bb179be"; depth:37; endswith; nocase; http.host; content:"favmrwg.1xbet-official-xbet.top"; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858116/; classtype:trojan-activity;sid:84721216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.39.77"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858115/; classtype:trojan-activity;sid:84721215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b4b3b67d-770f-43ba-95b3-6c31b299ce60"; depth:37; endswith; nocase; http.host; content:"qyteglr.1xbetios.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858114/; classtype:trojan-activity;sid:84721214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.104.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858113/; classtype:trojan-activity;sid:84721213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.163.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858112/; classtype:trojan-activity;sid:84721212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d3e5d83c-596f-4450-bc7a-59428ccf0ab6"; depth:37; endswith; nocase; http.host; content:"qjothjo.1xbetandroid.bet"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858111/; classtype:trojan-activity;sid:84721211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f381ca2a-b6b2-4093-8c72-3ae7d7a02d6d"; depth:47; endswith; nocase; http.host; content:"4ly606b9.aftabsport.ir"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858110/; classtype:trojan-activity;sid:84721210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3e2d04bf-9595-4a7d-b9ab-37c9511842b9"; depth:37; endswith; nocase; http.host; content:"vtqjke.1xbet1farsi.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858109/; classtype:trojan-activity;sid:84721209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.35.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858108/; classtype:trojan-activity;sid:84721208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.18.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858107/; classtype:trojan-activity;sid:84721207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.163.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858106/; classtype:trojan-activity;sid:84721206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.22.2"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858105/; classtype:trojan-activity;sid:84721205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.90.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858104/; classtype:trojan-activity;sid:84721204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.25.99"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858103/; classtype:trojan-activity;sid:84721203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.35.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858102/; classtype:trojan-activity;sid:84721202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5bbe18bf-c69d-4318-af4a-713e7fde854c"; depth:47; endswith; nocase; http.host; content:"bqm57dpz.betgit.casino"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858101/; classtype:trojan-activity;sid:84721201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.90.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858100/; classtype:trojan-activity;sid:84721200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.209.147"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858099/; classtype:trojan-activity;sid:84721199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sodola"; depth:7; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858098/; classtype:trojan-activity;sid:84721198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.236.65.145"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858097/; classtype:trojan-activity;sid:84721197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.57.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858096/; classtype:trojan-activity;sid:84721196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.18.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858095/; classtype:trojan-activity;sid:84721195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakx86"; depth:7; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858094/; classtype:trojan-activity;sid:84721194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakarm5"; depth:8; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858087/; classtype:trojan-activity;sid:84721187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zaksh4"; depth:7; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858088/; classtype:trojan-activity;sid:84721188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakx64"; depth:7; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858089/; classtype:trojan-activity;sid:84721189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakarm7"; depth:8; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858090/; classtype:trojan-activity;sid:84721190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakarm6"; depth:8; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858091/; classtype:trojan-activity;sid:84721191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakspc"; depth:7; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858092/; classtype:trojan-activity;sid:84721192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dck"; depth:4; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858093/; classtype:trojan-activity;sid:84721193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakm68k"; depth:8; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858083/; classtype:trojan-activity;sid:84721183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakmips"; depth:8; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858084/; classtype:trojan-activity;sid:84721184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakmpsl"; depth:8; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858085/; classtype:trojan-activity;sid:84721185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zakppc"; depth:7; endswith; nocase; http.host; content:"45.202.249.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858086/; classtype:trojan-activity;sid:84721186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.209.147"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858082/; classtype:trojan-activity;sid:84721182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.125.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858081/; classtype:trojan-activity;sid:84721181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.57.191"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858080/; classtype:trojan-activity;sid:84721180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_095152.png"; depth:15; endswith; nocase; http.host; content:"104.249.10.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858079/; classtype:trojan-activity;sid:84721179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.62.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858078/; classtype:trojan-activity;sid:84721178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.29.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858077/; classtype:trojan-activity;sid:84721177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.80.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858076/; classtype:trojan-activity;sid:84721176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdfe59f2-ff99-4dd6-8a6a-bdbfb58db6ea"; depth:37; endswith; nocase; http.host; content:"mfepyxz.bet888starzz.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858075/; classtype:trojan-activity;sid:84721175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rwfaa"; depth:6; endswith; nocase; http.host; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858074/; classtype:trojan-activity;sid:84721174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858072/; classtype:trojan-activity;sid:84721172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858073/; classtype:trojan-activity;sid:84721173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858065/; classtype:trojan-activity;sid:84721165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eagleclient004.exe"; depth:19; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858066/; classtype:trojan-activity;sid:84721166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1992.exe"; depth:9; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858067/; classtype:trojan-activity;sid:84721167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/transfer_advise_swift.docx"; depth:31; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858068/; classtype:trojan-activity;sid:84721168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetest0093t536.png"; depth:22; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858069/; classtype:trojan-activity;sid:84721169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetest001.png"; depth:17; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858070/; classtype:trojan-activity;sid:84721170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.65.216.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858071/; classtype:trojan-activity;sid:84721171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaglewingsdna04.exe"; depth:20; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858064/; classtype:trojan-activity;sid:84721164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858061/; classtype:trojan-activity;sid:84721161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858062/; classtype:trojan-activity;sid:84721162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858063/; classtype:trojan-activity;sid:84721163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rtsid/adfmbhr.txt"; depth:18; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858059/; classtype:trojan-activity;sid:84721159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/distr/adfmbhr.txt"; depth:18; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858060/; classtype:trojan-activity;sid:84721160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feishu-win32_%c3%9764-7.67.5-signed.zip"; depth:40; endswith; nocase; http.host; content:"rrrttt023.tos-cn-beijing.volces.com"; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858058/; classtype:trojan-activity;sid:84721158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tasdg5.16.3987ncvh.zip"; depth:23; endswith; nocase; http.host; content:"pub-95a14d2adf114a9197e294757bf8d7b7.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858057/; classtype:trojan-activity;sid:84721157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/telnet.sh"; depth:10; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858056/; classtype:trojan-activity;sid:84721156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fsfss264_down2.5.6.zip"; depth:23; endswith; nocase; http.host; content:"fsxzz.oss-cn-hongkong.aliyuncs.com"; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858055/; classtype:trojan-activity;sid:84721155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feishu_v2.1_x64_win.zip"; depth:24; endswith; nocase; http.host; content:"alioss.cdn-go.com.cn"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858054/; classtype:trojan-activity;sid:84721154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/contextual-related-posts/vendor/taskhost.exe"; depth:64; endswith; nocase; http.host; content:"www.theworldofm.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858053/; classtype:trojan-activity;sid:84721153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/release/rikanet.rar"; depth:20; endswith; nocase; http.host; content:"api.rikadotnet.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858046/; classtype:trojan-activity;sid:84721146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858047/; classtype:trojan-activity;sid:84721147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858048/; classtype:trojan-activity;sid:84721148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858049/; classtype:trojan-activity;sid:84721149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858050/; classtype:trojan-activity;sid:84721150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858051/; classtype:trojan-activity;sid:84721151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858052/; classtype:trojan-activity;sid:84721152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_36af00307cbf2eec.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858045/; classtype:trojan-activity;sid:84721145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"192.159.99.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858044/; classtype:trojan-activity;sid:84721144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.15.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858043/; classtype:trojan-activity;sid:84721143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.168.143.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858042/; classtype:trojan-activity;sid:84721142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9522ee69-a6c9-437f-b29c-3dceb4f95449"; depth:47; endswith; nocase; http.host; content:"2os894vl.betfire90.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858041/; classtype:trojan-activity;sid:84721141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.208.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858040/; classtype:trojan-activity;sid:84721140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/72e1529a-7677-42e2-9a92-160fd9c0bd63"; depth:37; endswith; nocase; http.host; content:"nuulycp.bet365iran.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858039/; classtype:trojan-activity;sid:84721139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.15.82"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858038/; classtype:trojan-activity;sid:84721138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.64.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858037/; classtype:trojan-activity;sid:84721137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.193.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858036/; classtype:trojan-activity;sid:84721136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e518012f-cbfd-4cf4-ad00-933028d01cef"; depth:37; endswith; nocase; http.host; content:"niftxdi.bet313.app"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858035/; classtype:trojan-activity;sid:84721135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.51.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858034/; classtype:trojan-activity;sid:84721134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.161.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858033/; classtype:trojan-activity;sid:84721133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.161.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858032/; classtype:trojan-activity;sid:84721132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.42.54.147"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858031/; classtype:trojan-activity;sid:84721131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.77"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858030/; classtype:trojan-activity;sid:84721130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba683616-d259-4aea-921b-1d6f03d878ad"; depth:37; endswith; nocase; http.host; content:"liizlfb.bet30bet.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858029/; classtype:trojan-activity;sid:84721129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.51.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858028/; classtype:trojan-activity;sid:84721128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858027/; classtype:trojan-activity;sid:84721127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e79068cd-5e1d-4657-81ab-37f38b1d39e5"; depth:37; endswith; nocase; http.host; content:"ojxpecw.bet30bet.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858026/; classtype:trojan-activity;sid:84721126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.119.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858025/; classtype:trojan-activity;sid:84721125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.119.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858024/; classtype:trojan-activity;sid:84721124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858023/; classtype:trojan-activity;sid:84721123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.89.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858022/; classtype:trojan-activity;sid:84721122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ff33d903-4b22-4e65-8aeb-34b1eee431e0"; depth:47; endswith; nocase; http.host; content:"5yohaely.betexper.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858021/; classtype:trojan-activity;sid:84721121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.224.62"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858020/; classtype:trojan-activity;sid:84721120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.89.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858019/; classtype:trojan-activity;sid:84721119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.31.189.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858018/; classtype:trojan-activity;sid:84721118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.42.54.147"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858017/; classtype:trojan-activity;sid:84721117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.209.116.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858016/; classtype:trojan-activity;sid:84721116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.209.116.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858015/; classtype:trojan-activity;sid:84721115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.237.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858014/; classtype:trojan-activity;sid:84721114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858013/; classtype:trojan-activity;sid:84721113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.218.48"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858012/; classtype:trojan-activity;sid:84721112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.237.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858011/; classtype:trojan-activity;sid:84721111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.104.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858010/; classtype:trojan-activity;sid:84721110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858009/; classtype:trojan-activity;sid:84721109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.30.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858008/; classtype:trojan-activity;sid:84721108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.150.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858007/; classtype:trojan-activity;sid:84721107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.128.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858006/; classtype:trojan-activity;sid:84721106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.207.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858005/; classtype:trojan-activity;sid:84721105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.109.81.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858004/; classtype:trojan-activity;sid:84721104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.30.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858003/; classtype:trojan-activity;sid:84721103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.150.56"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858002/; classtype:trojan-activity;sid:84721102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.204.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858001/; classtype:trojan-activity;sid:84721101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.207.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858000/; classtype:trojan-activity;sid:84721100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.142.45"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857999/; classtype:trojan-activity;sid:84721099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.5.248"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857998/; classtype:trojan-activity;sid:84721098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.39.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857997/; classtype:trojan-activity;sid:84721097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.6.243"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857996/; classtype:trojan-activity;sid:84721096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.247.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857995/; classtype:trojan-activity;sid:84721095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.225.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857994/; classtype:trojan-activity;sid:84721094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857992/; classtype:trojan-activity;sid:84721092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.225.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857993/; classtype:trojan-activity;sid:84721093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c4975d26-57d1-4ca3-9be7-fdf2865e5135"; depth:47; endswith; nocase; http.host; content:"b33gup3p.betbet.city"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857991/; classtype:trojan-activity;sid:84721091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8993bd4e-7a86-4bf3-95e7-64e331da43c7"; depth:47; endswith; nocase; http.host; content:"ozmhw80r.adabiyat.org"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857990/; classtype:trojan-activity;sid:84721090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.39.129"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857989/; classtype:trojan-activity;sid:84721089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857988/; classtype:trojan-activity;sid:84721088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.5.248"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857987/; classtype:trojan-activity;sid:84721087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.242.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857986/; classtype:trojan-activity;sid:84721086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.240.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857985/; classtype:trojan-activity;sid:84721085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857984/; classtype:trojan-activity;sid:84721084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.87.145.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857983/; classtype:trojan-activity;sid:84721083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857982/; classtype:trojan-activity;sid:84721082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.242.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857981/; classtype:trojan-activity;sid:84721081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.39.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857980/; classtype:trojan-activity;sid:84721080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.53.184"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857979/; classtype:trojan-activity;sid:84721079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/online/file/request-for-quotation.js"; depth:37; endswith; nocase; http.host; content:"cloudaryx.cloud"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857977/; classtype:trojan-activity;sid:84721077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ekmvg86.bin"; depth:12; endswith; nocase; http.host; content:"pub-8dfc53689d2141dd8655689c85a38c6c.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857978/; classtype:trojan-activity;sid:84721078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekstlinie203.jpb"; depth:18; endswith; nocase; http.host; content:"pub-8dfc53689d2141dd8655689c85a38c6c.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857976/; classtype:trojan-activity;sid:84721076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.34.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857975/; classtype:trojan-activity;sid:84721075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.176.121.85"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857974/; classtype:trojan-activity;sid:84721074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.14.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857973/; classtype:trojan-activity;sid:84721073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bd35b151-9cb3-4f1e-bbbb-1a138960122f"; depth:37; endswith; nocase; http.host; content:"gfrewds.bet-303.fun"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857972/; classtype:trojan-activity;sid:84721072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty3"; depth:5; endswith; nocase; http.host; content:"134.209.188.142"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857969/; classtype:trojan-activity;sid:84721069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty10"; depth:6; endswith; nocase; http.host; content:"134.209.188.142"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857970/; classtype:trojan-activity;sid:84721070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty4"; depth:5; endswith; nocase; http.host; content:"134.209.188.142"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857971/; classtype:trojan-activity;sid:84721071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.148.242.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857968/; classtype:trojan-activity;sid:84721068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.176.121.85"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857967/; classtype:trojan-activity;sid:84721067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.55.100"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857966/; classtype:trojan-activity;sid:84721066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.5.39"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857965/; classtype:trojan-activity;sid:84721065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.14.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857964/; classtype:trojan-activity;sid:84721064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.33.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857963/; classtype:trojan-activity;sid:84721063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.226.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857962/; classtype:trojan-activity;sid:84721062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.33.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857961/; classtype:trojan-activity;sid:84721061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"87.227.119.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857960/; classtype:trojan-activity;sid:84721060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.30.112"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857959/; classtype:trojan-activity;sid:84721059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.55.100"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857958/; classtype:trojan-activity;sid:84721058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.226.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857957/; classtype:trojan-activity;sid:84721057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=86870b7b-9ec0-4f7c-8f11-c976253eacae"; depth:47; endswith; nocase; http.host; content:"6aq224cu.luxerabet100.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857956/; classtype:trojan-activity;sid:84721056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1xflzjnjflykhgl_clp_nejp3g1txmb3g|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857955/; classtype:trojan-activity;sid:84721055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hppbdssh6fedu5tclfys1760jq9d0fvc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857954/; classtype:trojan-activity;sid:84721054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1qj81ivfcftpeqs-4wffvozykixvnnh-7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857952/; classtype:trojan-activity;sid:84721052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1xflzjnjflykhgl_clp_nejp3g1txmb3g"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857953/; classtype:trojan-activity;sid:84721053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1qj81ivfcftpeqs-4wffvozykixvnnh-7|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857950/; classtype:trojan-activity;sid:84721050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1hppbdssh6fedu5tclfys1760jq9d0fvc|7c|26|7c|export=download"; depth:74; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857951/; classtype:trojan-activity;sid:84721051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.5.39"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857949/; classtype:trojan-activity;sid:84721049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.30.112"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857948/; classtype:trojan-activity;sid:84721048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=a1c06776-93cd-4c78-b58c-106f92ed1e36"; depth:47; endswith; nocase; http.host; content:"sun8i9tk.luxerabet1000.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857947/; classtype:trojan-activity;sid:84721047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.110.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857946/; classtype:trojan-activity;sid:84721046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.232.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857945/; classtype:trojan-activity;sid:84721045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.229.205.175"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857944/; classtype:trojan-activity;sid:84721044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857943/; classtype:trojan-activity;sid:84721043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.171.75"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857942/; classtype:trojan-activity;sid:84721042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.229.205.175"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857941/; classtype:trojan-activity;sid:84721041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857940/; classtype:trojan-activity;sid:84721040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.128.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857939/; classtype:trojan-activity;sid:84721039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.72.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857938/; classtype:trojan-activity;sid:84721038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.95.28.204"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857937/; classtype:trojan-activity;sid:84721037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.186.206.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857936/; classtype:trojan-activity;sid:84721036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.1.200"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857935/; classtype:trojan-activity;sid:84721035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.171.75"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857934/; classtype:trojan-activity;sid:84721034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.19.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857933/; classtype:trojan-activity;sid:84721033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huorong5.zip"; depth:13; endswith; nocase; http.host; content:"pub-65e32b21a7b24261955e32d88f080f5f.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857932/; classtype:trojan-activity;sid:84721032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.177.10.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857931/; classtype:trojan-activity;sid:84721031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857930/; classtype:trojan-activity;sid:84721030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.86.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857929/; classtype:trojan-activity;sid:84721029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newrem.png"; depth:11; endswith; nocase; http.host; content:"archivoscrosoft.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857928/; classtype:trojan-activity;sid:84721028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clzo"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857922/; classtype:trojan-activity;sid:84721022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3cv"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857923/; classtype:trojan-activity;sid:84721023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sp9"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857924/; classtype:trojan-activity;sid:84721024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m79v"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857925/; classtype:trojan-activity;sid:84721025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rko"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857926/; classtype:trojan-activity;sid:84721026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xlt"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857927/; classtype:trojan-activity;sid:84721027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47h"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857918/; classtype:trojan-activity;sid:84721018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rzv"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857919/; classtype:trojan-activity;sid:84721019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q6e"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857920/; classtype:trojan-activity;sid:84721020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m1aj"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857921/; classtype:trojan-activity;sid:84721021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.136.45.76"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857917/; classtype:trojan-activity;sid:84721017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.81.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857916/; classtype:trojan-activity;sid:84721016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.194.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857915/; classtype:trojan-activity;sid:84721015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.125.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857914/; classtype:trojan-activity;sid:84721014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/captcha.exe"; depth:21; endswith; nocase; http.host; content:"136.243.152.105"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857913/; classtype:trojan-activity;sid:84721013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.138.179.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857912/; classtype:trojan-activity;sid:84721012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.186.206.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857911/; classtype:trojan-activity;sid:84721011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.19.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857910/; classtype:trojan-activity;sid:84721010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=88ae429b-ae05-49e1-be3b-5cb46877860d"; depth:47; endswith; nocase; http.host; content:"yzqawgz5.7lf.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857909/; classtype:trojan-activity;sid:84721009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.194.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857908/; classtype:trojan-activity;sid:84721008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.81.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857906/; classtype:trojan-activity;sid:84721006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.125.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857907/; classtype:trojan-activity;sid:84721007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.107.27"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857905/; classtype:trojan-activity;sid:84721005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.139.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857904/; classtype:trojan-activity;sid:84721004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.210.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857903/; classtype:trojan-activity;sid:84721003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.204.193.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857902/; classtype:trojan-activity;sid:84721002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.101.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857901/; classtype:trojan-activity;sid:84721001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.16.164.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857900/; classtype:trojan-activity;sid:84721000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.219.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857899/; classtype:trojan-activity;sid:84720999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.85.182"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857897/; classtype:trojan-activity;sid:84720997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.38.134.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857898/; classtype:trojan-activity;sid:84720998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.14.233"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857896/; classtype:trojan-activity;sid:84720996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.16.164.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857895/; classtype:trojan-activity;sid:84720995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.38.134.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857894/; classtype:trojan-activity;sid:84720994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.85.182"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857892/; classtype:trojan-activity;sid:84720992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.219.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857893/; classtype:trojan-activity;sid:84720993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.39.84.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857891/; classtype:trojan-activity;sid:84720991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.200.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857890/; classtype:trojan-activity;sid:84720990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f4b6ae9a-3188-4f9d-b9c0-dfb6150af676"; depth:47; endswith; nocase; http.host; content:"vrlh0wdy.eutoor.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857889/; classtype:trojan-activity;sid:84720989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.101.187.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857888/; classtype:trojan-activity;sid:84720988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.39.84.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857887/; classtype:trojan-activity;sid:84720987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.233.104.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857886/; classtype:trojan-activity;sid:84720986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.101.187.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857885/; classtype:trojan-activity;sid:84720985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.179.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857884/; classtype:trojan-activity;sid:84720984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.144.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857883/; classtype:trojan-activity;sid:84720983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlink"; depth:6; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857882/; classtype:trojan-activity;sid:84720982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.224.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857881/; classtype:trojan-activity;sid:84720981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.145.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857880/; classtype:trojan-activity;sid:84720980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.224.167"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857879/; classtype:trojan-activity;sid:84720979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.83.13.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857878/; classtype:trojan-activity;sid:84720978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.77.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857877/; classtype:trojan-activity;sid:84720977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.179.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857876/; classtype:trojan-activity;sid:84720976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.249.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857875/; classtype:trojan-activity;sid:84720975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.243.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857874/; classtype:trojan-activity;sid:84720974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.110.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857873/; classtype:trojan-activity;sid:84720973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.77.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857872/; classtype:trojan-activity;sid:84720972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.198.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857871/; classtype:trojan-activity;sid:84720971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857870/; classtype:trojan-activity;sid:84720970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.111.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857869/; classtype:trojan-activity;sid:84720969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.205.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857868/; classtype:trojan-activity;sid:84720968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.222.102"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857866/; classtype:trojan-activity;sid:84720966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.198.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857867/; classtype:trojan-activity;sid:84720967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.116.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857865/; classtype:trojan-activity;sid:84720965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ee11d9b3-833f-40f7-b2e6-e0c0ad01b8b1"; depth:47; endswith; nocase; http.host; content:"b7tibc5u.luxerabet1000.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857864/; classtype:trojan-activity;sid:84720964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.116.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857863/; classtype:trojan-activity;sid:84720963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.239.113.145"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857862/; classtype:trojan-activity;sid:84720962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.234.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857861/; classtype:trojan-activity;sid:84720961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.2.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857860/; classtype:trojan-activity;sid:84720960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.69"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857859/; classtype:trojan-activity;sid:84720959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.228.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857858/; classtype:trojan-activity;sid:84720958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.228.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857857/; classtype:trojan-activity;sid:84720957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.85.160"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857856/; classtype:trojan-activity;sid:84720956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.85.160"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857855/; classtype:trojan-activity;sid:84720955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.44.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857854/; classtype:trojan-activity;sid:84720954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.247.88.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857853/; classtype:trojan-activity;sid:84720953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.146.95"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857852/; classtype:trojan-activity;sid:84720952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.146.95"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857851/; classtype:trojan-activity;sid:84720951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.166.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857850/; classtype:trojan-activity;sid:84720950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857849/; classtype:trojan-activity;sid:84720949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e968fa3c-7d51-4dde-a368-056bcbdfcc6e"; depth:47; endswith; nocase; http.host; content:"pf6n62u7.luxerabet5.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857848/; classtype:trojan-activity;sid:84720948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.166.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857847/; classtype:trojan-activity;sid:84720947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.121.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857846/; classtype:trojan-activity;sid:84720946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon"; depth:5; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857845/; classtype:trojan-activity;sid:84720945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.192.44.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857844/; classtype:trojan-activity;sid:84720944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.116.37.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857843/; classtype:trojan-activity;sid:84720943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.107.27"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857842/; classtype:trojan-activity;sid:84720942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.116.37.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857841/; classtype:trojan-activity;sid:84720941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857840/; classtype:trojan-activity;sid:84720940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857839/; classtype:trojan-activity;sid:84720939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.255.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857838/; classtype:trojan-activity;sid:84720938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.56.21.66"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857837/; classtype:trojan-activity;sid:84720937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.233.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857836/; classtype:trojan-activity;sid:84720936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.255.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857835/; classtype:trojan-activity;sid:84720935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.m68k"; depth:10; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857834/; classtype:trojan-activity;sid:84720934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.mips"; depth:10; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857832/; classtype:trojan-activity;sid:84720932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.mipsrouter"; depth:16; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857833/; classtype:trojan-activity;sid:84720933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv4l"; depth:12; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857831/; classtype:trojan-activity;sid:84720931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.mipsel"; depth:12; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857830/; classtype:trojan-activity;sid:84720930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv7l"; depth:12; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857824/; classtype:trojan-activity;sid:84720924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv5l"; depth:12; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857825/; classtype:trojan-activity;sid:84720925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.sparc"; depth:11; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857826/; classtype:trojan-activity;sid:84720926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.x86"; depth:9; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857827/; classtype:trojan-activity;sid:84720927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv6l"; depth:12; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857828/; classtype:trojan-activity;sid:84720928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.sh4"; depth:9; endswith; nocase; http.host; content:"31.56.209.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857829/; classtype:trojan-activity;sid:84720929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=539e4e2f-089d-427e-a728-98fc810cf66b"; depth:47; endswith; nocase; http.host; content:"23q34ztp.luxerabet1.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857823/; classtype:trojan-activity;sid:84720923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.68.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857822/; classtype:trojan-activity;sid:84720922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.68.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857821/; classtype:trojan-activity;sid:84720921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.4.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857820/; classtype:trojan-activity;sid:84720920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.83.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857819/; classtype:trojan-activity;sid:84720919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.59.12.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857818/; classtype:trojan-activity;sid:84720918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.233.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857817/; classtype:trojan-activity;sid:84720917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.59.12.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857816/; classtype:trojan-activity;sid:84720916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.83.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857815/; classtype:trojan-activity;sid:84720915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.22.104"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857814/; classtype:trojan-activity;sid:84720914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.37.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857813/; classtype:trojan-activity;sid:84720913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.248.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857812/; classtype:trojan-activity;sid:84720912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.123.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857811/; classtype:trojan-activity;sid:84720911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.123.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857810/; classtype:trojan-activity;sid:84720910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.22.104"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857809/; classtype:trojan-activity;sid:84720909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.56.232.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857808/; classtype:trojan-activity;sid:84720908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.149.241"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857807/; classtype:trojan-activity;sid:84720907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.37.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857806/; classtype:trojan-activity;sid:84720906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.4.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857805/; classtype:trojan-activity;sid:84720905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857804/; classtype:trojan-activity;sid:84720904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.11.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857803/; classtype:trojan-activity;sid:84720903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=61af3067-6872-4384-9d74-35ac44f9bdf3"; depth:47; endswith; nocase; http.host; content:"0u9irsk6.luxerabet10.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857802/; classtype:trojan-activity;sid:84720902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_0326a71c1857de0a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857800/; classtype:trojan-activity;sid:84720900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6bac2fb194aa2b36.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857801/; classtype:trojan-activity;sid:84720901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sogoupinyin_x64_v1.1_win.zip"; depth:29; endswith; nocase; http.host; content:"alioss.cdn-go.com.cn"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857798/; classtype:trojan-activity;sid:84720898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.139.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857797/; classtype:trojan-activity;sid:84720897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bdg2"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857796/; classtype:trojan-activity;sid:84720896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loy"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857788/; classtype:trojan-activity;sid:84720888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vik"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857789/; classtype:trojan-activity;sid:84720889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbug"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857790/; classtype:trojan-activity;sid:84720890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mcm"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857791/; classtype:trojan-activity;sid:84720891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auwk"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857792/; classtype:trojan-activity;sid:84720892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yk6"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857793/; classtype:trojan-activity;sid:84720893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mca"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857794/; classtype:trojan-activity;sid:84720894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwh"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857795/; classtype:trojan-activity;sid:84720895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"175.107.205.172"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857787/; classtype:trojan-activity;sid:84720887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/srj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857786/; classtype:trojan-activity;sid:84720886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gxf"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857746/; classtype:trojan-activity;sid:84720846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0ql"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857747/; classtype:trojan-activity;sid:84720847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mo8e"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857748/; classtype:trojan-activity;sid:84720848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yyj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857749/; classtype:trojan-activity;sid:84720849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7wc"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857750/; classtype:trojan-activity;sid:84720850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wjq"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857751/; classtype:trojan-activity;sid:84720851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcgz"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857752/; classtype:trojan-activity;sid:84720852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vlb"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857753/; classtype:trojan-activity;sid:84720853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3r5f"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857754/; classtype:trojan-activity;sid:84720854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cbsa"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857755/; classtype:trojan-activity;sid:84720855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u6a"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857756/; classtype:trojan-activity;sid:84720856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ew9"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857757/; classtype:trojan-activity;sid:84720857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cid"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857758/; classtype:trojan-activity;sid:84720858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m6n"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857759/; classtype:trojan-activity;sid:84720859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ita"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857760/; classtype:trojan-activity;sid:84720860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kzv"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857761/; classtype:trojan-activity;sid:84720861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buvh"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857762/; classtype:trojan-activity;sid:84720862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4vo7"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857763/; classtype:trojan-activity;sid:84720863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mobs"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857764/; classtype:trojan-activity;sid:84720864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swg"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857765/; classtype:trojan-activity;sid:84720865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sbu"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857766/; classtype:trojan-activity;sid:84720866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svx3"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857767/; classtype:trojan-activity;sid:84720867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sb8"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857768/; classtype:trojan-activity;sid:84720868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wlva"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857769/; classtype:trojan-activity;sid:84720869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jef"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857770/; classtype:trojan-activity;sid:84720870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/q0e1"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857771/; classtype:trojan-activity;sid:84720871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abgh"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857772/; classtype:trojan-activity;sid:84720872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xb3p"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857773/; classtype:trojan-activity;sid:84720873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rkb4"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857774/; classtype:trojan-activity;sid:84720874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lpi0"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857775/; classtype:trojan-activity;sid:84720875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1jzp"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857776/; classtype:trojan-activity;sid:84720876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x4i"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857777/; classtype:trojan-activity;sid:84720877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/los"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857778/; classtype:trojan-activity;sid:84720878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nftv"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857779/; classtype:trojan-activity;sid:84720879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e0i"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857780/; classtype:trojan-activity;sid:84720880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cxwp"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857781/; classtype:trojan-activity;sid:84720881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y2xl"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857782/; classtype:trojan-activity;sid:84720882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itn"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857783/; classtype:trojan-activity;sid:84720883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"139.135.46.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857784/; classtype:trojan-activity;sid:84720884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vrmn"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857785/; classtype:trojan-activity;sid:84720885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zpu9"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857745/; classtype:trojan-activity;sid:84720845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xue"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857744/; classtype:trojan-activity;sid:84720844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vid"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857735/; classtype:trojan-activity;sid:84720835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kpk"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857736/; classtype:trojan-activity;sid:84720836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/43sx"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857737/; classtype:trojan-activity;sid:84720837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hr0r"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857738/; classtype:trojan-activity;sid:84720838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/actn"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857739/; classtype:trojan-activity;sid:84720839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2bek"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857740/; classtype:trojan-activity;sid:84720840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jlt"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857741/; classtype:trojan-activity;sid:84720841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/njt"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857742/; classtype:trojan-activity;sid:84720842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slm"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857743/; classtype:trojan-activity;sid:84720843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857712/; classtype:trojan-activity;sid:84720812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oeb"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857713/; classtype:trojan-activity;sid:84720813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gyxj"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857714/; classtype:trojan-activity;sid:84720814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/38e"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857715/; classtype:trojan-activity;sid:84720815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/77s7"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857716/; classtype:trojan-activity;sid:84720816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/obsi"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857717/; classtype:trojan-activity;sid:84720817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/epj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857718/; classtype:trojan-activity;sid:84720818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nwb"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857719/; classtype:trojan-activity;sid:84720819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvix"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857720/; classtype:trojan-activity;sid:84720820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrd"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857721/; classtype:trojan-activity;sid:84720821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dsg"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857722/; classtype:trojan-activity;sid:84720822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857723/; classtype:trojan-activity;sid:84720823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bi9l"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857724/; classtype:trojan-activity;sid:84720824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r8a"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857725/; classtype:trojan-activity;sid:84720825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mut"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857726/; classtype:trojan-activity;sid:84720826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/93re"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857727/; classtype:trojan-activity;sid:84720827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tbp"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857728/; classtype:trojan-activity;sid:84720828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/srna"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857729/; classtype:trojan-activity;sid:84720829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/repl"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857730/; classtype:trojan-activity;sid:84720830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nrc"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857731/; classtype:trojan-activity;sid:84720831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ymp"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857732/; classtype:trojan-activity;sid:84720832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5xnp"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857733/; classtype:trojan-activity;sid:84720833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mtc"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857734/; classtype:trojan-activity;sid:84720834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfzm"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857699/; classtype:trojan-activity;sid:84720799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jnyq"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857700/; classtype:trojan-activity;sid:84720800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chnh"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857701/; classtype:trojan-activity;sid:84720801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5tx0"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857702/; classtype:trojan-activity;sid:84720802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ely"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857703/; classtype:trojan-activity;sid:84720803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hyc0"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857704/; classtype:trojan-activity;sid:84720804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n7f"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857705/; classtype:trojan-activity;sid:84720805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d0ae"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857706/; classtype:trojan-activity;sid:84720806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfka"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857707/; classtype:trojan-activity;sid:84720807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/le4"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857708/; classtype:trojan-activity;sid:84720808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xouq"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857709/; classtype:trojan-activity;sid:84720809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vutn"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857710/; classtype:trojan-activity;sid:84720810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dzvv"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857711/; classtype:trojan-activity;sid:84720811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mfnb"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857680/; classtype:trojan-activity;sid:84720780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbe"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857681/; classtype:trojan-activity;sid:84720781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hcq"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857682/; classtype:trojan-activity;sid:84720782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tv2"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857683/; classtype:trojan-activity;sid:84720783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vcl"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857684/; classtype:trojan-activity;sid:84720784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zim"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857685/; classtype:trojan-activity;sid:84720785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4wl"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857686/; classtype:trojan-activity;sid:84720786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrnp"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857687/; classtype:trojan-activity;sid:84720787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i82q"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857688/; classtype:trojan-activity;sid:84720788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s1xs"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857689/; classtype:trojan-activity;sid:84720789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ej5m"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857690/; classtype:trojan-activity;sid:84720790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jam"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857691/; classtype:trojan-activity;sid:84720791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kigq"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857692/; classtype:trojan-activity;sid:84720792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rde"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857693/; classtype:trojan-activity;sid:84720793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/occ"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857694/; classtype:trojan-activity;sid:84720794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lml"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857695/; classtype:trojan-activity;sid:84720795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zjc4"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857696/; classtype:trojan-activity;sid:84720796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tkpm"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857697/; classtype:trojan-activity;sid:84720797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m9i"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857698/; classtype:trojan-activity;sid:84720798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857659/; classtype:trojan-activity;sid:84720759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3vj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857660/; classtype:trojan-activity;sid:84720760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hjwd"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857661/; classtype:trojan-activity;sid:84720761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u0hm"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857662/; classtype:trojan-activity;sid:84720762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m3n"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857663/; classtype:trojan-activity;sid:84720763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xsxb"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857664/; classtype:trojan-activity;sid:84720764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qvj1"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857665/; classtype:trojan-activity;sid:84720765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mh6"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857666/; classtype:trojan-activity;sid:84720766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4iu"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857667/; classtype:trojan-activity;sid:84720767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gfgb"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857668/; classtype:trojan-activity;sid:84720768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laa"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857669/; classtype:trojan-activity;sid:84720769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gn8"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857670/; classtype:trojan-activity;sid:84720770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qdo"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857671/; classtype:trojan-activity;sid:84720771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erew"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857672/; classtype:trojan-activity;sid:84720772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zjqe"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857673/; classtype:trojan-activity;sid:84720773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cez"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857674/; classtype:trojan-activity;sid:84720774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/75yc"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857675/; classtype:trojan-activity;sid:84720775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rwj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857676/; classtype:trojan-activity;sid:84720776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kzk"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857677/; classtype:trojan-activity;sid:84720777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uwq5"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857678/; classtype:trojan-activity;sid:84720778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8u8"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857679/; classtype:trojan-activity;sid:84720779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rgy"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857656/; classtype:trojan-activity;sid:84720756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqv5"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857657/; classtype:trojan-activity;sid:84720757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cnb8"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857658/; classtype:trojan-activity;sid:84720758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hvwz"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857642/; classtype:trojan-activity;sid:84720742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jav"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857643/; classtype:trojan-activity;sid:84720743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2bo"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857644/; classtype:trojan-activity;sid:84720744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2g"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857645/; classtype:trojan-activity;sid:84720745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqj"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857646/; classtype:trojan-activity;sid:84720746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr7"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857647/; classtype:trojan-activity;sid:84720747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bihm"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857648/; classtype:trojan-activity;sid:84720748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h15"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857649/; classtype:trojan-activity;sid:84720749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leq"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857650/; classtype:trojan-activity;sid:84720750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yml"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857651/; classtype:trojan-activity;sid:84720751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tz6e"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857652/; classtype:trojan-activity;sid:84720752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fdtu"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857653/; classtype:trojan-activity;sid:84720753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arv0"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857654/; classtype:trojan-activity;sid:84720754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nenj"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857655/; classtype:trojan-activity;sid:84720755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.253.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857641/; classtype:trojan-activity;sid:84720741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/745127296/hurohgh.bat"; depth:28; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857640/; classtype:trojan-activity;sid:84720740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.132.156.166"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857639/; classtype:trojan-activity;sid:84720739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.248.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857638/; classtype:trojan-activity;sid:84720738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.28.204"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857637/; classtype:trojan-activity;sid:84720737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.253.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857636/; classtype:trojan-activity;sid:84720736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.49.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857635/; classtype:trojan-activity;sid:84720735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.113.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857634/; classtype:trojan-activity;sid:84720734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.114.58.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857633/; classtype:trojan-activity;sid:84720733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.238.30.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857632/; classtype:trojan-activity;sid:84720732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.86.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857631/; classtype:trojan-activity;sid:84720731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.233.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857629/; classtype:trojan-activity;sid:84720729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.49.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857630/; classtype:trojan-activity;sid:84720730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.197.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857628/; classtype:trojan-activity;sid:84720728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.80.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857627/; classtype:trojan-activity;sid:84720727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.197.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857626/; classtype:trojan-activity;sid:84720726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.120.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857625/; classtype:trojan-activity;sid:84720725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.201.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857624/; classtype:trojan-activity;sid:84720724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.120.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857623/; classtype:trojan-activity;sid:84720723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.80.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857622/; classtype:trojan-activity;sid:84720722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=01a1806f-933c-41da-a7b1-5479f0be0649"; depth:47; endswith; nocase; http.host; content:"cspzm3hg.luxerabet1068.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857621/; classtype:trojan-activity;sid:84720721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.119.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857620/; classtype:trojan-activity;sid:84720720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.154.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857619/; classtype:trojan-activity;sid:84720719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.63.222"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857618/; classtype:trojan-activity;sid:84720718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.64.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857617/; classtype:trojan-activity;sid:84720717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.119.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857614/; classtype:trojan-activity;sid:84720714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857615/; classtype:trojan-activity;sid:84720715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.126.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857616/; classtype:trojan-activity;sid:84720716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.19.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857613/; classtype:trojan-activity;sid:84720713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.176.192.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857612/; classtype:trojan-activity;sid:84720712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.154.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857611/; classtype:trojan-activity;sid:84720711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.176.192.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857610/; classtype:trojan-activity;sid:84720710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.95.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857609/; classtype:trojan-activity;sid:84720709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_97e5178a13f8a466.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857608/; classtype:trojan-activity;sid:84720708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.186.230.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857607/; classtype:trojan-activity;sid:84720707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.159.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857606/; classtype:trojan-activity;sid:84720706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.95.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857605/; classtype:trojan-activity;sid:84720705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.197.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857603/; classtype:trojan-activity;sid:84720703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.14.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857604/; classtype:trojan-activity;sid:84720704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.238.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857602/; classtype:trojan-activity;sid:84720702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.51.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857601/; classtype:trojan-activity;sid:84720701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f8c63fcf75e18569.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857600/; classtype:trojan-activity;sid:84720700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.108.10.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857599/; classtype:trojan-activity;sid:84720699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.92.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857598/; classtype:trojan-activity;sid:84720698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.51.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857597/; classtype:trojan-activity;sid:84720697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=527df819-e71a-4d78-b3b2-2b04738ab85e"; depth:47; endswith; nocase; http.host; content:"r8cgf6ux.luxerabet100.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857596/; classtype:trojan-activity;sid:84720696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.108.10.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857595/; classtype:trojan-activity;sid:84720695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.186.230.229"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857594/; classtype:trojan-activity;sid:84720694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon.exe"; depth:11; endswith; nocase; http.host; content:"5.180.253.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857593/; classtype:trojan-activity;sid:84720693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sliver-client_linux-amd64"; depth:26; endswith; nocase; http.host; content:"165.245.181.147"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857591/; classtype:trojan-activity;sid:84720691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sliver-client_linux-amd64"; depth:26; endswith; nocase; http.host; content:"5.180.253.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857592/; classtype:trojan-activity;sid:84720692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test-beacon.exe"; depth:16; endswith; nocase; http.host; content:"5.180.253.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857588/; classtype:trojan-activity;sid:84720688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sliver_implant.exe"; depth:19; endswith; nocase; http.host; content:"46.8.226.70"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857589/; classtype:trojan-activity;sid:84720689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/implant_http.exe"; depth:17; endswith; nocase; http.host; content:"46.8.226.70"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857590/; classtype:trojan-activity;sid:84720690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/implant_linux"; depth:14; endswith; nocase; http.host; content:"46.8.226.70"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857587/; classtype:trojan-activity;sid:84720687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agent.sh"; depth:9; endswith; nocase; http.host; content:"5.180.253.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857586/; classtype:trojan-activity;sid:84720686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sliver-client_linux-amd64"; depth:26; endswith; nocase; http.host; content:"185.246.223.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857585/; classtype:trojan-activity;sid:84720685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon.bin"; depth:11; endswith; nocase; http.host; content:"5.180.253.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857584/; classtype:trojan-activity;sid:84720684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stager.ps1"; depth:11; endswith; nocase; http.host; content:"5.180.253.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857583/; classtype:trojan-activity;sid:84720683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_75ee6dc4a691978c.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857582/; classtype:trojan-activity;sid:84720682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.144.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857581/; classtype:trojan-activity;sid:84720681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.70.112"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857580/; classtype:trojan-activity;sid:84720680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rkuz"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857579/; classtype:trojan-activity;sid:84720679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.i686"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857571/; classtype:trojan-activity;sid:84720671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppma"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857572/; classtype:trojan-activity;sid:84720672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lvtb"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857573/; classtype:trojan-activity;sid:84720673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y0hc"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857574/; classtype:trojan-activity;sid:84720674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaa"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857575/; classtype:trojan-activity;sid:84720675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j9e4"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857576/; classtype:trojan-activity;sid:84720676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trh1"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857577/; classtype:trojan-activity;sid:84720677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857578/; classtype:trojan-activity;sid:84720678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l4ra"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857570/; classtype:trojan-activity;sid:84720670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink/arm4"; depth:12; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857562/; classtype:trojan-activity;sid:84720662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4ul"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857563/; classtype:trojan-activity;sid:84720663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lyjr"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857564/; classtype:trojan-activity;sid:84720664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txjm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857565/; classtype:trojan-activity;sid:84720665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yt2"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857566/; classtype:trojan-activity;sid:84720666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eob"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857567/; classtype:trojan-activity;sid:84720667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rvy"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857568/; classtype:trojan-activity;sid:84720668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fwwd"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857569/; classtype:trojan-activity;sid:84720669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ojj"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857556/; classtype:trojan-activity;sid:84720656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.x86_64"; depth:16; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857557/; classtype:trojan-activity;sid:84720657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.arc"; depth:13; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857558/; classtype:trojan-activity;sid:84720658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amp"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857559/; classtype:trojan-activity;sid:84720659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9si"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857560/; classtype:trojan-activity;sid:84720660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xd1o"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857561/; classtype:trojan-activity;sid:84720661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wbj"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857553/; classtype:trojan-activity;sid:84720653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4oeb"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857554/; classtype:trojan-activity;sid:84720654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuf"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857555/; classtype:trojan-activity;sid:84720655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xnmy"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857549/; classtype:trojan-activity;sid:84720649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4pj"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857550/; classtype:trojan-activity;sid:84720650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ow7a"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857551/; classtype:trojan-activity;sid:84720651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.i468"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857552/; classtype:trojan-activity;sid:84720652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.232.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857548/; classtype:trojan-activity;sid:84720648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.17.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857546/; classtype:trojan-activity;sid:84720646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.113.52"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857547/; classtype:trojan-activity;sid:84720647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.230.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857545/; classtype:trojan-activity;sid:84720645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2026/04/17/1776411172-9642.jpeg"; depth:32; endswith; nocase; http.host; content:"i.404.pm"; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857544/; classtype:trojan-activity;sid:84720644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_178350f82069de84.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857542/; classtype:trojan-activity;sid:84720642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_8de4f30e9c7f2cfd.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857541/; classtype:trojan-activity;sid:84720641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.47.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857540/; classtype:trojan-activity;sid:84720640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.159.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857539/; classtype:trojan-activity;sid:84720639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.137.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857538/; classtype:trojan-activity;sid:84720638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.92.80"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857537/; classtype:trojan-activity;sid:84720637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.17.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857536/; classtype:trojan-activity;sid:84720636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.47.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857535/; classtype:trojan-activity;sid:84720635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.60.4"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857534/; classtype:trojan-activity;sid:84720634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.254.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857533/; classtype:trojan-activity;sid:84720633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.254.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857532/; classtype:trojan-activity;sid:84720632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.160.147"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857531/; classtype:trojan-activity;sid:84720631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.196.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857530/; classtype:trojan-activity;sid:84720630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.102.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857529/; classtype:trojan-activity;sid:84720629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.96.71"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857528/; classtype:trojan-activity;sid:84720628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.60.4"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857526/; classtype:trojan-activity;sid:84720626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.60.190.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857527/; classtype:trojan-activity;sid:84720627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.230.157"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857525/; classtype:trojan-activity;sid:84720625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=70bdb48c-7435-48fb-bf41-0475a92b519b"; depth:47; endswith; nocase; http.host; content:"t6h2yu60.luxerabet1000.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857524/; classtype:trojan-activity;sid:84720624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.178.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857523/; classtype:trojan-activity;sid:84720623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.245.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857521/; classtype:trojan-activity;sid:84720621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.29.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857520/; classtype:trojan-activity;sid:84720620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.97.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857519/; classtype:trojan-activity;sid:84720619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.120.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857518/; classtype:trojan-activity;sid:84720618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.102.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857517/; classtype:trojan-activity;sid:84720617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"218.60.190.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857516/; classtype:trojan-activity;sid:84720616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.178.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857515/; classtype:trojan-activity;sid:84720615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.245.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857514/; classtype:trojan-activity;sid:84720614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.220.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857513/; classtype:trojan-activity;sid:84720613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.12.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857512/; classtype:trojan-activity;sid:84720612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.223.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857511/; classtype:trojan-activity;sid:84720611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.214.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857510/; classtype:trojan-activity;sid:84720610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.121.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857509/; classtype:trojan-activity;sid:84720609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.12.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857508/; classtype:trojan-activity;sid:84720608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.223.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857507/; classtype:trojan-activity;sid:84720607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.39.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857506/; classtype:trojan-activity;sid:84720606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.61.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857505/; classtype:trojan-activity;sid:84720605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.238.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857504/; classtype:trojan-activity;sid:84720604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.235.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857503/; classtype:trojan-activity;sid:84720603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00ea76e4-df49-49cb-9c29-371cb2bc86f8"; depth:37; endswith; nocase; http.host; content:"kxlkbmz.303-bet.buzz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857502/; classtype:trojan-activity;sid:84720602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.61.44"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857501/; classtype:trojan-activity;sid:84720601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9ebf6775-3b11-4bb4-88d2-f072482839bc"; depth:37; endswith; nocase; http.host; content:"kuyquso.akharinbama.ir"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857500/; classtype:trojan-activity;sid:84720600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8aa7fe04-5688-4b9d-8abe-bb2ac9914a29"; depth:47; endswith; nocase; http.host; content:"ps10z3qz.eutoor.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857499/; classtype:trojan-activity;sid:84720599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.243.1"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857498/; classtype:trojan-activity;sid:84720598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.48.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857497/; classtype:trojan-activity;sid:84720597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52c72b8e-06a8-4118-b17e-0cbe50f3e9c8"; depth:37; endswith; nocase; http.host; content:"anxstwt.akharinbama.ir"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857496/; classtype:trojan-activity;sid:84720596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.0.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857495/; classtype:trojan-activity;sid:84720595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.48.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857494/; classtype:trojan-activity;sid:84720594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.4.185"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857493/; classtype:trojan-activity;sid:84720593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.56.147"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857492/; classtype:trojan-activity;sid:84720592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.202.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857491/; classtype:trojan-activity;sid:84720591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.101.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857490/; classtype:trojan-activity;sid:84720590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.255.30.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857489/; classtype:trojan-activity;sid:84720589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.74.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857488/; classtype:trojan-activity;sid:84720588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6cc356ee-f176-429d-a1d7-a4f688ca7e60"; depth:37; endswith; nocase; http.host; content:"xavytub.alternatifdekorasyon.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857487/; classtype:trojan-activity;sid:84720587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.97.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857486/; classtype:trojan-activity;sid:84720586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.199.78.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857485/; classtype:trojan-activity;sid:84720585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.202.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857484/; classtype:trojan-activity;sid:84720584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.74.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857483/; classtype:trojan-activity;sid:84720583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.101.38"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857482/; classtype:trojan-activity;sid:84720582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.97.211"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857481/; classtype:trojan-activity;sid:84720581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4c4781157c8c74ab.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857480/; classtype:trojan-activity;sid:84720580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_8efd35a538a54dd8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857479/; classtype:trojan-activity;sid:84720579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.0.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857478/; classtype:trojan-activity;sid:84720578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.95.252"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857477/; classtype:trojan-activity;sid:84720577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.88.209"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857476/; classtype:trojan-activity;sid:84720576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.249.4.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857475/; classtype:trojan-activity;sid:84720575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3227f95-1876-4ff1-892b-71884192d90d"; depth:37; endswith; nocase; http.host; content:"pyfptfv.anadoluslot.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857474/; classtype:trojan-activity;sid:84720574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857473/; classtype:trojan-activity;sid:84720573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.224.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857472/; classtype:trojan-activity;sid:84720572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.95.252"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857471/; classtype:trojan-activity;sid:84720571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.24.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857470/; classtype:trojan-activity;sid:84720570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.88.209"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857469/; classtype:trojan-activity;sid:84720569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.4.185"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857468/; classtype:trojan-activity;sid:84720568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.224.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857467/; classtype:trojan-activity;sid:84720567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.24.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857466/; classtype:trojan-activity;sid:84720566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4087b791-8925-40ac-9a33-f3349f4dca27"; depth:37; endswith; nocase; http.host; content:"citnflk.arayemek.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857465/; classtype:trojan-activity;sid:84720565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.200.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857464/; classtype:trojan-activity;sid:84720564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.119.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857463/; classtype:trojan-activity;sid:84720563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fad58231-1bb1-4ca8-9bc5-7f707c084aad"; depth:47; endswith; nocase; http.host; content:"ff4ekbmd.7lf.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857462/; classtype:trojan-activity;sid:84720562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.167.102.166"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857461/; classtype:trojan-activity;sid:84720561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.148.242.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857460/; classtype:trojan-activity;sid:84720560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857459/; classtype:trojan-activity;sid:84720559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.119.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857458/; classtype:trojan-activity;sid:84720558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"194.69.200.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857457/; classtype:trojan-activity;sid:84720557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.230.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857456/; classtype:trojan-activity;sid:84720556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/91b74a32-6db8-429b-a162-3343be333581"; depth:37; endswith; nocase; http.host; content:"ysqlyfg.betfire90.bet"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857455/; classtype:trojan-activity;sid:84720555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.46.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857454/; classtype:trojan-activity;sid:84720554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.124.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857453/; classtype:trojan-activity;sid:84720553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.124.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857452/; classtype:trojan-activity;sid:84720552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.214.149.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857451/; classtype:trojan-activity;sid:84720551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.46.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857450/; classtype:trojan-activity;sid:84720550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0384a700-baae-4a19-8f9e-4766e32e9733"; depth:37; endswith; nocase; http.host; content:"ysivuys.betexper.bet"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857449/; classtype:trojan-activity;sid:84720549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.73.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857448/; classtype:trojan-activity;sid:84720548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.242.242"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857447/; classtype:trojan-activity;sid:84720547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.242.242"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857446/; classtype:trojan-activity;sid:84720546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.253.10"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857445/; classtype:trojan-activity;sid:84720545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.73.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857444/; classtype:trojan-activity;sid:84720544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.26.83.155"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857443/; classtype:trojan-activity;sid:84720543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.178.183.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857442/; classtype:trojan-activity;sid:84720542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.214.100"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857441/; classtype:trojan-activity;sid:84720541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1fe5ad6b-ce2f-4699-915a-790225cedf70"; depth:37; endswith; nocase; http.host; content:"dhddzix.betbet.city"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857440/; classtype:trojan-activity;sid:84720540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.250.202.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857439/; classtype:trojan-activity;sid:84720539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857438/; classtype:trojan-activity;sid:84720538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.214.100"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857437/; classtype:trojan-activity;sid:84720537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0cbddda7-4466-4604-827c-2056f2632703"; depth:47; endswith; nocase; http.host; content:"7d6da0ri.axee.net"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857436/; classtype:trojan-activity;sid:84720536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.26.83.155"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857435/; classtype:trojan-activity;sid:84720535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.178.183.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857434/; classtype:trojan-activity;sid:84720534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.173.4.94"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857433/; classtype:trojan-activity;sid:84720533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857432/; classtype:trojan-activity;sid:84720532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.250.202.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857431/; classtype:trojan-activity;sid:84720531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.132.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857430/; classtype:trojan-activity;sid:84720530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa1fac97-355d-4461-b370-cd9537c10760"; depth:37; endswith; nocase; http.host; content:"negfuie.bet888starzz.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857429/; classtype:trojan-activity;sid:84720529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857428/; classtype:trojan-activity;sid:84720528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.135.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857427/; classtype:trojan-activity;sid:84720527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857426/; classtype:trojan-activity;sid:84720526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.132.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857425/; classtype:trojan-activity;sid:84720525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.60.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857424/; classtype:trojan-activity;sid:84720524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45602df4-d39c-4827-8cae-1084f7bd043f"; depth:37; endswith; nocase; http.host; content:"esqbzfn.bet365iran.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857423/; classtype:trojan-activity;sid:84720523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857422/; classtype:trojan-activity;sid:84720522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.21.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857421/; classtype:trojan-activity;sid:84720521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"104.131.162.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857420/; classtype:trojan-activity;sid:84720520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"104.131.162.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857419/; classtype:trojan-activity;sid:84720519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.121.106"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857418/; classtype:trojan-activity;sid:84720518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.131.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857417/; classtype:trojan-activity;sid:84720517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.239.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857416/; classtype:trojan-activity;sid:84720516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/861d0a90-0c0c-43d4-998d-94229c9ec43a"; depth:37; endswith; nocase; http.host; content:"pjfaqdf.bet313.app"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857415/; classtype:trojan-activity;sid:84720515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.146.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857414/; classtype:trojan-activity;sid:84720514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.247.88.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857413/; classtype:trojan-activity;sid:84720513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.241.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857412/; classtype:trojan-activity;sid:84720512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.208.231.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857411/; classtype:trojan-activity;sid:84720511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.50.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857410/; classtype:trojan-activity;sid:84720510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857409/; classtype:trojan-activity;sid:84720509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.84.222.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857408/; classtype:trojan-activity;sid:84720508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.96.71"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857407/; classtype:trojan-activity;sid:84720507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_54ac4f87020903c8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857406/; classtype:trojan-activity;sid:84720506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.arm6"; depth:11; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857405/; classtype:trojan-activity;sid:84720505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.mips"; depth:11; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857402/; classtype:trojan-activity;sid:84720502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.arm7"; depth:11; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857403/; classtype:trojan-activity;sid:84720503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.mpsl"; depth:11; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857404/; classtype:trojan-activity;sid:84720504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_2d1724942d84955b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857401/; classtype:trojan-activity;sid:84720501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.60.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857400/; classtype:trojan-activity;sid:84720500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.233.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857399/; classtype:trojan-activity;sid:84720499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.241.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857398/; classtype:trojan-activity;sid:84720498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=496e7998-017e-4efc-ac22-dca94c48f8fa"; depth:47; endswith; nocase; http.host; content:"sax166rh.funkboi.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857397/; classtype:trojan-activity;sid:84720497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857396/; classtype:trojan-activity;sid:84720496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.146.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857395/; classtype:trojan-activity;sid:84720495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.38.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857394/; classtype:trojan-activity;sid:84720494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.147.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857393/; classtype:trojan-activity;sid:84720493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.84.222.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857392/; classtype:trojan-activity;sid:84720492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.235.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857391/; classtype:trojan-activity;sid:84720491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/411d60b4-e0db-4935-886c-92a0fcdb7d54"; depth:37; endswith; nocase; http.host; content:"kfvzenz.bahiscom2023.online"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857390/; classtype:trojan-activity;sid:84720490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857389/; classtype:trojan-activity;sid:84720489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.7.53"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857388/; classtype:trojan-activity;sid:84720488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.29.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857387/; classtype:trojan-activity;sid:84720487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.157.253.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857386/; classtype:trojan-activity;sid:84720486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty3"; depth:5; endswith; nocase; http.host; content:"104.131.50.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857385/; classtype:trojan-activity;sid:84720485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cd3c858-7fb5-4826-bc71-39b1a5d7bc29"; depth:37; endswith; nocase; http.host; content:"yhyrxap.bahisbey90.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857384/; classtype:trojan-activity;sid:84720484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857381/; classtype:trojan-activity;sid:84720481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty4"; depth:5; endswith; nocase; http.host; content:"104.131.50.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857382/; classtype:trojan-activity;sid:84720482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty10"; depth:6; endswith; nocase; http.host; content:"104.131.50.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857383/; classtype:trojan-activity;sid:84720483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"93.157.253.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857380/; classtype:trojan-activity;sid:84720480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.91.177"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857379/; classtype:trojan-activity;sid:84720479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.254.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857378/; classtype:trojan-activity;sid:84720478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8024e52b-8ee8-4053-ae82-90315513d3c0"; depth:37; endswith; nocase; http.host; content:"zxzhjlk.artenadigital.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857377/; classtype:trojan-activity;sid:84720477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857376/; classtype:trojan-activity;sid:84720476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.194.121"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857375/; classtype:trojan-activity;sid:84720475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.91.177"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857374/; classtype:trojan-activity;sid:84720474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.21.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857373/; classtype:trojan-activity;sid:84720473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.237.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857371/; classtype:trojan-activity;sid:84720471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.44.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857372/; classtype:trojan-activity;sid:84720472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.144.124"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857370/; classtype:trojan-activity;sid:84720470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.187.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857369/; classtype:trojan-activity;sid:84720469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.187.101"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857368/; classtype:trojan-activity;sid:84720468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.81.5"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857367/; classtype:trojan-activity;sid:84720467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.231.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857366/; classtype:trojan-activity;sid:84720466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.59.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857365/; classtype:trojan-activity;sid:84720465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.59.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857364/; classtype:trojan-activity;sid:84720464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bb69bdaf-d06e-4ad7-9a29-71cdbac3f336"; depth:37; endswith; nocase; http.host; content:"tfasyxh.arayemek.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857363/; classtype:trojan-activity;sid:84720463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f27f7253-2ef4-4e11-855e-b51d670db5c3"; depth:47; endswith; nocase; http.host; content:"cw5zuej3.baxus.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857362/; classtype:trojan-activity;sid:84720462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.ppc"; depth:10; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857355/; classtype:trojan-activity;sid:84720455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.m68k"; depth:11; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857356/; classtype:trojan-activity;sid:84720456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.arm"; depth:10; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857357/; classtype:trojan-activity;sid:84720457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.arc"; depth:10; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857358/; classtype:trojan-activity;sid:84720458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.arm5"; depth:11; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857359/; classtype:trojan-activity;sid:84720459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.sh4"; depth:10; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857360/; classtype:trojan-activity;sid:84720460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.spc"; depth:10; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857361/; classtype:trojan-activity;sid:84720461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.121.127.54"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857354/; classtype:trojan-activity;sid:84720454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.107.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857353/; classtype:trojan-activity;sid:84720453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.166.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857352/; classtype:trojan-activity;sid:84720452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.231.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857351/; classtype:trojan-activity;sid:84720451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.20.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857350/; classtype:trojan-activity;sid:84720450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.224.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857349/; classtype:trojan-activity;sid:84720449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.81.5"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857348/; classtype:trojan-activity;sid:84720448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.20.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857347/; classtype:trojan-activity;sid:84720447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.121.127.54"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857346/; classtype:trojan-activity;sid:84720446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.166.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857345/; classtype:trojan-activity;sid:84720445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80f44022-e38f-4d9f-b8f5-c5f4a57b8bc3"; depth:37; endswith; nocase; http.host; content:"usfltzp.anadoluslot.bet"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857344/; classtype:trojan-activity;sid:84720444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.78.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857343/; classtype:trojan-activity;sid:84720443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.233.104.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857342/; classtype:trojan-activity;sid:84720442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.134.172.127"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857341/; classtype:trojan-activity;sid:84720441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.173.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857340/; classtype:trojan-activity;sid:84720440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.151.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857337/; classtype:trojan-activity;sid:84720437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.151.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857338/; classtype:trojan-activity;sid:84720438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.120.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857339/; classtype:trojan-activity;sid:84720439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.107.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857335/; classtype:trojan-activity;sid:84720435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.189.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857336/; classtype:trojan-activity;sid:84720436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.134.172.127"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857334/; classtype:trojan-activity;sid:84720434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857333/; classtype:trojan-activity;sid:84720433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.124.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857332/; classtype:trojan-activity;sid:84720432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.121.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857331/; classtype:trojan-activity;sid:84720431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.10.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857330/; classtype:trojan-activity;sid:84720430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azsxd.x86"; depth:10; endswith; nocase; http.host; content:"185.228.26.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857329/; classtype:trojan-activity;sid:84720429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.252.217.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857328/; classtype:trojan-activity;sid:84720428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.20.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857327/; classtype:trojan-activity;sid:84720427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.254.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857326/; classtype:trojan-activity;sid:84720426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.189.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857325/; classtype:trojan-activity;sid:84720425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.120.6.133"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857324/; classtype:trojan-activity;sid:84720424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.188.86.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857323/; classtype:trojan-activity;sid:84720423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.120.6.133"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857322/; classtype:trojan-activity;sid:84720422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a307c252-57ff-4788-b618-26d88870d675"; depth:37; endswith; nocase; http.host; content:"zrgxhan.alternatifdekorasyon.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857321/; classtype:trojan-activity;sid:84720421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.209.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857320/; classtype:trojan-activity;sid:84720420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.50.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857319/; classtype:trojan-activity;sid:84720419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.162.179.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857318/; classtype:trojan-activity;sid:84720418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.120.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857317/; classtype:trojan-activity;sid:84720417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.10.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857316/; classtype:trojan-activity;sid:84720416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.174.104.157"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857315/; classtype:trojan-activity;sid:84720415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"220.188.86.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857314/; classtype:trojan-activity;sid:84720414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.252.217.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857313/; classtype:trojan-activity;sid:84720413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.254.244"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857312/; classtype:trojan-activity;sid:84720412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.162.179.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857311/; classtype:trojan-activity;sid:84720411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.239"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857310/; classtype:trojan-activity;sid:84720410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/888acdaa-e677-444a-ae53-007ec13bdd79"; depth:37; endswith; nocase; http.host; content:"rvubnzq.akharinbama.ir"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857309/; classtype:trojan-activity;sid:84720409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.209.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857308/; classtype:trojan-activity;sid:84720408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"103.168.66.233"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857307/; classtype:trojan-activity;sid:84720407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.253.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857306/; classtype:trojan-activity;sid:84720406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.89.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857305/; classtype:trojan-activity;sid:84720405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"124.198.131.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857304/; classtype:trojan-activity;sid:84720404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"193.26.115.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857303/; classtype:trojan-activity;sid:84720403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"124.198.131.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857302/; classtype:trojan-activity;sid:84720402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"193.26.115.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857300/; classtype:trojan-activity;sid:84720400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.245.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857301/; classtype:trojan-activity;sid:84720401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4777c791-c82c-4bf7-9f1c-95d5408ee854"; depth:47; endswith; nocase; http.host; content:"96mjt1sb.axee.net"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857299/; classtype:trojan-activity;sid:84720399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.147.239"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857298/; classtype:trojan-activity;sid:84720398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.115.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857297/; classtype:trojan-activity;sid:84720397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857289/; classtype:trojan-activity;sid:84720389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857290/; classtype:trojan-activity;sid:84720390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857291/; classtype:trojan-activity;sid:84720391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857292/; classtype:trojan-activity;sid:84720392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857293/; classtype:trojan-activity;sid:84720393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc64"; depth:10; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857294/; classtype:trojan-activity;sid:84720394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857295/; classtype:trojan-activity;sid:84720395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857296/; classtype:trojan-activity;sid:84720396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857287/; classtype:trojan-activity;sid:84720387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857288/; classtype:trojan-activity;sid:84720388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857285/; classtype:trojan-activity;sid:84720385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armhf"; depth:6; endswith; nocase; http.host; content:"176.65.139.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857286/; classtype:trojan-activity;sid:84720386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.89.197"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857284/; classtype:trojan-activity;sid:84720384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0c819c10-c899-4611-a2d2-6e6d1c4fadea"; depth:37; endswith; nocase; http.host; content:"actmimo.aftabsport.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857283/; classtype:trojan-activity;sid:84720383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.172.165"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857282/; classtype:trojan-activity;sid:84720382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8da54b0a-856b-483c-9288-2d85e0ea89ee"; depth:37; endswith; nocase; http.host; content:"utgxkle.aftabsport.ir"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857281/; classtype:trojan-activity;sid:84720381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.137.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857280/; classtype:trojan-activity;sid:84720380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.38.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857278/; classtype:trojan-activity;sid:84720378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.115.201"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857279/; classtype:trojan-activity;sid:84720379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.171.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857277/; classtype:trojan-activity;sid:84720377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.29.39"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857276/; classtype:trojan-activity;sid:84720376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.254.14"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857275/; classtype:trojan-activity;sid:84720375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.15.11"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857274/; classtype:trojan-activity;sid:84720374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.93.214"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857273/; classtype:trojan-activity;sid:84720373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.171.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857272/; classtype:trojan-activity;sid:84720372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.137.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857271/; classtype:trojan-activity;sid:84720371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5010c114-c3af-43d2-b106-935e60b0c3ba"; depth:37; endswith; nocase; http.host; content:"djineca.adabiyat.org"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857270/; classtype:trojan-activity;sid:84720370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.199.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857269/; classtype:trojan-activity;sid:84720369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.ppc"; depth:13; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857268/; classtype:trojan-activity;sid:84720368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.spc"; depth:13; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857256/; classtype:trojan-activity;sid:84720356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.arm7"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857257/; classtype:trojan-activity;sid:84720357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.arm6"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857258/; classtype:trojan-activity;sid:84720358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857259/; classtype:trojan-activity;sid:84720359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857260/; classtype:trojan-activity;sid:84720360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.arm"; depth:13; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857261/; classtype:trojan-activity;sid:84720361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.mpsl"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857262/; classtype:trojan-activity;sid:84720362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.mips"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857263/; classtype:trojan-activity;sid:84720363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.arm5"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857264/; classtype:trojan-activity;sid:84720364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.sh4"; depth:13; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857265/; classtype:trojan-activity;sid:84720365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.x86"; depth:13; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857266/; classtype:trojan-activity;sid:84720366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857267/; classtype:trojan-activity;sid:84720367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ogz.m68k"; depth:14; endswith; nocase; http.host; content:"179.43.182.70"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857255/; classtype:trojan-activity;sid:84720355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.146.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857254/; classtype:trojan-activity;sid:84720354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.93.214"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857253/; classtype:trojan-activity;sid:84720353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.239.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857252/; classtype:trojan-activity;sid:84720352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857251/; classtype:trojan-activity;sid:84720351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41fdb794-cba1-4eca-8cf4-f925421c91d5"; depth:37; endswith; nocase; http.host; content:"zhlwyqr.3sefr3.ir"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857250/; classtype:trojan-activity;sid:84720350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.254.14"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857249/; classtype:trojan-activity;sid:84720349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857248/; classtype:trojan-activity;sid:84720348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.7.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857247/; classtype:trojan-activity;sid:84720347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.146.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857246/; classtype:trojan-activity;sid:84720346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.239.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857245/; classtype:trojan-activity;sid:84720345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.255.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857244/; classtype:trojan-activity;sid:84720344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=08144743-dd48-469d-a3c7-d0be12964247"; depth:47; endswith; nocase; http.host; content:"gfwbeo2g.7lf.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857243/; classtype:trojan-activity;sid:84720343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"14.145.162.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857242/; classtype:trojan-activity;sid:84720342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.255.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857241/; classtype:trojan-activity;sid:84720341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.39.52"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857240/; classtype:trojan-activity;sid:84720340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/496ab272-b028-4acf-b361-ea46018f1dcc"; depth:37; endswith; nocase; http.host; content:"ydcpmjs.303-bet.xyz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857239/; classtype:trojan-activity;sid:84720339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.255.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857238/; classtype:trojan-activity;sid:84720338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.80.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857237/; classtype:trojan-activity;sid:84720337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.106.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857236/; classtype:trojan-activity;sid:84720336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.85.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857235/; classtype:trojan-activity;sid:84720335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ae0b9fa-1b26-41dc-b559-7a90cc141bd9"; depth:37; endswith; nocase; http.host; content:"maibnyf.303-bet.buzz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857234/; classtype:trojan-activity;sid:84720334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857233/; classtype:trojan-activity;sid:84720333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.61.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857232/; classtype:trojan-activity;sid:84720332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.231.80.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857231/; classtype:trojan-activity;sid:84720331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.106.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857230/; classtype:trojan-activity;sid:84720330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.61.151"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857229/; classtype:trojan-activity;sid:84720329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.255.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857228/; classtype:trojan-activity;sid:84720328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.85.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857227/; classtype:trojan-activity;sid:84720327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/30e7e44c-9378-47ca-90e9-57d36aa38856"; depth:37; endswith; nocase; http.host; content:"ssiysqt.1xbet1farsi.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857226/; classtype:trojan-activity;sid:84720326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.88.87"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857225/; classtype:trojan-activity;sid:84720325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"176.226.226.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857224/; classtype:trojan-activity;sid:84720324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.135.153.0"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857223/; classtype:trojan-activity;sid:84720323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.88.87"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857222/; classtype:trojan-activity;sid:84720322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.187.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857221/; classtype:trojan-activity;sid:84720321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5c963bc1-4201-45d1-9484-9acae9a04fc4"; depth:47; endswith; nocase; http.host; content:"4iod03t4.eutoor.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857220/; classtype:trojan-activity;sid:84720320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.238.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857219/; classtype:trojan-activity;sid:84720319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.148.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857218/; classtype:trojan-activity;sid:84720318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857217/; classtype:trojan-activity;sid:84720317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.247.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857216/; classtype:trojan-activity;sid:84720316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.57.203.242"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857215/; classtype:trojan-activity;sid:84720315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.238.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857214/; classtype:trojan-activity;sid:84720314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.247.240"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857213/; classtype:trojan-activity;sid:84720313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/127a5ebe-0d7d-4d4d-9ade-b2dc699eab3d"; depth:37; endswith; nocase; http.host; content:"dkgxlcw.venusbetyek.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857212/; classtype:trojan-activity;sid:84720312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.87.170.63"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857211/; classtype:trojan-activity;sid:84720311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.141.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857210/; classtype:trojan-activity;sid:84720310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.175.34.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857209/; classtype:trojan-activity;sid:84720309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.215.207.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857208/; classtype:trojan-activity;sid:84720308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.235.158.129"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857206/; classtype:trojan-activity;sid:84720306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.187.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857207/; classtype:trojan-activity;sid:84720307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.226.207"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857203/; classtype:trojan-activity;sid:84720303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meowarm64"; depth:10; endswith; nocase; http.host; content:"34.181.210.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857204/; classtype:trojan-activity;sid:84720304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow"; depth:5; endswith; nocase; http.host; content:"34.181.210.37"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857205/; classtype:trojan-activity;sid:84720305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_27c474da366340b6.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857201/; classtype:trojan-activity;sid:84720301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5c45918e867514f4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857202/; classtype:trojan-activity;sid:84720302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.218.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857200/; classtype:trojan-activity;sid:84720300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.187.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857199/; classtype:trojan-activity;sid:84720299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.sh4"; depth:9; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857198/; classtype:trojan-activity;sid:84720298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.x86"; depth:9; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857195/; classtype:trojan-activity;sid:84720295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.sparc"; depth:11; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857196/; classtype:trojan-activity;sid:84720296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv6l"; depth:12; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857197/; classtype:trojan-activity;sid:84720297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv5l"; depth:12; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857193/; classtype:trojan-activity;sid:84720293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.mips"; depth:10; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857194/; classtype:trojan-activity;sid:84720294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv7l"; depth:12; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857188/; classtype:trojan-activity;sid:84720288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.mipsrouter"; depth:16; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857189/; classtype:trojan-activity;sid:84720289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.armv4l"; depth:12; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857190/; classtype:trojan-activity;sid:84720290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.m68k"; depth:10; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857191/; classtype:trojan-activity;sid:84720291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zero.mipsel"; depth:12; endswith; nocase; http.host; content:"31.56.209.222"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857192/; classtype:trojan-activity;sid:84720292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857187/; classtype:trojan-activity;sid:84720287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/185e7150-841c-4085-9ac0-09e978d5f45d"; depth:37; endswith; nocase; http.host; content:"nljinxg.takhtebet.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857186/; classtype:trojan-activity;sid:84720286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.141.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857185/; classtype:trojan-activity;sid:84720285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.187.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857184/; classtype:trojan-activity;sid:84720284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.235.158.129"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857183/; classtype:trojan-activity;sid:84720283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.175.34.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857182/; classtype:trojan-activity;sid:84720282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.218.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857181/; classtype:trojan-activity;sid:84720281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857179/; classtype:trojan-activity;sid:84720279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.177.237.148"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857180/; classtype:trojan-activity;sid:84720280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857178/; classtype:trojan-activity;sid:84720278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faea0967-fa05-4994-8440-686eaa2d049b"; depth:37; endswith; nocase; http.host; content:"rvvemra.takhtebet.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857177/; classtype:trojan-activity;sid:84720277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3b493422-bbc9-4d54-b8d8-7dfc8ea5b545"; depth:47; endswith; nocase; http.host; content:"0nwfyg62.onja1bet.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857176/; classtype:trojan-activity;sid:84720276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e4c93c20-1250-4fda-8969-e425c2d0f56f"; depth:37; endswith; nocase; http.host; content:"msbeora.takhtebet.app"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857175/; classtype:trojan-activity;sid:84720275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8472153909/kpb7its.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857174/; classtype:trojan-activity;sid:84720274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.112.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857173/; classtype:trojan-activity;sid:84720273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.6.167.121"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857172/; classtype:trojan-activity;sid:84720272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.121.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857171/; classtype:trojan-activity;sid:84720271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/608a9908-0f7e-496b-bc75-015f249004e6"; depth:37; endswith; nocase; http.host; content:"ekffxlo.shart90bet.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857170/; classtype:trojan-activity;sid:84720270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb25.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857169/; classtype:trojan-activity;sid:84720269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsle"; depth:7; endswith; nocase; http.host; content:"31.56.209.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857167/; classtype:trojan-activity;sid:84720267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"31.56.209.85"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857168/; classtype:trojan-activity;sid:84720268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.6.167.121"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857166/; classtype:trojan-activity;sid:84720266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.215.207.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857165/; classtype:trojan-activity;sid:84720265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.36.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857164/; classtype:trojan-activity;sid:84720264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.112.76"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857163/; classtype:trojan-activity;sid:84720263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.121.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857162/; classtype:trojan-activity;sid:84720262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/92ce30d1-330e-477f-aace-4262bd852f9a"; depth:37; endswith; nocase; http.host; content:"bgtwfmx.rikashart.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857161/; classtype:trojan-activity;sid:84720261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.4.114"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857160/; classtype:trojan-activity;sid:84720260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"176.65.139.195"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857159/; classtype:trojan-activity;sid:84720259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.31.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857158/; classtype:trojan-activity;sid:84720258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.93.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857157/; classtype:trojan-activity;sid:84720257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.142.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857156/; classtype:trojan-activity;sid:84720256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"206.168.201.246"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857155/; classtype:trojan-activity;sid:84720255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"175.107.205.18"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857154/; classtype:trojan-activity;sid:84720254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"91.92.42.126"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857153/; classtype:trojan-activity;sid:84720253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61949eeb-139c-46cf-a17d-e08dc62ab601"; depth:37; endswith; nocase; http.host; content:"tfbkfdw.21pasoor.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857152/; classtype:trojan-activity;sid:84720252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fe96f4a1-bb1f-4a22-95a8-5b2933ecf37b"; depth:47; endswith; nocase; http.host; content:"a0sadcof.ogabbet.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857151/; classtype:trojan-activity;sid:84720251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.36.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857150/; classtype:trojan-activity;sid:84720250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857149/; classtype:trojan-activity;sid:84720249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857148/; classtype:trojan-activity;sid:84720248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.142.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857147/; classtype:trojan-activity;sid:84720247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89b66ec8-ecc6-4b61-b8d1-891a25c75940"; depth:37; endswith; nocase; http.host; content:"hfsdguf.asyabet303.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857146/; classtype:trojan-activity;sid:84720246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.142.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857145/; classtype:trojan-activity;sid:84720245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.168.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857144/; classtype:trojan-activity;sid:84720244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.229.184.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857143/; classtype:trojan-activity;sid:84720243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.135.54.28"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857142/; classtype:trojan-activity;sid:84720242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.48.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857141/; classtype:trojan-activity;sid:84720241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.135.54.28"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857140/; classtype:trojan-activity;sid:84720240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.126.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857139/; classtype:trojan-activity;sid:84720239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.222.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857138/; classtype:trojan-activity;sid:84720238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fe4d577f-537f-49be-b2d6-92e57674d713"; depth:37; endswith; nocase; http.host; content:"zfkzwhk.bakhtazmaeii.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857137/; classtype:trojan-activity;sid:84720237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.167.102.166"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857136/; classtype:trojan-activity;sid:84720236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.126.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857135/; classtype:trojan-activity;sid:84720235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.168.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857134/; classtype:trojan-activity;sid:84720234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.138.179.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857133/; classtype:trojan-activity;sid:84720233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.229.184.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857132/; classtype:trojan-activity;sid:84720232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.70.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857131/; classtype:trojan-activity;sid:84720231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.70.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857130/; classtype:trojan-activity;sid:84720230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.232.32.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857129/; classtype:trojan-activity;sid:84720229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.171.168.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857128/; classtype:trojan-activity;sid:84720228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.229.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857127/; classtype:trojan-activity;sid:84720227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.147.247.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857126/; classtype:trojan-activity;sid:84720226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0e349f0c-214e-4ea4-b9ea-4a33a8df2163"; depth:37; endswith; nocase; http.host; content:"nxbided.bakhtbetyek.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857125/; classtype:trojan-activity;sid:84720225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.229.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857124/; classtype:trojan-activity;sid:84720224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.232.32.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857123/; classtype:trojan-activity;sid:84720223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857122/; classtype:trojan-activity;sid:84720222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/build/gagol.py/download"; depth:28; endswith; nocase; http.host; content:"store-standoff2-gold.shop"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857121/; classtype:trojan-activity;sid:84720221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=fc4cc581-9ac3-4690-bc4e-8d9ef0255f06"; depth:47; endswith; nocase; http.host; content:"9nwu3map.jetform.football"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857120/; classtype:trojan-activity;sid:84720220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.60.211.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857119/; classtype:trojan-activity;sid:84720219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6a11c383-8b52-471b-ad30-66c66e532d3e"; depth:37; endswith; nocase; http.host; content:"nafnvgy.enf90.app"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857118/; classtype:trojan-activity;sid:84720218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"205.185.121.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857117/; classtype:trojan-activity;sid:84720217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"80.67.33.209"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857116/; classtype:trojan-activity;sid:84720216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.73.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857115/; classtype:trojan-activity;sid:84720215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/white/pool"; depth:11; endswith; nocase; http.host; content:"gloason.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857114/; classtype:trojan-activity;sid:84720214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.222.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857113/; classtype:trojan-activity;sid:84720213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857112/; classtype:trojan-activity;sid:84720212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c800780e-b6b1-46e1-acfa-60a147ec16fd"; depth:37; endswith; nocase; http.host; content:"hshpzhf.digibetyek.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857111/; classtype:trojan-activity;sid:84720211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.60.211.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857110/; classtype:trojan-activity;sid:84720210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.78.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857109/; classtype:trojan-activity;sid:84720209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.120.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857108/; classtype:trojan-activity;sid:84720208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.181.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857107/; classtype:trojan-activity;sid:84720207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.124.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857106/; classtype:trojan-activity;sid:84720206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.101.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857105/; classtype:trojan-activity;sid:84720205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.78.216"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857104/; classtype:trojan-activity;sid:84720204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/824d4700-d89e-4db5-a08e-474d1724fa1c"; depth:37; endswith; nocase; http.host; content:"olftxqs.dgyekbet1.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857103/; classtype:trojan-activity;sid:84720203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.146.92.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857102/; classtype:trojan-activity;sid:84720202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.244.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857101/; classtype:trojan-activity;sid:84720201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.55.198.100"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857100/; classtype:trojan-activity;sid:84720200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.181.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857099/; classtype:trojan-activity;sid:84720199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.146.185.217"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857098/; classtype:trojan-activity;sid:84720198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.237.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857097/; classtype:trojan-activity;sid:84720197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsle"; depth:7; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857096/; classtype:trojan-activity;sid:84720196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857094/; classtype:trojan-activity;sid:84720194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/android_arm64"; depth:14; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857095/; classtype:trojan-activity;sid:84720195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857085/; classtype:trojan-activity;sid:84720185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857086/; classtype:trojan-activity;sid:84720186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i386"; depth:5; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857087/; classtype:trojan-activity;sid:84720187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857088/; classtype:trojan-activity;sid:84720188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857089/; classtype:trojan-activity;sid:84720189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm64"; depth:6; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857090/; classtype:trojan-activity;sid:84720190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857091/; classtype:trojan-activity;sid:84720191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857092/; classtype:trojan-activity;sid:84720192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/android_arm"; depth:12; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857093/; classtype:trojan-activity;sid:84720193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.exe"; depth:8; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857084/; classtype:trojan-activity;sid:84720184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"192.142.55.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857083/; classtype:trojan-activity;sid:84720183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.132.54"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857082/; classtype:trojan-activity;sid:84720182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.154.7.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857081/; classtype:trojan-activity;sid:84720181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.146.185.217"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857080/; classtype:trojan-activity;sid:84720180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.244.80"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857079/; classtype:trojan-activity;sid:84720179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.101.252"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857078/; classtype:trojan-activity;sid:84720178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=99515c7a-475a-4b75-bea0-f1d258e816bd"; depth:47; endswith; nocase; http.host; content:"a1bpvfc4.enfejar2.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857077/; classtype:trojan-activity;sid:84720177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2a44a4d5-075e-4bb3-bb55-befa26f7613b"; depth:37; endswith; nocase; http.host; content:"dobboeu.channelsbetyek.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857076/; classtype:trojan-activity;sid:84720176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.154.7.81"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857075/; classtype:trojan-activity;sid:84720175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.55.198.100"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857074/; classtype:trojan-activity;sid:84720174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857073/; classtype:trojan-activity;sid:84720173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857072/; classtype:trojan-activity;sid:84720172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857068/; classtype:trojan-activity;sid:84720168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857069/; classtype:trojan-activity;sid:84720169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857070/; classtype:trojan-activity;sid:84720170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.spc"; depth:20; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857071/; classtype:trojan-activity;sid:84720171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857067/; classtype:trojan-activity;sid:84720167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857061/; classtype:trojan-activity;sid:84720161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857062/; classtype:trojan-activity;sid:84720162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857063/; classtype:trojan-activity;sid:84720163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857064/; classtype:trojan-activity;sid:84720164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857065/; classtype:trojan-activity;sid:84720165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"185.91.127.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857066/; classtype:trojan-activity;sid:84720166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.126.95"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857060/; classtype:trojan-activity;sid:84720160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c5a512e2-588f-431d-ab3f-9493d859f609"; depth:47; endswith; nocase; http.host; content:"509ukk9c.enf90.vip"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857059/; classtype:trojan-activity;sid:84720159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.14.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857058/; classtype:trojan-activity;sid:84720158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.107.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857057/; classtype:trojan-activity;sid:84720157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.56.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857056/; classtype:trojan-activity;sid:84720156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.245.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857055/; classtype:trojan-activity;sid:84720155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.6.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857054/; classtype:trojan-activity;sid:84720154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59bcd6cd-0ae9-458b-bd68-ba5ccfda1c90"; depth:37; endswith; nocase; http.host; content:"agqjwmu.betyekritzo.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857053/; classtype:trojan-activity;sid:84720153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.6.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857052/; classtype:trojan-activity;sid:84720152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.56.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857051/; classtype:trojan-activity;sid:84720151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.119.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857050/; classtype:trojan-activity;sid:84720150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.77.24.7"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857049/; classtype:trojan-activity;sid:84720149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.145.162.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857048/; classtype:trojan-activity;sid:84720148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.19.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857047/; classtype:trojan-activity;sid:84720147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.247.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857046/; classtype:trojan-activity;sid:84720146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857045/; classtype:trojan-activity;sid:84720145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/besnakker.asd"; depth:14; endswith; nocase; http.host; content:"192.227.135.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857040/; classtype:trojan-activity;sid:84720140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arc"; depth:8; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857041/; classtype:trojan-activity;sid:84720141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsrouter"; depth:15; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857042/; classtype:trojan-activity;sid:84720142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857043/; classtype:trojan-activity;sid:84720143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv6l"; depth:11; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857044/; classtype:trojan-activity;sid:84720144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spiral.deploy"; depth:14; endswith; nocase; http.host; content:"192.227.135.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857039/; classtype:trojan-activity;sid:84720139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i486"; depth:9; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857027/; classtype:trojan-activity;sid:84720127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv4l"; depth:11; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857028/; classtype:trojan-activity;sid:84720128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857029/; classtype:trojan-activity;sid:84720129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.aarch64"; depth:12; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857030/; classtype:trojan-activity;sid:84720130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.powerpc"; depth:12; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857031/; classtype:trojan-activity;sid:84720131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857032/; classtype:trojan-activity;sid:84720132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv5l"; depth:11; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857033/; classtype:trojan-activity;sid:84720133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv7l"; depth:11; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857034/; classtype:trojan-activity;sid:84720134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"cnc.reaperc2.xyz"; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857035/; classtype:trojan-activity;sid:84720135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bestinksp.fla"; depth:14; endswith; nocase; http.host; content:"192.227.135.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857036/; classtype:trojan-activity;sid:84720136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wpmuqhqbhlougrxdqymvucgbw188.bin"; depth:33; endswith; nocase; http.host; content:"192.227.135.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857037/; classtype:trojan-activity;sid:84720137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngokjlj97.bin"; depth:14; endswith; nocase; http.host; content:"192.227.135.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857038/; classtype:trojan-activity;sid:84720138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntp"; depth:4; endswith; nocase; http.host; content:"198.98.50.94"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857024/; classtype:trojan-activity;sid:84720124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get"; depth:4; endswith; nocase; http.host; content:"198.98.50.94"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857025/; classtype:trojan-activity;sid:84720125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/check"; depth:6; endswith; nocase; http.host; content:"198.98.50.94"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857026/; classtype:trojan-activity;sid:84720126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"198.98.55.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857023/; classtype:trojan-activity;sid:84720123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.60.89"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857022/; classtype:trojan-activity;sid:84720122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6091fc26-08a9-4cbe-b279-d7686055ee74"; depth:37; endswith; nocase; http.host; content:"qxvudcz.bet1bartar.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857021/; classtype:trojan-activity;sid:84720121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.77.24.7"; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857020/; classtype:trojan-activity;sid:84720120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.54.119.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857019/; classtype:trojan-activity;sid:84720119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.211.13"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857018/; classtype:trojan-activity;sid:84720118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.193.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857017/; classtype:trojan-activity;sid:84720117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.83.69"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857016/; classtype:trojan-activity;sid:84720116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.16.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857015/; classtype:trojan-activity;sid:84720115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.16.149"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857014/; classtype:trojan-activity;sid:84720114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9708a2cf-caf8-4e10-b4ad-102be7310d44"; depth:37; endswith; nocase; http.host; content:"ebzwaki.bakhtbetyek.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857013/; classtype:trojan-activity;sid:84720113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.193.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857012/; classtype:trojan-activity;sid:84720112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.60.89"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857011/; classtype:trojan-activity;sid:84720111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857010/; classtype:trojan-activity;sid:84720110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f8140b65-7930-4eb2-b451-008d71f37b68"; depth:47; endswith; nocase; http.host; content:"6feq96px.eutoor.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857009/; classtype:trojan-activity;sid:84720109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.124.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857008/; classtype:trojan-activity;sid:84720108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857007/; classtype:trojan-activity;sid:84720107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.83.69"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857006/; classtype:trojan-activity;sid:84720106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.74.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857005/; classtype:trojan-activity;sid:84720105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b1213466-88a8-4f47-b9ed-a6e218719e2c"; depth:37; endswith; nocase; http.host; content:"vumobeb.bakhtazmaeii.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857004/; classtype:trojan-activity;sid:84720104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.211.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857003/; classtype:trojan-activity;sid:84720103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.190.165"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857002/; classtype:trojan-activity;sid:84720102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.224.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857001/; classtype:trojan-activity;sid:84720101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.149.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857000/; classtype:trojan-activity;sid:84720100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm"; depth:13; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856999/; classtype:trojan-activity;sid:84720099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mips"; depth:14; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856992/; classtype:trojan-activity;sid:84720092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/spc"; depth:13; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856993/; classtype:trojan-activity;sid:84720093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/mpsl"; depth:14; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856994/; classtype:trojan-activity;sid:84720094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/m68k"; depth:14; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856995/; classtype:trojan-activity;sid:84720095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arc"; depth:13; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856996/; classtype:trojan-activity;sid:84720096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm6"; depth:14; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856997/; classtype:trojan-activity;sid:84720097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/sh4"; depth:13; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856998/; classtype:trojan-activity;sid:84720098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86"; depth:13; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856988/; classtype:trojan-activity;sid:84720088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test.sh"; depth:8; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856989/; classtype:trojan-activity;sid:84720089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/ppc"; depth:13; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856990/; classtype:trojan-activity;sid:84720090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/x86_64"; depth:16; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856991/; classtype:trojan-activity;sid:84720091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm5"; depth:14; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856987/; classtype:trojan-activity;sid:84720087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2ea4362b-fcb2-475f-84ec-8918ae4fefeb"; depth:47; endswith; nocase; http.host; content:"klga3rph.easyprocode.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856986/; classtype:trojan-activity;sid:84720086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.exe"; depth:6; endswith; nocase; http.host; content:"103.231.14.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856984/; classtype:trojan-activity;sid:84720084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/11.exe"; depth:7; endswith; nocase; http.host; content:"103.231.14.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856985/; classtype:trojan-activity;sid:84720085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/win.exe"; depth:8; endswith; nocase; http.host; content:"103.231.14.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856983/; classtype:trojan-activity;sid:84720083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"1.62.250.51"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856982/; classtype:trojan-activity;sid:84720082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e7ef8209-38d5-4fa9-b9e4-df3ed0733ace"; depth:37; endswith; nocase; http.host; content:"xzhuzft.asyabet303.bet"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856981/; classtype:trojan-activity;sid:84720081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.130.208.219"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856980/; classtype:trojan-activity;sid:84720080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.233.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856979/; classtype:trojan-activity;sid:84720079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"1.62.250.51"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856978/; classtype:trojan-activity;sid:84720078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemcl/arm7"; depth:14; endswith; nocase; http.host; content:"160.30.18.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856977/; classtype:trojan-activity;sid:84720077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.196.29.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856976/; classtype:trojan-activity;sid:84720076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.199.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856975/; classtype:trojan-activity;sid:84720075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.79.135.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856974/; classtype:trojan-activity;sid:84720074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.230.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856973/; classtype:trojan-activity;sid:84720073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856972/; classtype:trojan-activity;sid:84720072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/78117727-71d5-4e3a-be82-3e3438478e90"; depth:37; endswith; nocase; http.host; content:"pzacsqp.ariash.art"; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856971/; classtype:trojan-activity;sid:84720071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"46.158.238.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856970/; classtype:trojan-activity;sid:84720070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.79.135.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856969/; classtype:trojan-activity;sid:84720069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.196.29.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856968/; classtype:trojan-activity;sid:84720068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.82.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856967/; classtype:trojan-activity;sid:84720067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.233.95"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856966/; classtype:trojan-activity;sid:84720066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.26.110.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856965/; classtype:trojan-activity;sid:84720065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.61.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856964/; classtype:trojan-activity;sid:84720064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.87.54"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856963/; classtype:trojan-activity;sid:84720063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.138.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856962/; classtype:trojan-activity;sid:84720062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.100.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856961/; classtype:trojan-activity;sid:84720061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856960/; classtype:trojan-activity;sid:84720060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.173.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856959/; classtype:trojan-activity;sid:84720059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.133.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856958/; classtype:trojan-activity;sid:84720058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/86cd6bb4-03a3-46ed-8019-9f904ffad8bd"; depth:37; endswith; nocase; http.host; content:"jkjcrqj.21pasoor.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856957/; classtype:trojan-activity;sid:84720057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.87.54"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856956/; classtype:trojan-activity;sid:84720056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856955/; classtype:trojan-activity;sid:84720055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.26.110.3"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856954/; classtype:trojan-activity;sid:84720054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.126.95"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856953/; classtype:trojan-activity;sid:84720053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.61.147"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856952/; classtype:trojan-activity;sid:84720052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.100.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856951/; classtype:trojan-activity;sid:84720051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856950/; classtype:trojan-activity;sid:84720050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.167.175.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856949/; classtype:trojan-activity;sid:84720049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ba3bd6aa-fbe6-480e-aa33-8a13e43c19fc"; depth:37; endswith; nocase; http.host; content:"vzfelbc.1shartbet1.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856947/; classtype:trojan-activity;sid:84720047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=199bce10-7ddf-4388-af4c-7bc72a2984c1"; depth:47; endswith; nocase; http.host; content:"p4nkss83.alsulmicpa.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856948/; classtype:trojan-activity;sid:84720048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.84.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856946/; classtype:trojan-activity;sid:84720046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.248.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856945/; classtype:trojan-activity;sid:84720045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.40.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856944/; classtype:trojan-activity;sid:84720044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.204.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856943/; classtype:trojan-activity;sid:84720043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfceb72a-5f68-4317-b7a5-6619424887c8"; depth:37; endswith; nocase; http.host; content:"aehcwen.123betyek.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856942/; classtype:trojan-activity;sid:84720042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.84.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856941/; classtype:trojan-activity;sid:84720041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.213.224.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856940/; classtype:trojan-activity;sid:84720040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.65.248.48"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856939/; classtype:trojan-activity;sid:84720039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.204.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856938/; classtype:trojan-activity;sid:84720038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.61.150.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856937/; classtype:trojan-activity;sid:84720037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.61.150.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856936/; classtype:trojan-activity;sid:84720036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.61.149.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856935/; classtype:trojan-activity;sid:84720035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.79.46"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856934/; classtype:trojan-activity;sid:84720034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.238.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856933/; classtype:trojan-activity;sid:84720033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/08a30c49-a0e8-4490-a983-cf10b66c774c"; depth:37; endswith; nocase; http.host; content:"seahohx.saas-systems.hu"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856932/; classtype:trojan-activity;sid:84720032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.73.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856929/; classtype:trojan-activity;sid:84720029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.72.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856930/; classtype:trojan-activity;sid:84720030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.89.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856931/; classtype:trojan-activity;sid:84720031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.91.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856926/; classtype:trojan-activity;sid:84720026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.89.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856927/; classtype:trojan-activity;sid:84720027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.89.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856928/; classtype:trojan-activity;sid:84720028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.89.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856923/; classtype:trojan-activity;sid:84720023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"216.126.225.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856924/; classtype:trojan-activity;sid:84720024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.90.113"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856925/; classtype:trojan-activity;sid:84720025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.91.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856922/; classtype:trojan-activity;sid:84720022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.89.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856917/; classtype:trojan-activity;sid:84720017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.91.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856918/; classtype:trojan-activity;sid:84720018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"216.126.225.174"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856919/; classtype:trojan-activity;sid:84720019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.72.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856920/; classtype:trojan-activity;sid:84720020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.89.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856921/; classtype:trojan-activity;sid:84720021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.73.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856915/; classtype:trojan-activity;sid:84720015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.91.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856916/; classtype:trojan-activity;sid:84720016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.24.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856914/; classtype:trojan-activity;sid:84720014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.238.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856913/; classtype:trojan-activity;sid:84720013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.181.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856912/; classtype:trojan-activity;sid:84720012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.74.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856911/; classtype:trojan-activity;sid:84720011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.exe"; depth:12; endswith; nocase; http.host; content:"172.86.110.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856910/; classtype:trojan-activity;sid:84720010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.200.211.88"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856909/; classtype:trojan-activity;sid:84720009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.114.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856908/; classtype:trojan-activity;sid:84720008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.114.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856907/; classtype:trojan-activity;sid:84720007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.126.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856906/; classtype:trojan-activity;sid:84720006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"172.86.116.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856905/; classtype:trojan-activity;sid:84720005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.116.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856903/; classtype:trojan-activity;sid:84720003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"172.86.126.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856904/; classtype:trojan-activity;sid:84720004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d3db2c84-0f86-4b3d-a385-992425d75d5e"; depth:37; endswith; nocase; http.host; content:"vxpkpgb.khaled-salah.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856902/; classtype:trojan-activity;sid:84720002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.24.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856901/; classtype:trojan-activity;sid:84720001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.149.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856900/; classtype:trojan-activity;sid:84720000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.74.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856899/; classtype:trojan-activity;sid:84719999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=684568bb-ac22-403e-93ad-1f68a27ffc45"; depth:47; endswith; nocase; http.host; content:"99ytipqf.mayochem.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856898/; classtype:trojan-activity;sid:84719998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.97.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856897/; classtype:trojan-activity;sid:84719997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.114.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856896/; classtype:trojan-activity;sid:84719996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.94.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856895/; classtype:trojan-activity;sid:84719995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.96.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856894/; classtype:trojan-activity;sid:84719994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.100.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856893/; classtype:trojan-activity;sid:84719993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"167.88.165.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856891/; classtype:trojan-activity;sid:84719991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.96.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856892/; classtype:trojan-activity;sid:84719992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"144.172.110.70"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856890/; classtype:trojan-activity;sid:84719990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.96.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856884/; classtype:trojan-activity;sid:84719984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.110.70"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856885/; classtype:trojan-activity;sid:84719985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.114.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856886/; classtype:trojan-activity;sid:84719986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.96.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856887/; classtype:trojan-activity;sid:84719987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"144.172.97.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856888/; classtype:trojan-activity;sid:84719988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"167.88.165.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856889/; classtype:trojan-activity;sid:84719989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.23.137.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856883/; classtype:trojan-activity;sid:84719983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.103.116.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856882/; classtype:trojan-activity;sid:84719982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856881/; classtype:trojan-activity;sid:84719981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/74ccd449-fc14-4086-bc87-221639e83da1"; depth:37; endswith; nocase; http.host; content:"dqtglfv.goldledgers.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856880/; classtype:trojan-activity;sid:84719980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.100.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856878/; classtype:trojan-activity;sid:84719978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.135.153.0"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856879/; classtype:trojan-activity;sid:84719979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.23.137.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856877/; classtype:trojan-activity;sid:84719977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.224.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856876/; classtype:trojan-activity;sid:84719976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.149.123.249"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856875/; classtype:trojan-activity;sid:84719975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.181.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856874/; classtype:trojan-activity;sid:84719974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.104.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856873/; classtype:trojan-activity;sid:84719973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.224.133"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856872/; classtype:trojan-activity;sid:84719972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.178.251.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856871/; classtype:trojan-activity;sid:84719971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/861b784c-0af3-45da-804b-940447a5752a"; depth:37; endswith; nocase; http.host; content:"kctwkqq.airtechmedical.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856870/; classtype:trojan-activity;sid:84719970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.23.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856869/; classtype:trojan-activity;sid:84719969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"183.149.123.249"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856868/; classtype:trojan-activity;sid:84719968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"104.194.132.138"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856867/; classtype:trojan-activity;sid:84719967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"104.194.132.138"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856866/; classtype:trojan-activity;sid:84719966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.140.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856865/; classtype:trojan-activity;sid:84719965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.23.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856864/; classtype:trojan-activity;sid:84719964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856862/; classtype:trojan-activity;sid:84719962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.78.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856863/; classtype:trojan-activity;sid:84719963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856861/; classtype:trojan-activity;sid:84719961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856855/; classtype:trojan-activity;sid:84719955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856856/; classtype:trojan-activity;sid:84719956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856857/; classtype:trojan-activity;sid:84719957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856858/; classtype:trojan-activity;sid:84719958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856859/; classtype:trojan-activity;sid:84719959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856860/; classtype:trojan-activity;sid:84719960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856854/; classtype:trojan-activity;sid:84719954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856851/; classtype:trojan-activity;sid:84719951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856852/; classtype:trojan-activity;sid:84719952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856853/; classtype:trojan-activity;sid:84719953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856848/; classtype:trojan-activity;sid:84719948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856849/; classtype:trojan-activity;sid:84719949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856850/; classtype:trojan-activity;sid:84719950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.157.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856847/; classtype:trojan-activity;sid:84719947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856846/; classtype:trojan-activity;sid:84719946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856839/; classtype:trojan-activity;sid:84719939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856840/; classtype:trojan-activity;sid:84719940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856841/; classtype:trojan-activity;sid:84719941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856842/; classtype:trojan-activity;sid:84719942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856843/; classtype:trojan-activity;sid:84719943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856844/; classtype:trojan-activity;sid:84719944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856845/; classtype:trojan-activity;sid:84719945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856838/; classtype:trojan-activity;sid:84719938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856836/; classtype:trojan-activity;sid:84719936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856837/; classtype:trojan-activity;sid:84719937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856835/; classtype:trojan-activity;sid:84719935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.200.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856833/; classtype:trojan-activity;sid:84719933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.200.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856834/; classtype:trojan-activity;sid:84719934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.i586"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856832/; classtype:trojan-activity;sid:84719932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.arm4"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856829/; classtype:trojan-activity;sid:84719929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.ppc"; depth:199; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856830/; classtype:trojan-activity;sid:84719930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.i686"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856831/; classtype:trojan-activity;sid:84719931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.arm7"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856826/; classtype:trojan-activity;sid:84719926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.m68k"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856827/; classtype:trojan-activity;sid:84719927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.sparc"; depth:201; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856828/; classtype:trojan-activity;sid:84719928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.mpsl"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856820/; classtype:trojan-activity;sid:84719920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.arm5"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856821/; classtype:trojan-activity;sid:84719921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.arm6"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856822/; classtype:trojan-activity;sid:84719922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.mips"; depth:200; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856823/; classtype:trojan-activity;sid:84719923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.x86"; depth:199; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856824/; classtype:trojan-activity;sid:84719924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyouniggaa1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16ackerposidensfurhersploithackedyounigga1h2a3h4a5h6a7h8a9h10a11h12a13h14a15h16.sh4"; depth:199; endswith; nocase; http.host; content:"185.220.177.59"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856825/; classtype:trojan-activity;sid:84719925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.m68k"; depth:9; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856819/; classtype:trojan-activity;sid:84719919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.arc"; depth:8; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856818/; classtype:trojan-activity;sid:84719918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mips"; depth:9; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856817/; classtype:trojan-activity;sid:84719917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsel"; depth:11; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856811/; classtype:trojan-activity;sid:84719911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv6l"; depth:11; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856812/; classtype:trojan-activity;sid:84719912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.i486"; depth:9; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856813/; classtype:trojan-activity;sid:84719913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856814/; classtype:trojan-activity;sid:84719914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.mipsrouter"; depth:15; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856815/; classtype:trojan-activity;sid:84719915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv5l"; depth:11; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856816/; classtype:trojan-activity;sid:84719916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.72.76"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856809/; classtype:trojan-activity;sid:84719909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atomic/main_x86_64"; depth:19; endswith; nocase; http.host; content:"176.65.139.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856810/; classtype:trojan-activity;sid:84719910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.powerpc"; depth:12; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856808/; classtype:trojan-activity;sid:84719908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv4l"; depth:11; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856807/; classtype:trojan-activity;sid:84719907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.x86_64"; depth:11; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856803/; classtype:trojan-activity;sid:84719903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.aarch64"; depth:12; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856804/; classtype:trojan-activity;sid:84719904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.armv7l"; depth:11; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856805/; classtype:trojan-activity;sid:84719905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot.sh4"; depth:8; endswith; nocase; http.host; content:"176.65.139.18"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856806/; classtype:trojan-activity;sid:84719906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856801/; classtype:trojan-activity;sid:84719901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856802/; classtype:trojan-activity;sid:84719902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856800/; classtype:trojan-activity;sid:84719900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856799/; classtype:trojan-activity;sid:84719899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856791/; classtype:trojan-activity;sid:84719891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856792/; classtype:trojan-activity;sid:84719892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856793/; classtype:trojan-activity;sid:84719893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856794/; classtype:trojan-activity;sid:84719894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856795/; classtype:trojan-activity;sid:84719895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856796/; classtype:trojan-activity;sid:84719896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856797/; classtype:trojan-activity;sid:84719897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"176.65.139.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856798/; classtype:trojan-activity;sid:84719898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.i6"; depth:9; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856789/; classtype:trojan-activity;sid:84719889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.arm7"; depth:11; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856790/; classtype:trojan-activity;sid:84719890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow"; depth:5; endswith; nocase; http.host; content:"34.86.81.254"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856788/; classtype:trojan-activity;sid:84719888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.x86"; depth:10; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856784/; classtype:trojan-activity;sid:84719884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.spc"; depth:10; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856785/; classtype:trojan-activity;sid:84719885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow"; depth:5; endswith; nocase; http.host; content:"35.237.91.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856786/; classtype:trojan-activity;sid:84719886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meowarm64"; depth:10; endswith; nocase; http.host; content:"35.237.91.38"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856787/; classtype:trojan-activity;sid:84719887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.mips"; depth:11; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856779/; classtype:trojan-activity;sid:84719879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.mpsl"; depth:11; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856780/; classtype:trojan-activity;sid:84719880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.arm6"; depth:11; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856781/; classtype:trojan-activity;sid:84719881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.arm"; depth:10; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856782/; classtype:trojan-activity;sid:84719882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvgbh.arm5"; depth:11; endswith; nocase; http.host; content:"144.172.88.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856783/; classtype:trojan-activity;sid:84719883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_fce2084e068f51c7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856776/; classtype:trojan-activity;sid:84719876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c3a04d0ec5a6a4c7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856777/; classtype:trojan-activity;sid:84719877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_556fb6444bf472a8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856778/; classtype:trojan-activity;sid:84719878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.33.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856774/; classtype:trojan-activity;sid:84719874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.39.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856775/; classtype:trojan-activity;sid:84719875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.119.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856773/; classtype:trojan-activity;sid:84719873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856767/; classtype:trojan-activity;sid:84719867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856768/; classtype:trojan-activity;sid:84719868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856769/; classtype:trojan-activity;sid:84719869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856770/; classtype:trojan-activity;sid:84719870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856771/; classtype:trojan-activity;sid:84719871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856772/; classtype:trojan-activity;sid:84719872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856760/; classtype:trojan-activity;sid:84719860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856761/; classtype:trojan-activity;sid:84719861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856762/; classtype:trojan-activity;sid:84719862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856763/; classtype:trojan-activity;sid:84719863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856764/; classtype:trojan-activity;sid:84719864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856765/; classtype:trojan-activity;sid:84719865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856766/; classtype:trojan-activity;sid:84719866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"176.65.139.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856759/; classtype:trojan-activity;sid:84719859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856755/; classtype:trojan-activity;sid:84719855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856756/; classtype:trojan-activity;sid:84719856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856757/; classtype:trojan-activity;sid:84719857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856758/; classtype:trojan-activity;sid:84719858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856750/; classtype:trojan-activity;sid:84719850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856751/; classtype:trojan-activity;sid:84719851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856752/; classtype:trojan-activity;sid:84719852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856753/; classtype:trojan-activity;sid:84719853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856754/; classtype:trojan-activity;sid:84719854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856749/; classtype:trojan-activity;sid:84719849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856748/; classtype:trojan-activity;sid:84719848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856745/; classtype:trojan-activity;sid:84719845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856746/; classtype:trojan-activity;sid:84719846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856747/; classtype:trojan-activity;sid:84719847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.141.238"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856744/; classtype:trojan-activity;sid:84719844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856743/; classtype:trojan-activity;sid:84719843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856736/; classtype:trojan-activity;sid:84719836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856737/; classtype:trojan-activity;sid:84719837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856738/; classtype:trojan-activity;sid:84719838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856739/; classtype:trojan-activity;sid:84719839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856740/; classtype:trojan-activity;sid:84719840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856741/; classtype:trojan-activity;sid:84719841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856742/; classtype:trojan-activity;sid:84719842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856734/; classtype:trojan-activity;sid:84719834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856735/; classtype:trojan-activity;sid:84719835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.72.76"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856733/; classtype:trojan-activity;sid:84719833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm5"; depth:13; endswith; nocase; http.host; content:"176.65.139.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856731/; classtype:trojan-activity;sid:84719831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mips"; depth:13; endswith; nocase; http.host; content:"176.65.139.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856732/; classtype:trojan-activity;sid:84719832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm"; depth:12; endswith; nocase; http.host; content:"176.65.139.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856727/; classtype:trojan-activity;sid:84719827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm6"; depth:13; endswith; nocase; http.host; content:"176.65.139.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856728/; classtype:trojan-activity;sid:84719828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.mpsl"; depth:13; endswith; nocase; http.host; content:"176.65.139.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856729/; classtype:trojan-activity;sid:84719829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.194.50.3"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856730/; classtype:trojan-activity;sid:84719830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rebirth.arm7"; depth:13; endswith; nocase; http.host; content:"176.65.139.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856726/; classtype:trojan-activity;sid:84719826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.31.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856725/; classtype:trojan-activity;sid:84719825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.39.240"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856724/; classtype:trojan-activity;sid:84719824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.68.160.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856723/; classtype:trojan-activity;sid:84719823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a2243150-cc50-4006-9370-f79f6f86a19c"; depth:37; endswith; nocase; http.host; content:"gozilwl.overlokcu.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856722/; classtype:trojan-activity;sid:84719822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.255.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856721/; classtype:trojan-activity;sid:84719821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d39b619c-3bd5-4ec8-8969-e18007fa194f"; depth:47; endswith; nocase; http.host; content:"gnetier6.hegong-tools.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856720/; classtype:trojan-activity;sid:84719820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/715789d8-bc15-412c-a051-92b3260d4ceb"; depth:37; endswith; nocase; http.host; content:"ekqtbnv.overlokcu.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856719/; classtype:trojan-activity;sid:84719819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.115.158"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856718/; classtype:trojan-activity;sid:84719818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.255.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856717/; classtype:trojan-activity;sid:84719817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.115.158"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856716/; classtype:trojan-activity;sid:84719816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.213.224.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856715/; classtype:trojan-activity;sid:84719815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.90.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856714/; classtype:trojan-activity;sid:84719814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856713/; classtype:trojan-activity;sid:84719813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.68.160.180"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856712/; classtype:trojan-activity;sid:84719812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.72.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856711/; classtype:trojan-activity;sid:84719811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.119.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856710/; classtype:trojan-activity;sid:84719810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.72.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856709/; classtype:trojan-activity;sid:84719809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.90.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856708/; classtype:trojan-activity;sid:84719808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.130.43"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856707/; classtype:trojan-activity;sid:84719807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1213b518-d1f0-4692-a104-ca3798427778"; depth:37; endswith; nocase; http.host; content:"xelecqe.yutongdrying.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856706/; classtype:trojan-activity;sid:84719806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.254.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856705/; classtype:trojan-activity;sid:84719805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c69d9fa5-c6eb-4c5f-958b-487d884f3342"; depth:37; endswith; nocase; http.host; content:"apgagls.bonuliautoparts.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856704/; classtype:trojan-activity;sid:84719804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.254.177"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856703/; classtype:trojan-activity;sid:84719803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.147.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856702/; classtype:trojan-activity;sid:84719802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.130.43"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856701/; classtype:trojan-activity;sid:84719801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.152.46"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856700/; classtype:trojan-activity;sid:84719800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5082969b-50c5-4dbd-a5fd-8bd2ed22e582"; depth:37; endswith; nocase; http.host; content:"dufnsng.daqotransformers.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856699/; classtype:trojan-activity;sid:84719799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.161.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856698/; classtype:trojan-activity;sid:84719798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.147.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856697/; classtype:trojan-activity;sid:84719797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.216.48.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856696/; classtype:trojan-activity;sid:84719796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.23.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856695/; classtype:trojan-activity;sid:84719795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.56.177"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856694/; classtype:trojan-activity;sid:84719794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=553a8eff-4b41-4a73-9247-2a79de626e81"; depth:47; endswith; nocase; http.host; content:"mjvdhq4d.destek1.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856693/; classtype:trojan-activity;sid:84719793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856688/; classtype:trojan-activity;sid:84719788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856689/; classtype:trojan-activity;sid:84719789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink"; depth:7; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856690/; classtype:trojan-activity;sid:84719790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856691/; classtype:trojan-activity;sid:84719791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"31.56.209.220"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856692/; classtype:trojan-activity;sid:84719792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.186.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856687/; classtype:trojan-activity;sid:84719787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2315bb24-f5d0-49fd-bb5a-351e28d89557"; depth:37; endswith; nocase; http.host; content:"kdwuzpk.yutongdrying.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856686/; classtype:trojan-activity;sid:84719786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.5.56.177"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856685/; classtype:trojan-activity;sid:84719785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.161.97"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856684/; classtype:trojan-activity;sid:84719784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.176.77"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856683/; classtype:trojan-activity;sid:84719783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.147.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856682/; classtype:trojan-activity;sid:84719782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.23.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856681/; classtype:trojan-activity;sid:84719781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.186.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856680/; classtype:trojan-activity;sid:84719780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ce78b476-61c7-4fd9-b8d1-e60d6e15ccf7"; depth:37; endswith; nocase; http.host; content:"nozeunl.xfgautoparts.com"; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856679/; classtype:trojan-activity;sid:84719779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.176.77"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856678/; classtype:trojan-activity;sid:84719778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.41.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856677/; classtype:trojan-activity;sid:84719777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"106.58.23.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856676/; classtype:trojan-activity;sid:84719776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a580b70a-241b-4d0c-916d-cba8d560d772"; depth:37; endswith; nocase; http.host; content:"mgjfhpa.overlokcu.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856675/; classtype:trojan-activity;sid:84719775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.167.102"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856674/; classtype:trojan-activity;sid:84719774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"106.58.23.116"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856673/; classtype:trojan-activity;sid:84719773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.186.143.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856672/; classtype:trojan-activity;sid:84719772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=42efb428-9eb4-4b0e-bcdc-d8386c8bb3ff"; depth:47; endswith; nocase; http.host; content:"k5k1f5zd.cloudzone.tr"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856671/; classtype:trojan-activity;sid:84719771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/65c67296-8cd6-49d9-868e-22e58b439d4a"; depth:37; endswith; nocase; http.host; content:"isvfuzb.nasbt.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856670/; classtype:trojan-activity;sid:84719770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.170.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856669/; classtype:trojan-activity;sid:84719769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"72.255.30.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856668/; classtype:trojan-activity;sid:84719768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.109.11"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856667/; classtype:trojan-activity;sid:84719767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.186.143.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856666/; classtype:trojan-activity;sid:84719766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.103.116.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856664/; classtype:trojan-activity;sid:84719764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.113.121"; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856665/; classtype:trojan-activity;sid:84719765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.210.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856663/; classtype:trojan-activity;sid:84719763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.1.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856662/; classtype:trojan-activity;sid:84719762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.67.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856661/; classtype:trojan-activity;sid:84719761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87b13776-36fd-4451-8a9f-e49970c0816a"; depth:37; endswith; nocase; http.host; content:"zrcvuwg.ismailnas.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856660/; classtype:trojan-activity;sid:84719760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856658/; classtype:trojan-activity;sid:84719758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pm68k"; depth:11; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856659/; classtype:trojan-activity;sid:84719759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856656/; classtype:trojan-activity;sid:84719756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856657/; classtype:trojan-activity;sid:84719757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856650/; classtype:trojan-activity;sid:84719750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856651/; classtype:trojan-activity;sid:84719751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/psh4"; depth:10; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856652/; classtype:trojan-activity;sid:84719752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856653/; classtype:trojan-activity;sid:84719753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856654/; classtype:trojan-activity;sid:84719754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pspc"; depth:10; endswith; nocase; http.host; content:"176.65.149.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856655/; classtype:trojan-activity;sid:84719755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.88.121"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856649/; classtype:trojan-activity;sid:84719749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"159.255.2.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856648/; classtype:trojan-activity;sid:84719748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.12.183.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856647/; classtype:trojan-activity;sid:84719747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.67.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856646/; classtype:trojan-activity;sid:84719746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.1.39"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856645/; classtype:trojan-activity;sid:84719745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"159.255.2.200"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856644/; classtype:trojan-activity;sid:84719744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.18.41"; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856643/; classtype:trojan-activity;sid:84719743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.208.112.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856642/; classtype:trojan-activity;sid:84719742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.25.123.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856641/; classtype:trojan-activity;sid:84719741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856640/; classtype:trojan-activity;sid:84719740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cf0ada133aee1be5.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856639/; classtype:trojan-activity;sid:84719739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/207a1bd8-f319-4c75-9e21-526dbb0b1972"; depth:37; endswith; nocase; http.host; content:"pljiquv.destek1.com.tr"; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856638/; classtype:trojan-activity;sid:84719738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a574ae5424d55beb.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856637/; classtype:trojan-activity;sid:84719737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.82.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856636/; classtype:trojan-activity;sid:84719736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.210.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856635/; classtype:trojan-activity;sid:84719735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.mips"; depth:9; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856634/; classtype:trojan-activity;sid:84719734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.sparc"; depth:10; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856625/; classtype:trojan-activity;sid:84719725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.armv7l"; depth:11; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856626/; classtype:trojan-activity;sid:84719726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.armv6l"; depth:11; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856627/; classtype:trojan-activity;sid:84719727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.armv5l"; depth:11; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856628/; classtype:trojan-activity;sid:84719728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.sh4"; depth:8; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856629/; classtype:trojan-activity;sid:84719729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.armv4l"; depth:11; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856630/; classtype:trojan-activity;sid:84719730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.mipsrouter"; depth:15; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856631/; classtype:trojan-activity;sid:84719731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.x86"; depth:8; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856632/; classtype:trojan-activity;sid:84719732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.m68k"; depth:9; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856633/; classtype:trojan-activity;sid:84719733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gov.mipsel"; depth:11; endswith; nocase; http.host; content:"46.23.108.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856624/; classtype:trojan-activity;sid:84719724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.113.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856623/; classtype:trojan-activity;sid:84719723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07d524be-4d73-44b6-9aaf-233ad274ca1d"; depth:37; endswith; nocase; http.host; content:"ykrtpwu.destek1.com.tr"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856622/; classtype:trojan-activity;sid:84719722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.86.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856621/; classtype:trojan-activity;sid:84719721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.186.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856620/; classtype:trojan-activity;sid:84719720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.74.196.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856619/; classtype:trojan-activity;sid:84719719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.147.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856618/; classtype:trojan-activity;sid:84719718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.59.236.41"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856616/; classtype:trojan-activity;sid:84719716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.86.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856617/; classtype:trojan-activity;sid:84719717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=8be37cea-163b-4a44-93f8-b566be60d54c"; depth:47; endswith; nocase; http.host; content:"1aed1cm5.cloudzone.com.tr"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856615/; classtype:trojan-activity;sid:84719715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.230.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856614/; classtype:trojan-activity;sid:84719714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.186.184"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856613/; classtype:trojan-activity;sid:84719713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856612/; classtype:trojan-activity;sid:84719712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.230.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856611/; classtype:trojan-activity;sid:84719711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/81bce946-a2c8-4eac-b5f7-951ed76b0469"; depth:37; endswith; nocase; http.host; content:"qwimnzu.daqotransformers.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856610/; classtype:trojan-activity;sid:84719710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.145.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856608/; classtype:trojan-activity;sid:84719708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.74.196.175"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856609/; classtype:trojan-activity;sid:84719709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.167.206.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856607/; classtype:trojan-activity;sid:84719707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.59.236.41"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856606/; classtype:trojan-activity;sid:84719706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm7"; depth:8; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856604/; classtype:trojan-activity;sid:84719704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm"; depth:7; endswith; nocase; http.host; content:"159.223.171.245"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856605/; classtype:trojan-activity;sid:84719705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.34.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856603/; classtype:trojan-activity;sid:84719703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8472153909/3fpt6m6.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856602/; classtype:trojan-activity;sid:84719702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uns"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856601/; classtype:trojan-activity;sid:84719701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.31.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856600/; classtype:trojan-activity;sid:84719700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/270485e9-f35f-43b3-b15b-24a9728baf0d"; depth:37; endswith; nocase; http.host; content:"ymfxhto.czhaijiangdrying.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856599/; classtype:trojan-activity;sid:84719699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.167.206.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856598/; classtype:trojan-activity;sid:84719698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.198.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856597/; classtype:trojan-activity;sid:84719697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.32.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856596/; classtype:trojan-activity;sid:84719696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.198.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856595/; classtype:trojan-activity;sid:84719695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.34.132"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856594/; classtype:trojan-activity;sid:84719694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.32.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856593/; classtype:trojan-activity;sid:84719693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.121.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856592/; classtype:trojan-activity;sid:84719692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.233.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856591/; classtype:trojan-activity;sid:84719691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.12.61"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856590/; classtype:trojan-activity;sid:84719690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/619c1eae-65eb-472c-a12a-89dd652361e9"; depth:37; endswith; nocase; http.host; content:"kbbnzve.cnjiaju.vip"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856589/; classtype:trojan-activity;sid:84719689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.199.143"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856588/; classtype:trojan-activity;sid:84719688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.58.231.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856587/; classtype:trojan-activity;sid:84719687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.147.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856586/; classtype:trojan-activity;sid:84719686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.37.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856585/; classtype:trojan-activity;sid:84719685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.116.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856584/; classtype:trojan-activity;sid:84719684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.178.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856583/; classtype:trojan-activity;sid:84719683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.35.88.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856582/; classtype:trojan-activity;sid:84719682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.29.223.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856581/; classtype:trojan-activity;sid:84719681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.186.169.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856580/; classtype:trojan-activity;sid:84719680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.58.231.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856579/; classtype:trojan-activity;sid:84719679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.116.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856578/; classtype:trojan-activity;sid:84719678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/13161bde-2dd2-486c-b878-e3671800ce97"; depth:37; endswith; nocase; http.host; content:"fmqblzz.bonuliautoparts.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856577/; classtype:trojan-activity;sid:84719677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2426627f-a310-444c-b05e-d8d4ebcd3078"; depth:47; endswith; nocase; http.host; content:"eg125q1i.dvfb-vn.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856576/; classtype:trojan-activity;sid:84719676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.178.83"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856575/; classtype:trojan-activity;sid:84719675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.203.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856574/; classtype:trojan-activity;sid:84719674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.159.112"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856573/; classtype:trojan-activity;sid:84719673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"114.35.88.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856572/; classtype:trojan-activity;sid:84719672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.29.223.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856571/; classtype:trojan-activity;sid:84719671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.186.169.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856570/; classtype:trojan-activity;sid:84719670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.226.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856569/; classtype:trojan-activity;sid:84719669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/49dd7ba1-d7d7-4767-a28d-4dc32f0e406b"; depth:37; endswith; nocase; http.host; content:"ldtdyke.allnaparts.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856568/; classtype:trojan-activity;sid:84719668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.153.196.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856567/; classtype:trojan-activity;sid:84719667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.219.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856566/; classtype:trojan-activity;sid:84719666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.57.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856565/; classtype:trojan-activity;sid:84719665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.37.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856564/; classtype:trojan-activity;sid:84719664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.170.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856563/; classtype:trojan-activity;sid:84719663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.4.28"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856562/; classtype:trojan-activity;sid:84719662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.153.196.230"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856561/; classtype:trojan-activity;sid:84719661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.8.230"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856560/; classtype:trojan-activity;sid:84719660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1a330963-0940-415a-9ca2-bbf957728d1b"; depth:37; endswith; nocase; http.host; content:"cuzxamf.airtechmedical.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856559/; classtype:trojan-activity;sid:84719659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.57.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856558/; classtype:trojan-activity;sid:84719658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856557/; classtype:trojan-activity;sid:84719657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.148.135"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856556/; classtype:trojan-activity;sid:84719656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.219.137"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856555/; classtype:trojan-activity;sid:84719655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.118.238.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856554/; classtype:trojan-activity;sid:84719654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.5.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856553/; classtype:trojan-activity;sid:84719653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.37.82"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856552/; classtype:trojan-activity;sid:84719652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.220.145.137"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856551/; classtype:trojan-activity;sid:84719651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.148.135"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856550/; classtype:trojan-activity;sid:84719650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.135.251"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856549/; classtype:trojan-activity;sid:84719649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fd384dc6-babc-46ca-a226-b2dfed76019e"; depth:37; endswith; nocase; http.host; content:"hwfdzzg.lavorcollective.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856548/; classtype:trojan-activity;sid:84719648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.118.238.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856546/; classtype:trojan-activity;sid:84719646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.157.250"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856547/; classtype:trojan-activity;sid:84719647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=10810d6a-4c92-40ea-bbff-84c785288585"; depth:47; endswith; nocase; http.host; content:"252rti6f.letrungkien.info"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856545/; classtype:trojan-activity;sid:84719645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.5.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856544/; classtype:trojan-activity;sid:84719644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12531f8f-6be4-4e2c-9752-c87599fe95cf"; depth:37; endswith; nocase; http.host; content:"ljofonx.muveszetiirasok.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856543/; classtype:trojan-activity;sid:84719643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.128.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856542/; classtype:trojan-activity;sid:84719642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8472153909/hkwqmrm.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856541/; classtype:trojan-activity;sid:84719641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.10.144.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856540/; classtype:trojan-activity;sid:84719640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.153.130.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856539/; classtype:trojan-activity;sid:84719639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1ae59227-5d84-430c-accd-667a5b7399fc"; depth:37; endswith; nocase; http.host; content:"ydqgwej.kortalanmuveszet.hu"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856538/; classtype:trojan-activity;sid:84719638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.109.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856537/; classtype:trojan-activity;sid:84719637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.10.144.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856536/; classtype:trojan-activity;sid:84719636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.153.130.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856535/; classtype:trojan-activity;sid:84719635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.179.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856534/; classtype:trojan-activity;sid:84719634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856533/; classtype:trojan-activity;sid:84719633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856522/; classtype:trojan-activity;sid:84719622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856523/; classtype:trojan-activity;sid:84719623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856524/; classtype:trojan-activity;sid:84719624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856525/; classtype:trojan-activity;sid:84719625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856526/; classtype:trojan-activity;sid:84719626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856527/; classtype:trojan-activity;sid:84719627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856528/; classtype:trojan-activity;sid:84719628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856529/; classtype:trojan-activity;sid:84719629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856530/; classtype:trojan-activity;sid:84719630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856531/; classtype:trojan-activity;sid:84719631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"176.65.149.124"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856532/; classtype:trojan-activity;sid:84719632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"170.233.57.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856521/; classtype:trojan-activity;sid:84719621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.128.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856520/; classtype:trojan-activity;sid:84719620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.231.11.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856519/; classtype:trojan-activity;sid:84719619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.148.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856518/; classtype:trojan-activity;sid:84719618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/29d8ab59-feb0-4779-8b80-7aab295d7aab"; depth:37; endswith; nocase; http.host; content:"bcbjicn.kreativkiteljesedes.hu"; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856517/; classtype:trojan-activity;sid:84719617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.179.213"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856516/; classtype:trojan-activity;sid:84719616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.21.70.189"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856515/; classtype:trojan-activity;sid:84719615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.148.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856514/; classtype:trojan-activity;sid:84719614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ac6d6fe8-fc98-4e87-b4e6-70bb8e134741"; depth:47; endswith; nocase; http.host; content:"iiamtrbo.liketudong.biz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856513/; classtype:trojan-activity;sid:84719613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bc8c6b11-6c7f-4e1e-ac96-ecc5e3a698a1"; depth:37; endswith; nocase; http.host; content:"qksxwop.agivedresphotography.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856512/; classtype:trojan-activity;sid:84719612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.24.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856511/; classtype:trojan-activity;sid:84719611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.18.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856510/; classtype:trojan-activity;sid:84719610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.236.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856509/; classtype:trojan-activity;sid:84719609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.134.225"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856508/; classtype:trojan-activity;sid:84719608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.199.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856507/; classtype:trojan-activity;sid:84719607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.203.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856506/; classtype:trojan-activity;sid:84719606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.18.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856505/; classtype:trojan-activity;sid:84719605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.18.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856504/; classtype:trojan-activity;sid:84719604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.66.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856503/; classtype:trojan-activity;sid:84719603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.66.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856502/; classtype:trojan-activity;sid:84719602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.37.82"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856501/; classtype:trojan-activity;sid:84719601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/afc06485-68a3-43da-9642-37e500fc57e8"; depth:37; endswith; nocase; http.host; content:"dgxarir.artisourlifestyle.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856500/; classtype:trojan-activity;sid:84719600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.236.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856499/; classtype:trojan-activity;sid:84719599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.199.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856498/; classtype:trojan-activity;sid:84719598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.157.165"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856497/; classtype:trojan-activity;sid:84719597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.202.209.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856496/; classtype:trojan-activity;sid:84719596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.130.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856495/; classtype:trojan-activity;sid:84719595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.18.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856494/; classtype:trojan-activity;sid:84719594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.35.226"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856493/; classtype:trojan-activity;sid:84719593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.115.209.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856492/; classtype:trojan-activity;sid:84719592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.223.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856491/; classtype:trojan-activity;sid:84719591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3879c5f9-fafc-40f4-865a-726237a4ba72"; depth:37; endswith; nocase; http.host; content:"anpjcfq.attilahatar.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856490/; classtype:trojan-activity;sid:84719590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.115.209.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856489/; classtype:trojan-activity;sid:84719589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.223.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856488/; classtype:trojan-activity;sid:84719588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.177.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856487/; classtype:trojan-activity;sid:84719587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.243.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856486/; classtype:trojan-activity;sid:84719586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.145.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856485/; classtype:trojan-activity;sid:84719585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.141.238"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856484/; classtype:trojan-activity;sid:84719584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.70.99"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856483/; classtype:trojan-activity;sid:84719583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.228.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856482/; classtype:trojan-activity;sid:84719582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/50b165b7-c2da-4bb4-8970-bb9ce3ca76e7"; depth:37; endswith; nocase; http.host; content:"brvtfsq.designyourlifeinflow.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856481/; classtype:trojan-activity;sid:84719581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.130.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856480/; classtype:trojan-activity;sid:84719580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.67.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856479/; classtype:trojan-activity;sid:84719579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=dd9aecaf-9d95-45a6-ab29-4a231776cee6"; depth:47; endswith; nocase; http.host; content:"as59n9n3.photoshopvn.net"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856478/; classtype:trojan-activity;sid:84719578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_eaacfdc24e3fe21d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856477/; classtype:trojan-activity;sid:84719577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.199.169"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856476/; classtype:trojan-activity;sid:84719576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.228.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856475/; classtype:trojan-activity;sid:84719575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.130.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856474/; classtype:trojan-activity;sid:84719574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.107.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856473/; classtype:trojan-activity;sid:84719573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.99.180.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856472/; classtype:trojan-activity;sid:84719572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1520104a-c0df-40c1-b238-38288d894b70"; depth:37; endswith; nocase; http.host; content:"ohabupw.vapebeat.pk"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856471/; classtype:trojan-activity;sid:84719571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.117.65.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856470/; classtype:trojan-activity;sid:84719570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.127.132"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856469/; classtype:trojan-activity;sid:84719569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.228.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856467/; classtype:trojan-activity;sid:84719567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.19.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856468/; classtype:trojan-activity;sid:84719568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.59.39.141"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856466/; classtype:trojan-activity;sid:84719566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.59.39.141"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856465/; classtype:trojan-activity;sid:84719565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856464/; classtype:trojan-activity;sid:84719564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.174.104.157"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856463/; classtype:trojan-activity;sid:84719563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.99.180.140"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856462/; classtype:trojan-activity;sid:84719562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.119.228.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856461/; classtype:trojan-activity;sid:84719561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.9.171"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856460/; classtype:trojan-activity;sid:84719560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52793b00-3b7e-4e2b-b557-f82cca9023d9"; depth:37; endswith; nocase; http.host; content:"crrgjic.vostrovape.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856459/; classtype:trojan-activity;sid:84719559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.145.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856458/; classtype:trojan-activity;sid:84719558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.55.59.47"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856457/; classtype:trojan-activity;sid:84719557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.9.171"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856456/; classtype:trojan-activity;sid:84719556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.177.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856455/; classtype:trojan-activity;sid:84719555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856454/; classtype:trojan-activity;sid:84719554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.225.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856453/; classtype:trojan-activity;sid:84719553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.239.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856452/; classtype:trojan-activity;sid:84719552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.59.31.192"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856451/; classtype:trojan-activity;sid:84719551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.3.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856450/; classtype:trojan-activity;sid:84719550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=3900284f-2d73-4ddf-a741-db39d31b1f17"; depth:47; endswith; nocase; http.host; content:"37d389gt.botvn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856449/; classtype:trojan-activity;sid:84719549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.225.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856448/; classtype:trojan-activity;sid:84719548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.215.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856447/; classtype:trojan-activity;sid:84719547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.197.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856446/; classtype:trojan-activity;sid:84719546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.8.49"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856445/; classtype:trojan-activity;sid:84719545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.87.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856444/; classtype:trojan-activity;sid:84719544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.239.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856443/; classtype:trojan-activity;sid:84719543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.243.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856442/; classtype:trojan-activity;sid:84719542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a83347f4-91c8-427e-9621-465596a5c817"; depth:37; endswith; nocase; http.host; content:"nhkohoq.wlwyb.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856441/; classtype:trojan-activity;sid:84719541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.76.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856440/; classtype:trojan-activity;sid:84719540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"188.59.31.192"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856439/; classtype:trojan-activity;sid:84719539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.6.118"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856438/; classtype:trojan-activity;sid:84719538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.9.243.66"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856437/; classtype:trojan-activity;sid:84719537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.181.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856436/; classtype:trojan-activity;sid:84719536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6qty"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856435/; classtype:trojan-activity;sid:84719535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.76.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856434/; classtype:trojan-activity;sid:84719534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b3j3"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856433/; classtype:trojan-activity;sid:84719533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jiwm"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856430/; classtype:trojan-activity;sid:84719530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lil"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856431/; classtype:trojan-activity;sid:84719531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/etr"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856432/; classtype:trojan-activity;sid:84719532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruhb"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856429/; classtype:trojan-activity;sid:84719529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/89c8b8a2-047b-4845-97ac-42192b7d67cd"; depth:37; endswith; nocase; http.host; content:"oplzpps.popi999.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856428/; classtype:trojan-activity;sid:84719528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.151.82.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856427/; classtype:trojan-activity;sid:84719527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1dl"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856426/; classtype:trojan-activity;sid:84719526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vfz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856425/; classtype:trojan-activity;sid:84719525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ufdj"; depth:5; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856424/; classtype:trojan-activity;sid:84719524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856423/; classtype:trojan-activity;sid:84719523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.104.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856422/; classtype:trojan-activity;sid:84719522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doz"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856421/; classtype:trojan-activity;sid:84719521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.181.170"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856420/; classtype:trojan-activity;sid:84719520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.87.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856419/; classtype:trojan-activity;sid:84719519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slo"; depth:4; endswith; nocase; http.host; content:"188.132.232.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856418/; classtype:trojan-activity;sid:84719518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.163.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856417/; classtype:trojan-activity;sid:84719517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.67.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856416/; classtype:trojan-activity;sid:84719516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15415319-cb19-4ab6-a1ad-5a0057dfacce"; depth:37; endswith; nocase; http.host; content:"htciigz.intelect.gr"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856415/; classtype:trojan-activity;sid:84719515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.122.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856414/; classtype:trojan-activity;sid:84719514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.45.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856413/; classtype:trojan-activity;sid:84719513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.212.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856412/; classtype:trojan-activity;sid:84719512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.122.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856411/; classtype:trojan-activity;sid:84719511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2ec55cf6-ac80-4e73-8789-d3b0f6d5eebf"; depth:37; endswith; nocase; http.host; content:"ijdjqht.ktsagarakis.gr"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856410/; classtype:trojan-activity;sid:84719510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.158.157"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856409/; classtype:trojan-activity;sid:84719509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e2bf211f-4c72-46f2-8375-8e99e6d2026d"; depth:47; endswith; nocase; http.host; content:"5pfvza4o.cretasoft.gr"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856408/; classtype:trojan-activity;sid:84719508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.24.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856407/; classtype:trojan-activity;sid:84719507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.196.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856406/; classtype:trojan-activity;sid:84719506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.45.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856405/; classtype:trojan-activity;sid:84719505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.43.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856404/; classtype:trojan-activity;sid:84719504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.212.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856403/; classtype:trojan-activity;sid:84719503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.55.59.47"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856402/; classtype:trojan-activity;sid:84719502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.158.157"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856401/; classtype:trojan-activity;sid:84719501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.196.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856400/; classtype:trojan-activity;sid:84719500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.76.107.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856399/; classtype:trojan-activity;sid:84719499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0f47e297-e227-475d-a9bb-c9e848cf09fe"; depth:37; endswith; nocase; http.host; content:"jtnvsfr.notjustsquare.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856398/; classtype:trojan-activity;sid:84719498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.115.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856397/; classtype:trojan-activity;sid:84719497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.2.112"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856396/; classtype:trojan-activity;sid:84719496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.115.64"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856395/; classtype:trojan-activity;sid:84719495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856394/; classtype:trojan-activity;sid:84719494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.2.112"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856393/; classtype:trojan-activity;sid:84719493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.76.107.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856392/; classtype:trojan-activity;sid:84719492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.126.245.214"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856391/; classtype:trojan-activity;sid:84719491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5032e3d7-eed4-4a97-8ddf-91e1befb53cf"; depth:37; endswith; nocase; http.host; content:"dlacbhw.nonamejustsoul.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856390/; classtype:trojan-activity;sid:84719490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.156.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856389/; classtype:trojan-activity;sid:84719489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.116.217"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856388/; classtype:trojan-activity;sid:84719488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.43.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856387/; classtype:trojan-activity;sid:84719487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.80.162"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856386/; classtype:trojan-activity;sid:84719486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856385/; classtype:trojan-activity;sid:84719485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.168.210"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856384/; classtype:trojan-activity;sid:84719484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.118.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856383/; classtype:trojan-activity;sid:84719483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.156.228"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856382/; classtype:trojan-activity;sid:84719482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.9.70.99"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856381/; classtype:trojan-activity;sid:84719481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856380/; classtype:trojan-activity;sid:84719480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"83.219.1.198"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856379/; classtype:trojan-activity;sid:84719479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbb0fd91-83cd-44ac-8f90-f8a0492e532c"; depth:37; endswith; nocase; http.host; content:"rpcmwsz.muveszetiirasok.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856378/; classtype:trojan-activity;sid:84719478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.106.40"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856377/; classtype:trojan-activity;sid:84719477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.149.77.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856376/; classtype:trojan-activity;sid:84719476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.126.245.214"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856375/; classtype:trojan-activity;sid:84719475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.136.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856374/; classtype:trojan-activity;sid:84719474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.232.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856373/; classtype:trojan-activity;sid:84719473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.103.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856372/; classtype:trojan-activity;sid:84719472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.162.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856371/; classtype:trojan-activity;sid:84719471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=9b8a35eb-3fda-4255-9d71-ed44ff8727db"; depth:47; endswith; nocase; http.host; content:"czf2txr8.asion.gr"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856370/; classtype:trojan-activity;sid:84719470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.35.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856369/; classtype:trojan-activity;sid:84719469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.74.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856367/; classtype:trojan-activity;sid:84719467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.189.206.89"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856368/; classtype:trojan-activity;sid:84719468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d60b06b9-01e2-4001-9053-045433c15d05"; depth:37; endswith; nocase; http.host; content:"saprwbu.lavorcollective.com"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856366/; classtype:trojan-activity;sid:84719466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.232.130"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856365/; classtype:trojan-activity;sid:84719465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.136.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856364/; classtype:trojan-activity;sid:84719464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.85.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856362/; classtype:trojan-activity;sid:84719462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.11.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856363/; classtype:trojan-activity;sid:84719463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.189.206.89"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856361/; classtype:trojan-activity;sid:84719461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.0.162"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856360/; classtype:trojan-activity;sid:84719460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.127.54"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856359/; classtype:trojan-activity;sid:84719459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.85.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856358/; classtype:trojan-activity;sid:84719458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b899fd1e-3b5c-4303-97ed-838740d8bf49"; depth:37; endswith; nocase; http.host; content:"batmemo.kreativkiteljesedes.hu"; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856357/; classtype:trojan-activity;sid:84719457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"95.164.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856355/; classtype:trojan-activity;sid:84719455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.113.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856356/; classtype:trojan-activity;sid:84719456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.184.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856354/; classtype:trojan-activity;sid:84719454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.11.174"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856353/; classtype:trojan-activity;sid:84719453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blue.arm7"; depth:10; endswith; nocase; http.host; content:"45.198.224.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856352/; classtype:trojan-activity;sid:84719452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blue.x64"; depth:9; endswith; nocase; http.host; content:"45.198.224.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856351/; classtype:trojan-activity;sid:84719451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blue.mips"; depth:10; endswith; nocase; http.host; content:"45.198.224.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856350/; classtype:trojan-activity;sid:84719450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blue.mpsl"; depth:10; endswith; nocase; http.host; content:"45.198.224.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856349/; classtype:trojan-activity;sid:84719449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins.sh"; depth:8; endswith; nocase; http.host; content:"45.198.224.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856348/; classtype:trojan-activity;sid:84719448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.184.227"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856347/; classtype:trojan-activity;sid:84719447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.212.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856346/; classtype:trojan-activity;sid:84719446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.exe"; depth:9; endswith; nocase; http.host; content:"102.220.160.85"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856345/; classtype:trojan-activity;sid:84719445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader.exe"; depth:11; endswith; nocase; http.host; content:"193.17.183.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856344/; classtype:trojan-activity;sid:84719444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v.sh"; depth:5; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856337/; classtype:trojan-activity;sid:84719437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm7"; depth:6; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856338/; classtype:trojan-activity;sid:84719438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmpsl"; depth:6; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856339/; classtype:trojan-activity;sid:84719439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm"; depth:5; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856340/; classtype:trojan-activity;sid:84719440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm5"; depth:6; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856341/; classtype:trojan-activity;sid:84719441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmips"; depth:6; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856342/; classtype:trojan-activity;sid:84719442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/karm6"; depth:6; endswith; nocase; http.host; content:"195.96.132.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856343/; classtype:trojan-activity;sid:84719443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.144.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856336/; classtype:trojan-activity;sid:84719436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856328/; classtype:trojan-activity;sid:84719428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856329/; classtype:trojan-activity;sid:84719429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856330/; classtype:trojan-activity;sid:84719430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856331/; classtype:trojan-activity;sid:84719431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856332/; classtype:trojan-activity;sid:84719432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856333/; classtype:trojan-activity;sid:84719433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856334/; classtype:trojan-activity;sid:84719434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"103.83.87.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856335/; classtype:trojan-activity;sid:84719435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856327/; classtype:trojan-activity;sid:84719427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856325/; classtype:trojan-activity;sid:84719425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lol"; depth:4; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856326/; classtype:trojan-activity;sid:84719426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856322/; classtype:trojan-activity;sid:84719422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856323/; classtype:trojan-activity;sid:84719423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856324/; classtype:trojan-activity;sid:84719424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856317/; classtype:trojan-activity;sid:84719417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856318/; classtype:trojan-activity;sid:84719418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856319/; classtype:trojan-activity;sid:84719419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856320/; classtype:trojan-activity;sid:84719420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856321/; classtype:trojan-activity;sid:84719421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jack5tr.sh"; depth:11; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856315/; classtype:trojan-activity;sid:84719415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856316/; classtype:trojan-activity;sid:84719416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"45.194.92.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856314/; classtype:trojan-activity;sid:84719414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.127.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856313/; classtype:trojan-activity;sid:84719413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"23.146.240.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856312/; classtype:trojan-activity;sid:84719412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"23.146.240.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856311/; classtype:trojan-activity;sid:84719411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"176.97.210.86"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856310/; classtype:trojan-activity;sid:84719410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"95.164.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856307/; classtype:trojan-activity;sid:84719407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot_aarch64"; depth:12; endswith; nocase; http.host; content:"95.164.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856308/; classtype:trojan-activity;sid:84719408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bot"; depth:4; endswith; nocase; http.host; content:"95.164.6.120"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856309/; classtype:trojan-activity;sid:84719409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0145cb69-ee81-4806-a9ee-193b87209436"; depth:37; endswith; nocase; http.host; content:"mbhofdf.kortalanmuveszet.hu"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856306/; classtype:trojan-activity;sid:84719406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dns"; depth:4; endswith; nocase; http.host; content:"176.65.139.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856305/; classtype:trojan-activity;sid:84719405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856304/; classtype:trojan-activity;sid:84719404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.144.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856298/; classtype:trojan-activity;sid:84719398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arc"; depth:14; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856299/; classtype:trojan-activity;sid:84719399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.155.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856300/; classtype:trojan-activity;sid:84719400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink/mips"; depth:12; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856301/; classtype:trojan-activity;sid:84719401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink/arm5"; depth:12; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856302/; classtype:trojan-activity;sid:84719402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink/arm"; depth:11; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856303/; classtype:trojan-activity;sid:84719403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink/arm7"; depth:12; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856297/; classtype:trojan-activity;sid:84719397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink/x86"; depth:11; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856291/; classtype:trojan-activity;sid:84719391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86_64"; depth:17; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856292/; classtype:trojan-activity;sid:84719392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/macosx.zip.b64.part2"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856293/; classtype:trojan-activity;sid:84719393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/e/raw/refs/heads/main/confidential_report.exe"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856294/; classtype:trojan-activity;sid:84719394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/macosx.zip.b64.part1"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856295/; classtype:trojan-activity;sid:84719395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sparc"; depth:16; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856296/; classtype:trojan-activity;sid:84719396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/macosx.zip.aes.part2"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856288/; classtype:trojan-activity;sid:84719388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppv"; depth:9; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856289/; classtype:trojan-activity;sid:84719389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips64"; depth:17; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856290/; classtype:trojan-activity;sid:84719390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/e/raw/refs/heads/main/document.hta"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856284/; classtype:trojan-activity;sid:84719384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/test_portable.lnk"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856285/; classtype:trojan-activity;sid:84719385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/download-macosx.cmd"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856286/; classtype:trojan-activity;sid:84719386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/fix_crypto.ps1"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856287/; classtype:trojan-activity;sid:84719387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tplink/mpsl"; depth:12; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856283/; classtype:trojan-activity;sid:84719383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.i686"; depth:15; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856282/; classtype:trojan-activity;sid:84719382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/run-download-macosx.cmd"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856281/; classtype:trojan-activity;sid:84719381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/csharp-version/sys_helper.vbs"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856280/; classtype:trojan-activity;sid:84719380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/test_portable2.lnk"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856279/; classtype:trojan-activity;sid:84719379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/csharp-version/mango.lnk"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856273/; classtype:trojan-activity;sid:84719373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/lightweight-version/download-macosx.cmd"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856274/; classtype:trojan-activity;sid:84719374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/make-macosx-restore-shortcut.ps1"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856275/; classtype:trojan-activity;sid:84719375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/create-lnk-vbs.cmd"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856276/; classtype:trojan-activity;sid:84719376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/pure_rel.lnk"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856277/; classtype:trojan-activity;sid:84719377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/restore-macosx-from-cloud.ps1"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856278/; classtype:trojan-activity;sid:84719378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/test3.lnk"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856270/; classtype:trojan-activity;sid:84719370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/download-macosx-from-cloud.lnk"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856271/; classtype:trojan-activity;sid:84719371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/download.macosx.vbs"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856272/; classtype:trojan-activity;sid:84719372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/lightweight-version/launcher_src.py"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856269/; classtype:trojan-activity;sid:84719369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/build_macosx.py"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856266/; classtype:trojan-activity;sid:84719366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/portableshelllink.ps1"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856267/; classtype:trojan-activity;sid:84719367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/raw/refs/heads/main/csharp-version/download-macosx.cmd"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856268/; classtype:trojan-activity;sid:84719368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/macosx_downloader.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856265/; classtype:trojan-activity;sid:84719365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/payload.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856262/; classtype:trojan-activity;sid:84719362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/macosx.zip.aes.part1"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856263/; classtype:trojan-activity;sid:84719363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/poly.cmd"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856264/; classtype:trojan-activity;sid:84719364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/macosx.zip.aes.part2"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856261/; classtype:trojan-activity;sid:84719361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/payload.b64"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856260/; classtype:trojan-activity;sid:84719360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/mo-edge.rar"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856256/; classtype:trojan-activity;sid:84719356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe.rar"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856257/; classtype:trojan-activity;sid:84719357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ptich/main.exe"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856258/; classtype:trojan-activity;sid:84719358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/macosx.zip.b64.part1"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856259/; classtype:trojan-activity;sid:84719359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/macosx.zip.b64.part2"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856254/; classtype:trojan-activity;sid:84719354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/restore-macosx-from-github.ps1"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856255/; classtype:trojan-activity;sid:84719355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/macosx.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856253/; classtype:trojan-activity;sid:84719353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/build_macosx_aes.py"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856252/; classtype:trojan-activity;sid:84719352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/build_macosx.py"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856251/; classtype:trojan-activity;sid:84719351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/test.vbs"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856249/; classtype:trojan-activity;sid:84719349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/_"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856250/; classtype:trojan-activity;sid:84719350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/mo-edge.lnk"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856246/; classtype:trojan-activity;sid:84719346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/push_all.bat"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856247/; classtype:trojan-activity;sid:84719347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/tai-macosx.hta"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856248/; classtype:trojan-activity;sid:84719348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/tai-macosx-tu-github.rar"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856245/; classtype:trojan-activity;sid:84719345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/test-relative-target.ps1"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856243/; classtype:trojan-activity;sid:84719343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/tai-macosx.cmd"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856244/; classtype:trojan-activity;sid:84719344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.229.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856242/; classtype:trojan-activity;sid:84719342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/release_test/tai-macosx-tu-github.lnk"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856241/; classtype:trojan-activity;sid:84719341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/test_curl.txt"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856237/; classtype:trojan-activity;sid:84719337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/release_test/tai.macosx.vbs"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856238/; classtype:trojan-activity;sid:84719338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/project%20details%20including%20salary%20and%20terms%20and%20conditions%202026.lnk"; depth:141; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856239/; classtype:trojan-activity;sid:84719339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/macosx.zip.b64.part1"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856240/; classtype:trojan-activity;sid:84719340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/tai-macosx.cmd"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856235/; classtype:trojan-activity;sid:84719335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/test_relative.lnk"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856236/; classtype:trojan-activity;sid:84719336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/macosx.zip.b64.part2"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856234/; classtype:trojan-activity;sid:84719334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/hta/restore-macosx-from-github.ps1"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856233/; classtype:trojan-activity;sid:84719333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/macosx_bypass.lnk"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856231/; classtype:trojan-activity;sid:84719331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/macosx_portable.cmd"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856232/; classtype:trojan-activity;sid:84719332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/release_test/chay-tai-macosx.cmd"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856227/; classtype:trojan-activity;sid:84719327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/macosx_curl.lnk"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856228/; classtype:trojan-activity;sid:84719328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/release_test/restore-macosx-from-github.ps1"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856229/; classtype:trojan-activity;sid:84719329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/macosx.lnk"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856230/; classtype:trojan-activity;sid:84719330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/launcher_src.py"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856226/; classtype:trojan-activity;sid:84719326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/blob/main/ban-gon-nhe/test_macosx/macosx/suds_000000000000041.wsf"; depth:92; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856225/; classtype:trojan-activity;sid:84719325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-gon-nhe/project%20details%20including%20salary%20and%20benefits%20for%202026.exe"; depth:131; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856224/; classtype:trojan-activity;sid:84719324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/blob/main/ban-gon-nhe/test_macosx/macosx/suds_00000000000000041.wsf"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856223/; classtype:trojan-activity;sid:84719323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae9eea26-43f8-47c9-a2a4-ae4bc04b7a71"; depth:37; endswith; nocase; http.host; content:"ajfohrg.designyourlifeinflow.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856222/; classtype:trojan-activity;sid:84719322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-csharp/sys_helper.vbs"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856221/; classtype:trojan-activity;sid:84719321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-csharp/test.exe"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856220/; classtype:trojan-activity;sid:84719320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-csharp/project%20details%20including%20salary%20and%20terms%20and%20conditions%202026.lnk"; depth:140; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856219/; classtype:trojan-activity;sid:84719319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-csharp/test_aes.exe"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856218/; classtype:trojan-activity;sid:84719318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/adawcacaw/raw/refs/heads/main/ban-csharp/tai-macosx.cmd"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856217/; classtype:trojan-activity;sid:84719317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/fix_crypto.ps1"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856213/; classtype:trojan-activity;sid:84719313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/test_cache.cmd"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856214/; classtype:trojan-activity;sid:84719314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/restore-macosx-from-cloud.ps1"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856215/; classtype:trojan-activity;sid:84719315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/make-macosx-restore-shortcut.ps1"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856216/; classtype:trojan-activity;sid:84719316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/download.macosx.vbs"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856212/; classtype:trojan-activity;sid:84719312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/lightweight-version/download-macosx.cmd"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856211/; classtype:trojan-activity;sid:84719311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/csharp-version/download-macosx.cmd"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856197/; classtype:trojan-activity;sid:84719297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/test_cache2.cmd"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856198/; classtype:trojan-activity;sid:84719298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/build_macosx.py"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856199/; classtype:trojan-activity;sid:84719299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/lightweight-version/launcher_src.py"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856200/; classtype:trojan-activity;sid:84719300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/download-macosx.cmd"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856201/; classtype:trojan-activity;sid:84719301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/fix_command.ps1"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856202/; classtype:trojan-activity;sid:84719302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/fix_length.ps1"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856203/; classtype:trojan-activity;sid:84719303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/run-download-macosx.cmd"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856204/; classtype:trojan-activity;sid:84719304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/fix_defender.ps1"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856205/; classtype:trojan-activity;sid:84719305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/portableshelllink.ps1"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856206/; classtype:trojan-activity;sid:84719306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/csharp-version/sys_helper.vbs"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856207/; classtype:trojan-activity;sid:84719307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/create-lnk-vbs.cmd"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856208/; classtype:trojan-activity;sid:84719308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/raw/refs/heads/main/csharp-version/mango.lnk"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856209/; classtype:trojan-activity;sid:84719309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/rtyui/refs/heads/main/fix_iex.ps1"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856210/; classtype:trojan-activity;sid:84719310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.163.7"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856196/; classtype:trojan-activity;sid:84719296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.229.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856195/; classtype:trojan-activity;sid:84719295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/main/macosx.zip.aes.part1"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856193/; classtype:trojan-activity;sid:84719293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/main/macosx.zip.aes.part2"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856194/; classtype:trojan-activity;sid:84719294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiiisiet65-sudo/loioionoaisk/main/download-macosx.cmd"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856192/; classtype:trojan-activity;sid:84719292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meow"; depth:5; endswith; nocase; http.host; content:"34.83.130.213"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856191/; classtype:trojan-activity;sid:84719291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_bcdff299e4e8f207.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856190/; classtype:trojan-activity;sid:84719290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a65f5594c8f995c4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856187/; classtype:trojan-activity;sid:84719287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_55e3157424cdcb2d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856188/; classtype:trojan-activity;sid:84719288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_528254f3d9d973e0.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856189/; classtype:trojan-activity;sid:84719289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"218.28.150.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856186/; classtype:trojan-activity;sid:84719286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.111.43"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856185/; classtype:trojan-activity;sid:84719285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37af3c8e-329b-43a8-83af-f81cfd447f0e"; depth:37; endswith; nocase; http.host; content:"uuzhapr.attilahatar.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856184/; classtype:trojan-activity;sid:84719284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_fae2ed0c9d7ec066.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856183/; classtype:trojan-activity;sid:84719283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d381ccf1c3e3b11b.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856182/; classtype:trojan-activity;sid:84719282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a46c88fac79954ea.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856181/; classtype:trojan-activity;sid:84719281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.106.233"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856180/; classtype:trojan-activity;sid:84719280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.117.65.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856179/; classtype:trojan-activity;sid:84719279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3f877080-29f0-496b-b085-070abf72db46"; depth:37; endswith; nocase; http.host; content:"dbdndfs.artisourlifestyle.com"; depth:29; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856178/; classtype:trojan-activity;sid:84719278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.68.249.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856177/; classtype:trojan-activity;sid:84719277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.33.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856176/; classtype:trojan-activity;sid:84719276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.42.91.140"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856175/; classtype:trojan-activity;sid:84719275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.53.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856174/; classtype:trojan-activity;sid:84719274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856173/; classtype:trojan-activity;sid:84719273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.202.209.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856172/; classtype:trojan-activity;sid:84719272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.95.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856171/; classtype:trojan-activity;sid:84719271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.90.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856170/; classtype:trojan-activity;sid:84719270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.225.48.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856169/; classtype:trojan-activity;sid:84719269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d15816a5-6e4d-47ae-94f3-c6b74cd1bf18"; depth:37; endswith; nocase; http.host; content:"tuejpvg.agivedresphotography.com"; depth:32; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856168/; classtype:trojan-activity;sid:84719268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.186.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856167/; classtype:trojan-activity;sid:84719267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.53.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856166/; classtype:trojan-activity;sid:84719266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856165/; classtype:trojan-activity;sid:84719265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.127.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856164/; classtype:trojan-activity;sid:84719264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.95.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856163/; classtype:trojan-activity;sid:84719263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.225.48.253"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856162/; classtype:trojan-activity;sid:84719262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.186.151"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856161/; classtype:trojan-activity;sid:84719261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.33.92"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856160/; classtype:trojan-activity;sid:84719260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856159/; classtype:trojan-activity;sid:84719259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.196.177"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856158/; classtype:trojan-activity;sid:84719258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.42.116.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856157/; classtype:trojan-activity;sid:84719257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.8.186"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856156/; classtype:trojan-activity;sid:84719256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.88.121"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856155/; classtype:trojan-activity;sid:84719255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.26.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856154/; classtype:trojan-activity;sid:84719254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.214.181.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856153/; classtype:trojan-activity;sid:84719253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.100.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856152/; classtype:trojan-activity;sid:84719252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.86.0"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856151/; classtype:trojan-activity;sid:84719251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d64ed41-a13d-4d25-8e80-ac1702910cdd"; depth:37; endswith; nocase; http.host; content:"hsvisjx.ktsagarakis.gr"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856150/; classtype:trojan-activity;sid:84719250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.179.236.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856149/; classtype:trojan-activity;sid:84719249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.207.104.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856148/; classtype:trojan-activity;sid:84719248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"197.207.104.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856147/; classtype:trojan-activity;sid:84719247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.100.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856146/; classtype:trojan-activity;sid:84719246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.106.225.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856145/; classtype:trojan-activity;sid:84719245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.215.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856144/; classtype:trojan-activity;sid:84719244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.214.181.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856143/; classtype:trojan-activity;sid:84719243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/52668371-5f26-47c8-8978-a2cfd3584f24"; depth:37; endswith; nocase; http.host; content:"qsnovga.intelect.gr"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856142/; classtype:trojan-activity;sid:84719242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"49.71.122.104"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856141/; classtype:trojan-activity;sid:84719241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.203.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856140/; classtype:trojan-activity;sid:84719240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.145.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856139/; classtype:trojan-activity;sid:84719239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.115.183.206"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856138/; classtype:trojan-activity;sid:84719238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.23.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856137/; classtype:trojan-activity;sid:84719237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.185.243.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856136/; classtype:trojan-activity;sid:84719236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.134.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856135/; classtype:trojan-activity;sid:84719235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"49.71.122.104"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856134/; classtype:trojan-activity;sid:84719234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856133/; classtype:trojan-activity;sid:84719233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.203.36"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856132/; classtype:trojan-activity;sid:84719232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.185.243.248"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856131/; classtype:trojan-activity;sid:84719231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.191.137.44"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856130/; classtype:trojan-activity;sid:84719230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.115.183.206"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856129/; classtype:trojan-activity;sid:84719229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.134.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856128/; classtype:trojan-activity;sid:84719228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.241.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856127/; classtype:trojan-activity;sid:84719227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.23.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856126/; classtype:trojan-activity;sid:84719226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.49.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856125/; classtype:trojan-activity;sid:84719225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_acefecd764feb3fe.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856124/; classtype:trojan-activity;sid:84719224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.37.99"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856122/; classtype:trojan-activity;sid:84719222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.73.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856123/; classtype:trojan-activity;sid:84719223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eeffccbb-b6d6-48b7-a512-0be4e0652e27"; depth:37; endswith; nocase; http.host; content:"kccqafs.enviroment.gr"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856121/; classtype:trojan-activity;sid:84719221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.49.148"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856120/; classtype:trojan-activity;sid:84719220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.73.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856119/; classtype:trojan-activity;sid:84719219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.37.99"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856118/; classtype:trojan-activity;sid:84719218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.115.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856117/; classtype:trojan-activity;sid:84719217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/646efb00-ed18-4784-956c-a5f3db237f0a"; depth:37; endswith; nocase; http.host; content:"sqcbwqj.popi999.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856116/; classtype:trojan-activity;sid:84719216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856115/; classtype:trojan-activity;sid:84719215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856113/; classtype:trojan-activity;sid:84719213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.123.210.169"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856114/; classtype:trojan-activity;sid:84719214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.130.116"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856112/; classtype:trojan-activity;sid:84719212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bebbe3fd-a311-48ca-8d5a-a7441fae44c4"; depth:47; endswith; nocase; http.host; content:"qiwiqfdb.botvn.net"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856111/; classtype:trojan-activity;sid:84719211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b1e08171-05ea-4277-a250-dbed2833f2af"; depth:37; endswith; nocase; http.host; content:"knmglbn.sm188dvlv.cfd"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856110/; classtype:trojan-activity;sid:84719210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856109/; classtype:trojan-activity;sid:84719209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.44.147.199"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856108/; classtype:trojan-activity;sid:84719208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.115.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856106/; classtype:trojan-activity;sid:84719206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.123.210.169"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856107/; classtype:trojan-activity;sid:84719207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856105/; classtype:trojan-activity;sid:84719205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.236.74.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856104/; classtype:trojan-activity;sid:84719204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"105.225.45.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856103/; classtype:trojan-activity;sid:84719203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.80.169"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856102/; classtype:trojan-activity;sid:84719202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.226.64.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856101/; classtype:trojan-activity;sid:84719201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.90.147.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856100/; classtype:trojan-activity;sid:84719200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.145.71"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856099/; classtype:trojan-activity;sid:84719199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.162.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856098/; classtype:trojan-activity;sid:84719198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.83.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856097/; classtype:trojan-activity;sid:84719197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"105.225.45.183"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856096/; classtype:trojan-activity;sid:84719196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7f639218-b1a2-41e6-9aef-deebcd81b79d"; depth:37; endswith; nocase; http.host; content:"lbcsuyq.payestation.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856095/; classtype:trojan-activity;sid:84719195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.172.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856094/; classtype:trojan-activity;sid:84719194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.236.74.65"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856093/; classtype:trojan-activity;sid:84719193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.66.107"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856092/; classtype:trojan-activity;sid:84719192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.41.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856091/; classtype:trojan-activity;sid:84719191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.90.147.47"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856090/; classtype:trojan-activity;sid:84719190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.64.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856089/; classtype:trojan-activity;sid:84719189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lmkjn.x86"; depth:10; endswith; nocase; http.host; content:"209.92.170.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856088/; classtype:trojan-activity;sid:84719188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.83.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856087/; classtype:trojan-activity;sid:84719187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.109.89"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856086/; classtype:trojan-activity;sid:84719186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9e7a933f-9255-4282-b3c3-95c00da62b9b"; depth:37; endswith; nocase; http.host; content:"ehshryo.zsatom.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856085/; classtype:trojan-activity;sid:84719185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.41.9"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856084/; classtype:trojan-activity;sid:84719184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.113.112.96"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856083/; classtype:trojan-activity;sid:84719183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.90.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856082/; classtype:trojan-activity;sid:84719182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.173.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856081/; classtype:trojan-activity;sid:84719181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.223.141.236"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856080/; classtype:trojan-activity;sid:84719180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.175.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856079/; classtype:trojan-activity;sid:84719179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3ee4df05132671e5.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856078/; classtype:trojan-activity;sid:84719178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.139.186.40"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856077/; classtype:trojan-activity;sid:84719177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.130.208.219"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856076/; classtype:trojan-activity;sid:84719176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.86.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856075/; classtype:trojan-activity;sid:84719175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"180.113.112.96"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856074/; classtype:trojan-activity;sid:84719174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/67c8b84d-67c8-4798-8315-53947d3727dc"; depth:37; endswith; nocase; http.host; content:"izrbtds.wlwyb.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856073/; classtype:trojan-activity;sid:84719173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.42.67"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856072/; classtype:trojan-activity;sid:84719172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.42.116.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856071/; classtype:trojan-activity;sid:84719171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e1b54ddd-f669-4ca0-aedc-92c7a6cc4ce4"; depth:47; endswith; nocase; http.host; content:"b53jdkck.photoshopvn.net"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856070/; classtype:trojan-activity;sid:84719170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.139.186.40"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856069/; classtype:trojan-activity;sid:84719169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.158.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856068/; classtype:trojan-activity;sid:84719168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.141.156.236"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856067/; classtype:trojan-activity;sid:84719167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.235.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856066/; classtype:trojan-activity;sid:84719166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.42.67"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856065/; classtype:trojan-activity;sid:84719165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.86.225"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856064/; classtype:trojan-activity;sid:84719164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6121c2fc-8fc2-412a-92ee-741b50a2f413"; depth:37; endswith; nocase; http.host; content:"xjlghqc.baovietnam.me"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856063/; classtype:trojan-activity;sid:84719163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.0.64"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856062/; classtype:trojan-activity;sid:84719162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.158.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856061/; classtype:trojan-activity;sid:84719161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.175.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856060/; classtype:trojan-activity;sid:84719160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.0.64"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856059/; classtype:trojan-activity;sid:84719159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/59c935c1-e029-46a4-979e-1288a419164c"; depth:37; endswith; nocase; http.host; content:"psiwhza.baocongnghe.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856058/; classtype:trojan-activity;sid:84719158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.228.182.203"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856056/; classtype:trojan-activity;sid:84719156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"111.173.159.181"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856057/; classtype:trojan-activity;sid:84719157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.103.121.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856055/; classtype:trojan-activity;sid:84719155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.212.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856054/; classtype:trojan-activity;sid:84719154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.248.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856053/; classtype:trojan-activity;sid:84719153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/897602dd-4a4a-4f14-876d-5571178b5119"; depth:37; endswith; nocase; http.host; content:"raerscd.autotuongtac.biz"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856052/; classtype:trojan-activity;sid:84719152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.23.232"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856051/; classtype:trojan-activity;sid:84719151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"120.84.212.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856050/; classtype:trojan-activity;sid:84719150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=09063218-3263-4a1d-91f2-e9d48018b2d6"; depth:47; endswith; nocase; http.host; content:"45cbh9h6.liketudong.biz"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856049/; classtype:trojan-activity;sid:84719149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_31a41992cb5eafba.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856048/; classtype:trojan-activity;sid:84719148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.50.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856047/; classtype:trojan-activity;sid:84719147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/085ea1d6-65ee-4ae9-8890-37e422ddf547"; depth:37; endswith; nocase; http.host; content:"bxhnheh.vostrovape.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856046/; classtype:trojan-activity;sid:84719146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.140.131.238"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856045/; classtype:trojan-activity;sid:84719145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.140.131.238"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856044/; classtype:trojan-activity;sid:84719144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.135.133.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856043/; classtype:trojan-activity;sid:84719143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.226.67.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856042/; classtype:trojan-activity;sid:84719142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.96.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856041/; classtype:trojan-activity;sid:84719141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/682cbb9e-7c24-4382-bb15-b56f0a215231"; depth:37; endswith; nocase; http.host; content:"vjkyzqp.vapebeat.pk"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856040/; classtype:trojan-activity;sid:84719140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3qx"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856039/; classtype:trojan-activity;sid:84719139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.153.32"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856038/; classtype:trojan-activity;sid:84719138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.231.62"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856037/; classtype:trojan-activity;sid:84719137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.96.59"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856036/; classtype:trojan-activity;sid:84719136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3f9e3bf5-c6e8-44f1-80ea-0192b5d601b8"; depth:37; endswith; nocase; http.host; content:"nwmhtzx.suslink.com.pk"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856035/; classtype:trojan-activity;sid:84719135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.153.32"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856034/; classtype:trojan-activity;sid:84719134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.3.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856033/; classtype:trojan-activity;sid:84719133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.51.17.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856032/; classtype:trojan-activity;sid:84719132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.116.127"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856031/; classtype:trojan-activity;sid:84719131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.94.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856030/; classtype:trojan-activity;sid:84719130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b91a468b-98f3-4c22-a03b-a0a2ecba32e6"; depth:37; endswith; nocase; http.host; content:"tnslzkh.sus.com.pk"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856029/; classtype:trojan-activity;sid:84719129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.3.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856028/; classtype:trojan-activity;sid:84719128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.14.172.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856027/; classtype:trojan-activity;sid:84719127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856025/; classtype:trojan-activity;sid:84719125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bbfe6631-3e15-46d7-8123-7ed859d6e330"; depth:47; endswith; nocase; http.host; content:"fxxqmo5b.letrungkien.info"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856026/; classtype:trojan-activity;sid:84719126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856022/; classtype:trojan-activity;sid:84719122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856023/; classtype:trojan-activity;sid:84719123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856024/; classtype:trojan-activity;sid:84719124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856012/; classtype:trojan-activity;sid:84719112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856013/; classtype:trojan-activity;sid:84719113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856014/; classtype:trojan-activity;sid:84719114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856015/; classtype:trojan-activity;sid:84719115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/fuckjews.sh"; depth:17; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856016/; classtype:trojan-activity;sid:84719116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856017/; classtype:trojan-activity;sid:84719117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856018/; classtype:trojan-activity;sid:84719118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856019/; classtype:trojan-activity;sid:84719119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856020/; classtype:trojan-activity;sid:84719120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856021/; classtype:trojan-activity;sid:84719121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"87.120.92.182"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856011/; classtype:trojan-activity;sid:84719111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"92.248.231.5"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856010/; classtype:trojan-activity;sid:84719110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856009/; classtype:trojan-activity;sid:84719109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856005/; classtype:trojan-activity;sid:84719105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856006/; classtype:trojan-activity;sid:84719106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856007/; classtype:trojan-activity;sid:84719107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbg"; depth:4; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856008/; classtype:trojan-activity;sid:84719108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856000/; classtype:trojan-activity;sid:84719100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856001/; classtype:trojan-activity;sid:84719101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856002/; classtype:trojan-activity;sid:84719102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856003/; classtype:trojan-activity;sid:84719103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dbg"; depth:9; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856004/; classtype:trojan-activity;sid:84719104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855995/; classtype:trojan-activity;sid:84719095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855996/; classtype:trojan-activity;sid:84719096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855997/; classtype:trojan-activity;sid:84719097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855998/; classtype:trojan-activity;sid:84719098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"103.77.246.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855999/; classtype:trojan-activity;sid:84719099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855994/; classtype:trojan-activity;sid:84719094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855990/; classtype:trojan-activity;sid:84719090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855991/; classtype:trojan-activity;sid:84719091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855992/; classtype:trojan-activity;sid:84719092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855993/; classtype:trojan-activity;sid:84719093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855983/; classtype:trojan-activity;sid:84719083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855984/; classtype:trojan-activity;sid:84719084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855985/; classtype:trojan-activity;sid:84719085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855986/; classtype:trojan-activity;sid:84719086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855987/; classtype:trojan-activity;sid:84719087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855988/; classtype:trojan-activity;sid:84719088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"shemaleshavefeelings.autos"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855989/; classtype:trojan-activity;sid:84719089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.dbg"; depth:15; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855982/; classtype:trojan-activity;sid:84719082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.mips"; depth:16; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855980/; classtype:trojan-activity;sid:84719080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.spc"; depth:15; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855981/; classtype:trojan-activity;sid:84719081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.x86_64"; depth:18; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855979/; classtype:trojan-activity;sid:84719079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.ppc"; depth:15; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855977/; classtype:trojan-activity;sid:84719077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.mpsl"; depth:16; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855978/; classtype:trojan-activity;sid:84719078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.arm"; depth:15; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855976/; classtype:trojan-activity;sid:84719076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.m68k"; depth:16; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855975/; classtype:trojan-activity;sid:84719075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.gnueabihf"; depth:21; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855973/; classtype:trojan-activity;sid:84719073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/scanlisten"; depth:16; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855974/; classtype:trojan-activity;sid:84719074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cnc"; depth:9; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855972/; classtype:trojan-activity;sid:84719072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bins.sh"; depth:13; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855968/; classtype:trojan-activity;sid:84719068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.sh4"; depth:15; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855969/; classtype:trojan-activity;sid:84719069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.x86"; depth:15; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855970/; classtype:trojan-activity;sid:84719070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mirai.arm7"; depth:16; endswith; nocase; http.host; content:"78.13.245.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855971/; classtype:trojan-activity;sid:84719071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.51.17.74"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855967/; classtype:trojan-activity;sid:84719067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.94.214"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855966/; classtype:trojan-activity;sid:84719066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.247.21.100"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855965/; classtype:trojan-activity;sid:84719065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.127.54"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855964/; classtype:trojan-activity;sid:84719064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.14.172.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855963/; classtype:trojan-activity;sid:84719063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.241.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855962/; classtype:trojan-activity;sid:84719062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.134.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855961/; classtype:trojan-activity;sid:84719061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fa00c508-ee31-4ada-97f3-fba9a6fc9417"; depth:37; endswith; nocase; http.host; content:"pxydleq.nbbmansehra.pk"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855960/; classtype:trojan-activity;sid:84719060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.212.186.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855959/; classtype:trojan-activity;sid:84719059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hazooks/areyouajew.sh"; depth:22; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855958/; classtype:trojan-activity;sid:84719058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855956/; classtype:trojan-activity;sid:84719056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855957/; classtype:trojan-activity;sid:84719057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855955/; classtype:trojan-activity;sid:84719055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855951/; classtype:trojan-activity;sid:84719051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855952/; classtype:trojan-activity;sid:84719052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855953/; classtype:trojan-activity;sid:84719053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855954/; classtype:trojan-activity;sid:84719054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855946/; classtype:trojan-activity;sid:84719046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855947/; classtype:trojan-activity;sid:84719047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm7"; depth:15; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855948/; classtype:trojan-activity;sid:84719048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ohshit.sh"; depth:10; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855949/; classtype:trojan-activity;sid:84719049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855950/; classtype:trojan-activity;sid:84719050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"66.212.186.197"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855945/; classtype:trojan-activity;sid:84719045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855944/; classtype:trojan-activity;sid:84719044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855932/; classtype:trojan-activity;sid:84719032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855933/; classtype:trojan-activity;sid:84719033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_i686"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855934/; classtype:trojan-activity;sid:84719034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855935/; classtype:trojan-activity;sid:84719035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855936/; classtype:trojan-activity;sid:84719036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855937/; classtype:trojan-activity;sid:84719037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855938/; classtype:trojan-activity;sid:84719038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855939/; classtype:trojan-activity;sid:84719039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855940/; classtype:trojan-activity;sid:84719040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855941/; classtype:trojan-activity;sid:84719041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_i486"; depth:10; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855942/; classtype:trojan-activity;sid:84719042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"91.234.199.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855943/; classtype:trojan-activity;sid:84719043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/679ab62e-e928-4214-a141-b468c947d557"; depth:37; endswith; nocase; http.host; content:"dfuvstc.mrvapora.pk"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855931/; classtype:trojan-activity;sid:84719031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.13.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855930/; classtype:trojan-activity;sid:84719030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/mr/random.exe"; depth:20; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855929/; classtype:trojan-activity;sid:84719029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.13.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855928/; classtype:trojan-activity;sid:84719028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"45.11.56.76"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855927/; classtype:trojan-activity;sid:84719027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.11.56.76"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855926/; classtype:trojan-activity;sid:84719026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"209.99.185.43"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855925/; classtype:trojan-activity;sid:84719025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.187.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855924/; classtype:trojan-activity;sid:84719024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"209.99.184.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855923/; classtype:trojan-activity;sid:84719023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"209.99.184.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855922/; classtype:trojan-activity;sid:84719022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.134.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855921/; classtype:trojan-activity;sid:84719021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855920/; classtype:trojan-activity;sid:84719020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.13.188"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855919/; classtype:trojan-activity;sid:84719019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.150.70.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855918/; classtype:trojan-activity;sid:84719018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.29.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855917/; classtype:trojan-activity;sid:84719017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7bccd83a-0e71-42a4-9105-e59f941dbfd0"; depth:37; endswith; nocase; http.host; content:"palenyz.gulshans.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855916/; classtype:trojan-activity;sid:84719016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855915/; classtype:trojan-activity;sid:84719015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855914/; classtype:trojan-activity;sid:84719014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855913/; classtype:trojan-activity;sid:84719013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855911/; classtype:trojan-activity;sid:84719011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"92.42.100.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855912/; classtype:trojan-activity;sid:84719012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.76.137"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855910/; classtype:trojan-activity;sid:84719010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855909/; classtype:trojan-activity;sid:84719009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b49a5b16-07f6-4736-b9b3-63defcff7e20"; depth:47; endswith; nocase; http.host; content:"ouqk5pur.dvfb-vn.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855908/; classtype:trojan-activity;sid:84719008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.142.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855907/; classtype:trojan-activity;sid:84719007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5a2e0810-1bf0-4a86-9454-675dc05e4e88"; depth:37; endswith; nocase; http.host; content:"mzapcfw.wlwyb.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855906/; classtype:trojan-activity;sid:84719006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855898/; classtype:trojan-activity;sid:84718998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855899/; classtype:trojan-activity;sid:84718999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855900/; classtype:trojan-activity;sid:84719000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rocketmq"; depth:9; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855901/; classtype:trojan-activity;sid:84719001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855902/; classtype:trojan-activity;sid:84719002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855903/; classtype:trojan-activity;sid:84719003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc_eb"; depth:7; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855904/; classtype:trojan-activity;sid:84719004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855905/; classtype:trojan-activity;sid:84719005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855895/; classtype:trojan-activity;sid:84718995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855896/; classtype:trojan-activity;sid:84718996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855897/; classtype:trojan-activity;sid:84718997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855893/; classtype:trojan-activity;sid:84718993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855894/; classtype:trojan-activity;sid:84718994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iphone"; depth:7; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855892/; classtype:trojan-activity;sid:84718992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855891/; classtype:trojan-activity;sid:84718991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead.sh"; depth:11; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855890/; classtype:trojan-activity;sid:84718990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsh"; depth:4; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855886/; classtype:trojan-activity;sid:84718986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linnn"; depth:6; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855887/; classtype:trojan-activity;sid:84718987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855888/; classtype:trojan-activity;sid:84718988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855889/; classtype:trojan-activity;sid:84718989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855883/; classtype:trojan-activity;sid:84718983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855884/; classtype:trojan-activity;sid:84718984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855885/; classtype:trojan-activity;sid:84718985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855882/; classtype:trojan-activity;sid:84718982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855880/; classtype:trojan-activity;sid:84718980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"zyrec2.duckdns.org"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855881/; classtype:trojan-activity;sid:84718981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rocketmq"; depth:9; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855879/; classtype:trojan-activity;sid:84718979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsh"; depth:4; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855878/; classtype:trojan-activity;sid:84718978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/goahead.sh"; depth:11; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855877/; classtype:trojan-activity;sid:84718977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n"; depth:2; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855869/; classtype:trojan-activity;sid:84718969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruck"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855870/; classtype:trojan-activity;sid:84718970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855871/; classtype:trojan-activity;sid:84718971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855872/; classtype:trojan-activity;sid:84718972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/l"; depth:2; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855873/; classtype:trojan-activity;sid:84718973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855874/; classtype:trojan-activity;sid:84718974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aaa"; depth:4; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855875/; classtype:trojan-activity;sid:84718975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855876/; classtype:trojan-activity;sid:84718976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iphone"; depth:7; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855866/; classtype:trojan-activity;sid:84718966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855867/; classtype:trojan-activity;sid:84718967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.sh"; depth:6; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855868/; classtype:trojan-activity;sid:84718968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linnn"; depth:6; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855865/; classtype:trojan-activity;sid:84718965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855864/; classtype:trojan-activity;sid:84718964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855852/; classtype:trojan-activity;sid:84718952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855853/; classtype:trojan-activity;sid:84718953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855854/; classtype:trojan-activity;sid:84718954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855855/; classtype:trojan-activity;sid:84718955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855856/; classtype:trojan-activity;sid:84718956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855857/; classtype:trojan-activity;sid:84718957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc_eb"; depth:7; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855858/; classtype:trojan-activity;sid:84718958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855859/; classtype:trojan-activity;sid:84718959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855860/; classtype:trojan-activity;sid:84718960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855861/; classtype:trojan-activity;sid:84718961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855862/; classtype:trojan-activity;sid:84718962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855863/; classtype:trojan-activity;sid:84718963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855847/; classtype:trojan-activity;sid:84718947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855848/; classtype:trojan-activity;sid:84718948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855849/; classtype:trojan-activity;sid:84718949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855850/; classtype:trojan-activity;sid:84718950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855851/; classtype:trojan-activity;sid:84718951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.33.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855846/; classtype:trojan-activity;sid:84718946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5006bcd0978c0e4d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855845/; classtype:trojan-activity;sid:84718945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d8f635b29dd7dd17.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855844/; classtype:trojan-activity;sid:84718944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.142.163"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855843/; classtype:trojan-activity;sid:84718943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.89.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855842/; classtype:trojan-activity;sid:84718942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.139.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855841/; classtype:trojan-activity;sid:84718941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.18.76.137"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855840/; classtype:trojan-activity;sid:84718940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.83.4"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855839/; classtype:trojan-activity;sid:84718939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/152db9ed-6538-4409-872b-57148d987e4a"; depth:37; endswith; nocase; http.host; content:"kpckilf.visszateritok.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855838/; classtype:trojan-activity;sid:84718938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.83.4"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855837/; classtype:trojan-activity;sid:84718937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.89.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855836/; classtype:trojan-activity;sid:84718936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.155.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855835/; classtype:trojan-activity;sid:84718935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"220.112.31.73"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855834/; classtype:trojan-activity;sid:84718934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.213.112.220"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855833/; classtype:trojan-activity;sid:84718933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ir3s"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855828/; classtype:trojan-activity;sid:84718928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/owh"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855829/; classtype:trojan-activity;sid:84718929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bfyl"; depth:5; endswith; nocase; http.host; content:"89.144.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855830/; classtype:trojan-activity;sid:84718930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zie"; depth:4; endswith; nocase; http.host; content:"89.144.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855831/; classtype:trojan-activity;sid:84718931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"static-103-160-197-150.unpl.net"; depth:31; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855832/; classtype:trojan-activity;sid:84718932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nck"; depth:4; endswith; nocase; http.host; content:"89.144.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855799/; classtype:trojan-activity;sid:84718899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jja4"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855800/; classtype:trojan-activity;sid:84718900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j1fj"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855801/; classtype:trojan-activity;sid:84718901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tdsj"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855802/; classtype:trojan-activity;sid:84718902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3utl"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855803/; classtype:trojan-activity;sid:84718903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lndr"; depth:5; endswith; nocase; http.host; content:"89.144.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855804/; classtype:trojan-activity;sid:84718904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ql9t"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855805/; classtype:trojan-activity;sid:84718905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zfg"; depth:4; endswith; nocase; http.host; content:"89.144.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855806/; classtype:trojan-activity;sid:84718906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0qbw"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855807/; classtype:trojan-activity;sid:84718907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pnwl"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855808/; classtype:trojan-activity;sid:84718908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hxa"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855809/; classtype:trojan-activity;sid:84718909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emd"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855810/; classtype:trojan-activity;sid:84718910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaz"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855811/; classtype:trojan-activity;sid:84718911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hxq"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855812/; classtype:trojan-activity;sid:84718912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t3sy"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855813/; classtype:trojan-activity;sid:84718913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"66.167.169.176"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855814/; classtype:trojan-activity;sid:84718914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rmx"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855815/; classtype:trojan-activity;sid:84718915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaws"; depth:5; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855816/; classtype:trojan-activity;sid:84718916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/luxzzxzzx/luxzz.i468"; depth:21; endswith; nocase; http.host; content:"vmi3208269.contaboserver.net"; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855817/; classtype:trojan-activity;sid:84718917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nbo"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855818/; classtype:trojan-activity;sid:84718918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4kly"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855819/; classtype:trojan-activity;sid:84718919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"176.65.148.199.ptr.pfcloud.network"; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855820/; classtype:trojan-activity;sid:84718920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5lky"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855821/; classtype:trojan-activity;sid:84718921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dza"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855822/; classtype:trojan-activity;sid:84718922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rhr"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855823/; classtype:trojan-activity;sid:84718923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppf"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855824/; classtype:trojan-activity;sid:84718924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wnmo"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855825/; classtype:trojan-activity;sid:84718925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhi"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855826/; classtype:trojan-activity;sid:84718926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.160.197.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855827/; classtype:trojan-activity;sid:84718927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"176.65.148.199.ptr.pfcloud.network"; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855798/; classtype:trojan-activity;sid:84718898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a/linksys"; depth:10; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855794/; classtype:trojan-activity;sid:84718894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm5"; depth:6; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855795/; classtype:trojan-activity;sid:84718895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gpon"; depth:5; endswith; nocase; http.host; content:"203.145.34.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855796/; classtype:trojan-activity;sid:84718896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855797/; classtype:trojan-activity;sid:84718897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"176.65.148.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855790/; classtype:trojan-activity;sid:84718890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"176.65.148.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855791/; classtype:trojan-activity;sid:84718891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"176.65.148.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855792/; classtype:trojan-activity;sid:84718892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"176.65.148.199.ptr.pfcloud.network"; depth:34; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855793/; classtype:trojan-activity;sid:84718893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"139.135.42.224"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855787/; classtype:trojan-activity;sid:84718887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"103.199.123.41"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855788/; classtype:trojan-activity;sid:84718888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"202.141.101.239"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855789/; classtype:trojan-activity;sid:84718889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/001010101010010110101011101010101101010111010101/arm5"; depth:54; endswith; nocase; http.host; content:"103.252.89.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855784/; classtype:trojan-activity;sid:84718884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.7"; depth:7; endswith; nocase; http.host; content:"112.238.239.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855785/; classtype:trojan-activity;sid:84718885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"59.103.106.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855786/; classtype:trojan-activity;sid:84718886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.155.247"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855783/; classtype:trojan-activity;sid:84718883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/66697340-c869-4120-83ad-85de1ae505fd"; depth:37; endswith; nocase; http.host; content:"gfdoxjo.zsatom.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855782/; classtype:trojan-activity;sid:84718882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.87.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855781/; classtype:trojan-activity;sid:84718881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.212.129"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855780/; classtype:trojan-activity;sid:84718880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xze2"; depth:5; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855779/; classtype:trojan-activity;sid:84718879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855776/; classtype:trojan-activity;sid:84718876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855777/; classtype:trojan-activity;sid:84718877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.136.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855778/; classtype:trojan-activity;sid:84718878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855774/; classtype:trojan-activity;sid:84718874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855775/; classtype:trojan-activity;sid:84718875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.189.165.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855773/; classtype:trojan-activity;sid:84718873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.87.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855772/; classtype:trojan-activity;sid:84718872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bytebytearm/launcher.bytearmor/releases/download/v3.1/launcher.bytearmor.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855771/; classtype:trojan-activity;sid:84718871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deanhhoach/xone-cs2-undetected-2026/releases/download/v1.2/xone.cs2.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855769/; classtype:trojan-activity;sid:84718869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kanebstuart/mod-manager/releases/download/download/json.mod.manager.v10.5.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855768/; classtype:trojan-activity;sid:84718868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kanebstuart/rusttweaker/releases/download/download/rusttweaker.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855767/; classtype:trojan-activity;sid:84718867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bytebytearm/14124/releases/download/v3.0/launcher.bytearmor.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855765/; classtype:trojan-activity;sid:84718865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/%d0%92%d0%be%d0%betse%d1%85e%d1%81ss64.zip"; depth:51; endswith; nocase; http.host; content:"roblox-execut.net"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855766/; classtype:trojan-activity;sid:84718866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kanebstuart/forza-horizon-mod/releases/download/download/fh6.mod.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855763/; classtype:trojan-activity;sid:84718863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kanebstuart/cs2-exloader/releases/download/download/phantom.cs2.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855764/; classtype:trojan-activity;sid:84718864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unicore.zip"; depth:12; endswith; nocase; http.host; content:"unicore.pw"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855762/; classtype:trojan-activity;sid:84718862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_53d088d9a3857540.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855761/; classtype:trojan-activity;sid:84718861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5f6659d9b41b28ab.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855755/; classtype:trojan-activity;sid:84718855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_2cf1bae0e7a0ed46.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855756/; classtype:trojan-activity;sid:84718856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b8f479435ba21007.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855757/; classtype:trojan-activity;sid:84718857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d8256d51cc8fd874.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855758/; classtype:trojan-activity;sid:84718858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5798e3e4032addc6.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855759/; classtype:trojan-activity;sid:84718859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_43214cd4b47ff4d1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855760/; classtype:trojan-activity;sid:84718860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.136.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855754/; classtype:trojan-activity;sid:84718854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=68324316-aef0-49f1-b5c0-821c2dc05639"; depth:47; endswith; nocase; http.host; content:"x2jjzvnd.dichvuff.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855753/; classtype:trojan-activity;sid:84718853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e83e0e1a-dfda-4255-847e-5e38a00f7f46"; depth:37; endswith; nocase; http.host; content:"prgqvfu.payestation.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855752/; classtype:trojan-activity;sid:84718852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.189.165.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855751/; classtype:trojan-activity;sid:84718851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.116.217"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855750/; classtype:trojan-activity;sid:84718850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.40.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855749/; classtype:trojan-activity;sid:84718849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.188.135.20"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855748/; classtype:trojan-activity;sid:84718848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4be45d25-c5cc-4819-96b4-8562bec77294"; depth:37; endswith; nocase; http.host; content:"ujbhfgb.sm188dvlv.cfd"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855747/; classtype:trojan-activity;sid:84718847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.80.193"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855746/; classtype:trojan-activity;sid:84718846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.230.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855745/; classtype:trojan-activity;sid:84718845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.230.19"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855744/; classtype:trojan-activity;sid:84718844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.188.135.20"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855743/; classtype:trojan-activity;sid:84718843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.215.245"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855742/; classtype:trojan-activity;sid:84718842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01efab7f-a5cf-463a-98be-cb3e24dc251a"; depth:37; endswith; nocase; http.host; content:"pnniuwu.popi999.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855741/; classtype:trojan-activity;sid:84718841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.89.32"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855740/; classtype:trojan-activity;sid:84718840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ed52424f-0fd0-4955-bc4f-96fb693f4bb1"; depth:37; endswith; nocase; http.host; content:"llrxcyj.laborfotostudio.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855739/; classtype:trojan-activity;sid:84718839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7c8b783c-bb93-4a8d-933b-cf18e9bf2803"; depth:47; endswith; nocase; http.host; content:"e0vt7hv0.saostar.biz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855738/; classtype:trojan-activity;sid:84718838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.6.118"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855737/; classtype:trojan-activity;sid:84718837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.206.65.133"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855736/; classtype:trojan-activity;sid:84718836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cba55641-a04c-447c-82f1-e7aeaf4b077a"; depth:37; endswith; nocase; http.host; content:"gadvzmy.lampaoszlopbolt.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855735/; classtype:trojan-activity;sid:84718835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"5.206.65.133"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855734/; classtype:trojan-activity;sid:84718834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3abb0b14-1aee-4f2b-b64d-d3f0f444bcda"; depth:37; endswith; nocase; http.host; content:"elmqfzy.zsatom.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855733/; classtype:trojan-activity;sid:84718833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.248.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855732/; classtype:trojan-activity;sid:84718832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.248.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855731/; classtype:trojan-activity;sid:84718831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.223.126"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855730/; classtype:trojan-activity;sid:84718830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.113.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855729/; classtype:trojan-activity;sid:84718829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.103.179"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855728/; classtype:trojan-activity;sid:84718828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.97.241.13"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855727/; classtype:trojan-activity;sid:84718827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1b7ad810-5252-4a35-a2e6-750851b6dbc6"; depth:37; endswith; nocase; http.host; content:"juiaaot.visszateritok.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855726/; classtype:trojan-activity;sid:84718826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.90.181"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855725/; classtype:trojan-activity;sid:84718825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.90.181"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855724/; classtype:trojan-activity;sid:84718824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=777f3bab-df0d-43b5-94ba-0d2b9a6c6b33"; depth:47; endswith; nocase; http.host; content:"81729sv5.stgsolar.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855723/; classtype:trojan-activity;sid:84718823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.150.70.13"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855722/; classtype:trojan-activity;sid:84718822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.152.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855721/; classtype:trojan-activity;sid:84718821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.87.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855720/; classtype:trojan-activity;sid:84718820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e6887422-069c-4a3b-a925-54344036de7c"; depth:37; endswith; nocase; http.host; content:"akvtmtx.technologiaiviz.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855719/; classtype:trojan-activity;sid:84718819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.99.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855718/; classtype:trojan-activity;sid:84718818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.94.216.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855717/; classtype:trojan-activity;sid:84718817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.222.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855716/; classtype:trojan-activity;sid:84718816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.114.32.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855715/; classtype:trojan-activity;sid:84718815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.99.154"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855714/; classtype:trojan-activity;sid:84718814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.157.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855713/; classtype:trojan-activity;sid:84718813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.39.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855712/; classtype:trojan-activity;sid:84718812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.94.216.97"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855711/; classtype:trojan-activity;sid:84718811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.120.153.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855710/; classtype:trojan-activity;sid:84718810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.188.210.128"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855709/; classtype:trojan-activity;sid:84718809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.222.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855708/; classtype:trojan-activity;sid:84718808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.39.25"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855707/; classtype:trojan-activity;sid:84718807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6f279acd-9056-45aa-9e02-e12c43bb3c11"; depth:37; endswith; nocase; http.host; content:"vfqpsfq.webrevelem.hu"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855706/; classtype:trojan-activity;sid:84718806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.210.128"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855705/; classtype:trojan-activity;sid:84718805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.157.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855704/; classtype:trojan-activity;sid:84718804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.103.116.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855703/; classtype:trojan-activity;sid:84718803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.120.153.119"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855702/; classtype:trojan-activity;sid:84718802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05c06f8b-fb56-43f1-9ad7-42bfea50cbc7"; depth:37; endswith; nocase; http.host; content:"zjhbvqq.wlwyb.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855701/; classtype:trojan-activity;sid:84718801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"89.144.31.54"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855700/; classtype:trojan-activity;sid:84718800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.84.215.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855699/; classtype:trojan-activity;sid:84718799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.103.116.125"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855698/; classtype:trojan-activity;sid:84718798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.130.242.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855697/; classtype:trojan-activity;sid:84718797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khh"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855694/; classtype:trojan-activity;sid:84718794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tvz"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855695/; classtype:trojan-activity;sid:84718795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rj6"; depth:4; endswith; nocase; http.host; content:"45.148.120.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855696/; classtype:trojan-activity;sid:84718796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.239.252.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855693/; classtype:trojan-activity;sid:84718793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855692/; classtype:trojan-activity;sid:84718792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.89.32"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855691/; classtype:trojan-activity;sid:84718791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.137.152.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855690/; classtype:trojan-activity;sid:84718790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.212.129"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855689/; classtype:trojan-activity;sid:84718789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=61bd4101-46cc-4a49-bee4-a2a619d7bd16"; depth:47; endswith; nocase; http.host; content:"pbm280yc.sieulike.biz"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855688/; classtype:trojan-activity;sid:84718788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855687/; classtype:trojan-activity;sid:84718787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.44.147.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855686/; classtype:trojan-activity;sid:84718786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.204.231"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855685/; classtype:trojan-activity;sid:84718785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"124.130.242.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855684/; classtype:trojan-activity;sid:84718784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7c3dda71-ab00-49cc-9d75-297de10f4939"; depth:37; endswith; nocase; http.host; content:"osljzcm.salesventure.co"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855683/; classtype:trojan-activity;sid:84718783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.11.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855682/; classtype:trojan-activity;sid:84718782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855681/; classtype:trojan-activity;sid:84718781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855679/; classtype:trojan-activity;sid:84718779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855680/; classtype:trojan-activity;sid:84718780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855677/; classtype:trojan-activity;sid:84718777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"87.121.79.55"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855678/; classtype:trojan-activity;sid:84718778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.32.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855676/; classtype:trojan-activity;sid:84718776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/install.exe"; depth:18; endswith; nocase; http.host; content:"192.253.248.8"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855674/; classtype:trojan-activity;sid:84718774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/update.exe"; depth:17; endswith; nocase; http.host; content:"192.253.248.8"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855675/; classtype:trojan-activity;sid:84718775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/192046e9-4a6f-4191-a8da-a5b061f2e9d8"; depth:37; endswith; nocase; http.host; content:"tvrtwkf.ricebowl.io"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855673/; classtype:trojan-activity;sid:84718773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.119.15.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855672/; classtype:trojan-activity;sid:84718772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855662/; classtype:trojan-activity;sid:84718762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/4.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855663/; classtype:trojan-activity;sid:84718763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/9.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855664/; classtype:trojan-activity;sid:84718764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/11.tok"; depth:18; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855665/; classtype:trojan-activity;sid:84718765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/6.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855666/; classtype:trojan-activity;sid:84718766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/10.tok"; depth:18; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855667/; classtype:trojan-activity;sid:84718767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/7.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855668/; classtype:trojan-activity;sid:84718768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/13.tok"; depth:18; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855669/; classtype:trojan-activity;sid:84718769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/12.tok"; depth:18; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855670/; classtype:trojan-activity;sid:84718770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/5.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855671/; classtype:trojan-activity;sid:84718771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/1.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855660/; classtype:trojan-activity;sid:84718760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/8.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855661/; classtype:trojan-activity;sid:84718761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.190.11.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855659/; classtype:trojan-activity;sid:84718759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/80a73b13-f9b7-42c8-bf3b-b9167028fc07"; depth:37; endswith; nocase; http.host; content:"pymyajs.pegaadvance.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855658/; classtype:trojan-activity;sid:84718758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.127.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855656/; classtype:trojan-activity;sid:84718756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.127.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855657/; classtype:trojan-activity;sid:84718757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.232.61.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855655/; classtype:trojan-activity;sid:84718755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d724717c-e1f7-4f60-9409-b40d6e0ee8a3"; depth:47; endswith; nocase; http.host; content:"gzxrgq4a.saostar.biz"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855654/; classtype:trojan-activity;sid:84718754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ir"; depth:3; endswith; nocase; http.host; content:"91.92.240.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855653/; classtype:trojan-activity;sid:84718753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855652/; classtype:trojan-activity;sid:84718752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855650/; classtype:trojan-activity;sid:84718750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855651/; classtype:trojan-activity;sid:84718751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptex1.4.zip"; depth:15; endswith; nocase; http.host; content:"ultraviolence.buzz"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855649/; classtype:trojan-activity;sid:84718749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d05f3ded464d9a16.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855637/; classtype:trojan-activity;sid:84718737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ef1d0dbe00ece391.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855638/; classtype:trojan-activity;sid:84718738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_27dedf7c72f347c8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855639/; classtype:trojan-activity;sid:84718739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1ded2dd1916ec7f1.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855640/; classtype:trojan-activity;sid:84718740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d18f962e0a0063b1.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855641/; classtype:trojan-activity;sid:84718741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855642/; classtype:trojan-activity;sid:84718742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsrouter"; depth:16; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855643/; classtype:trojan-activity;sid:84718743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855644/; classtype:trojan-activity;sid:84718744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855645/; classtype:trojan-activity;sid:84718745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855646/; classtype:trojan-activity;sid:84718746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855647/; classtype:trojan-activity;sid:84718747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"games-point.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855648/; classtype:trojan-activity;sid:84718748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cook"; depth:5; endswith; nocase; http.host; content:"vanta.st"; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855636/; classtype:trojan-activity;sid:84718736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_007230d483970d34.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855629/; classtype:trojan-activity;sid:84718729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_fdd177b589499a08.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855630/; classtype:trojan-activity;sid:84718730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_873181172a2e4045.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855631/; classtype:trojan-activity;sid:84718731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b4522797f49270b0.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855632/; classtype:trojan-activity;sid:84718732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_37e3bf5524188f8f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855633/; classtype:trojan-activity;sid:84718733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_9fe1bab4eaca687d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855634/; classtype:trojan-activity;sid:84718734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c35f6e8f5c6feda7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855635/; classtype:trojan-activity;sid:84718735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_0353b1d91cdd6b5a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855628/; classtype:trojan-activity;sid:84718728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/682e017e-e639-48d5-9c22-984d414de0ef"; depth:37; endswith; nocase; http.host; content:"tohiels.payestation.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855627/; classtype:trojan-activity;sid:84718727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.174.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855626/; classtype:trojan-activity;sid:84718726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.140.160.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855625/; classtype:trojan-activity;sid:84718725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.mipsel"; depth:17; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855624/; classtype:trojan-activity;sid:84718724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/3.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855623/; classtype:trojan-activity;sid:84718723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.powerpc"; depth:18; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855622/; classtype:trojan-activity;sid:84718722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.sh4"; depth:14; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855619/; classtype:trojan-activity;sid:84718719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv5l"; depth:17; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855620/; classtype:trojan-activity;sid:84718720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv6l"; depth:17; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855621/; classtype:trojan-activity;sid:84718721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.x86_64"; depth:17; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855618/; classtype:trojan-activity;sid:84718718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.i586"; depth:15; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855614/; classtype:trojan-activity;sid:84718714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.mips"; depth:15; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855615/; classtype:trojan-activity;sid:84718715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv4l"; depth:17; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855616/; classtype:trojan-activity;sid:84718716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nova.armv7l"; depth:17; endswith; nocase; http.host; content:"176.65.148.144"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855617/; classtype:trojan-activity;sid:84718717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nova.sh"; depth:8; endswith; nocase; http.host; content:"nova.dudos.cfd"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855613/; classtype:trojan-activity;sid:84718713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.154.174.92"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855612/; classtype:trojan-activity;sid:84718712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hailhitler/2.tok"; depth:17; endswith; nocase; http.host; content:"45.74.7.123"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855611/; classtype:trojan-activity;sid:84718711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.168.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855610/; classtype:trojan-activity;sid:84718710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.45.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855609/; classtype:trojan-activity;sid:84718709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/83f4baab-9036-4dc7-b437-c61867b20cc5"; depth:37; endswith; nocase; http.host; content:"kzbxkhv.newspaperseng.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855608/; classtype:trojan-activity;sid:84718708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"116.140.160.126"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855607/; classtype:trojan-activity;sid:84718707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.168.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855606/; classtype:trojan-activity;sid:84718706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.33.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855605/; classtype:trojan-activity;sid:84718705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b98baf1b-7bba-4641-81d4-b38c19b9fa92"; depth:37; endswith; nocase; http.host; content:"oeyvwkv.hitsforge.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855604/; classtype:trojan-activity;sid:84718704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.4.232"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855603/; classtype:trojan-activity;sid:84718703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.53.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855602/; classtype:trojan-activity;sid:84718702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.238.134.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855601/; classtype:trojan-activity;sid:84718701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.45.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855600/; classtype:trojan-activity;sid:84718700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855599/; classtype:trojan-activity;sid:84718699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.104.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855598/; classtype:trojan-activity;sid:84718698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=42bab1f1-c925-4cfa-a62f-a7251a7e3a00"; depth:47; endswith; nocase; http.host; content:"sybxhd9s.stgsolar.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855597/; classtype:trojan-activity;sid:84718697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.11.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855596/; classtype:trojan-activity;sid:84718696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=862160bd-f5cf-4e24-968e-db4773bf36f6"; depth:47; endswith; nocase; http.host; content:"t5kfgfm1.stgsolar.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855595/; classtype:trojan-activity;sid:84718695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c841dc5d-d5c0-409d-b4d1-0c5d59e90e1c"; depth:37; endswith; nocase; http.host; content:"wjyfieh.evaz.io"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855594/; classtype:trojan-activity;sid:84718694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.248.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855593/; classtype:trojan-activity;sid:84718693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/47e13163-4936-44f4-9177-dca343b7f257"; depth:37; endswith; nocase; http.host; content:"bphiipa.evaz.io"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855592/; classtype:trojan-activity;sid:84718692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.33.125"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855591/; classtype:trojan-activity;sid:84718691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.106.233"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855590/; classtype:trojan-activity;sid:84718690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.249.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855589/; classtype:trojan-activity;sid:84718689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/41b0ae46-8deb-4d74-b66e-a09c129c2ee0"; depth:37; endswith; nocase; http.host; content:"ubydanl.doppe.io"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855588/; classtype:trojan-activity;sid:84718688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.37.104.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855587/; classtype:trojan-activity;sid:84718687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.149.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855586/; classtype:trojan-activity;sid:84718686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.249.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855585/; classtype:trojan-activity;sid:84718685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"163.142.85.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855584/; classtype:trojan-activity;sid:84718684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_662e996bd75d812c.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855583/; classtype:trojan-activity;sid:84718683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.224.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855582/; classtype:trojan-activity;sid:84718682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57f4c1c3-6ab2-4728-8462-c37c6b020a1d"; depth:37; endswith; nocase; http.host; content:"iscpbxp.datastella.co"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855581/; classtype:trojan-activity;sid:84718681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.149.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855580/; classtype:trojan-activity;sid:84718680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.85.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855579/; classtype:trojan-activity;sid:84718679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.224.14"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855578/; classtype:trojan-activity;sid:84718678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=0e70ccd3-067b-4b8b-a1f1-735c9d5e0338"; depth:47; endswith; nocase; http.host; content:"2dzxuao7.parossag.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855577/; classtype:trojan-activity;sid:84718677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.246.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855576/; classtype:trojan-activity;sid:84718676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b1911583-a43e-46de-b9ca-7c868ac518d6"; depth:37; endswith; nocase; http.host; content:"tspdegr.askvava.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855575/; classtype:trojan-activity;sid:84718675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855574/; classtype:trojan-activity;sid:84718674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.x86_64"; depth:12; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855572/; classtype:trojan-activity;sid:84718672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.x86"; depth:9; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855573/; classtype:trojan-activity;sid:84718673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a"; depth:2; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855566/; classtype:trojan-activity;sid:84718666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.arm7"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855567/; classtype:trojan-activity;sid:84718667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.arm6"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855568/; classtype:trojan-activity;sid:84718668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.arm4"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855569/; classtype:trojan-activity;sid:84718669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.mips"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855570/; classtype:trojan-activity;sid:84718670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data.arm5"; depth:10; endswith; nocase; http.host; content:"169.40.104.99"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855571/; classtype:trojan-activity;sid:84718671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.243.140.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855565/; classtype:trojan-activity;sid:84718665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.13.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855564/; classtype:trojan-activity;sid:84718664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.88.201.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855563/; classtype:trojan-activity;sid:84718663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.149.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855562/; classtype:trojan-activity;sid:84718662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.25.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855561/; classtype:trojan-activity;sid:84718661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.70.110"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855560/; classtype:trojan-activity;sid:84718660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.73.18.206"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855559/; classtype:trojan-activity;sid:84718659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.149.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855558/; classtype:trojan-activity;sid:84718658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1f95373-7bb0-4684-93d4-90dcdd71debb"; depth:37; endswith; nocase; http.host; content:"qkexyga.wlwyb.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855557/; classtype:trojan-activity;sid:84718657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.51.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855555/; classtype:trojan-activity;sid:84718655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.249.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855556/; classtype:trojan-activity;sid:84718656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.88.201.252"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855553/; classtype:trojan-activity;sid:84718653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.243.140.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855554/; classtype:trojan-activity;sid:84718654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.34.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855552/; classtype:trojan-activity;sid:84718652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.13.230"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855551/; classtype:trojan-activity;sid:84718651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.53.44.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855550/; classtype:trojan-activity;sid:84718650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.147.194.146"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855549/; classtype:trojan-activity;sid:84718649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.53.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855548/; classtype:trojan-activity;sid:84718648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.51.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855547/; classtype:trojan-activity;sid:84718647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.53.44.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855545/; classtype:trojan-activity;sid:84718645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.34.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855546/; classtype:trojan-activity;sid:84718646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.200.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855544/; classtype:trojan-activity;sid:84718644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caca14f3-4858-4415-9712-95d512e77226"; depth:37; endswith; nocase; http.host; content:"dxclneq.webrevelem.hu"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855543/; classtype:trojan-activity;sid:84718643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.138.183.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855542/; classtype:trojan-activity;sid:84718642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.240.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855541/; classtype:trojan-activity;sid:84718641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.200.219"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855539/; classtype:trojan-activity;sid:84718639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.95.231.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855540/; classtype:trojan-activity;sid:84718640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.220.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855538/; classtype:trojan-activity;sid:84718638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.138.183.35"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855537/; classtype:trojan-activity;sid:84718637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.73.18.206"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855536/; classtype:trojan-activity;sid:84718636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6e2d85f5-2c75-4159-a9a5-626a3ec33f86"; depth:37; endswith; nocase; http.host; content:"zphaxvq.technologiaiviz.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855535/; classtype:trojan-activity;sid:84718635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.220.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855534/; classtype:trojan-activity;sid:84718634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bdd96561-0d4c-4861-91e5-9c17ef41d80c"; depth:47; endswith; nocase; http.host; content:"cr9i8up3.stgsolar.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855533/; classtype:trojan-activity;sid:84718633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.240.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855532/; classtype:trojan-activity;sid:84718632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.239.252.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855531/; classtype:trojan-activity;sid:84718631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.165.85.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855530/; classtype:trojan-activity;sid:84718630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"124.95.23.224"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855529/; classtype:trojan-activity;sid:84718629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6a9a9853-13b7-49c0-ab92-57c4e9a38497"; depth:37; endswith; nocase; http.host; content:"skqchmt.visszateritok.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855528/; classtype:trojan-activity;sid:84718628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.153.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855527/; classtype:trojan-activity;sid:84718627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/53862fa5-08e5-4aaa-95b1-ef21d9a3a5c0"; depth:37; endswith; nocase; http.host; content:"sdcpqrz.zsatom.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855526/; classtype:trojan-activity;sid:84718626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.10.239.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855525/; classtype:trojan-activity;sid:84718625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.10.239.8"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855524/; classtype:trojan-activity;sid:84718624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9451ad69-245f-4392-9bd9-a0f503befb91"; depth:37; endswith; nocase; http.host; content:"umrhrnh.lampaoszlopbolt.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855523/; classtype:trojan-activity;sid:84718623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.183.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855522/; classtype:trojan-activity;sid:84718622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=7f2b9510-9693-4f68-8544-39830730a8a1"; depth:47; endswith; nocase; http.host; content:"i0gxewzq.webuyurcar.com.au"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855521/; classtype:trojan-activity;sid:84718621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855520/; classtype:trojan-activity;sid:84718620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a42a98da-b8ea-46fa-b824-e6f1ed6df1f2"; depth:37; endswith; nocase; http.host; content:"ujhtrjp.laborfotostudio.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855519/; classtype:trojan-activity;sid:84718619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.77.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855518/; classtype:trojan-activity;sid:84718618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.53.235.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855517/; classtype:trojan-activity;sid:84718617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.183.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855516/; classtype:trojan-activity;sid:84718616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.248.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855515/; classtype:trojan-activity;sid:84718615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.104.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855514/; classtype:trojan-activity;sid:84718614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.66.90"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855513/; classtype:trojan-activity;sid:84718613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.98.114"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855512/; classtype:trojan-activity;sid:84718612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.114.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855511/; classtype:trojan-activity;sid:84718611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5ec61287-dde9-4e74-84b7-3ebba7be0dbc"; depth:37; endswith; nocase; http.host; content:"rbbmdao.popi999.net"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855510/; classtype:trojan-activity;sid:84718610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.53.235.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855509/; classtype:trojan-activity;sid:84718609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.189.68.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855508/; classtype:trojan-activity;sid:84718608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ba3e4455ca48853a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855507/; classtype:trojan-activity;sid:84718607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.25.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855506/; classtype:trojan-activity;sid:84718606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.5.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855505/; classtype:trojan-activity;sid:84718605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.228.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855504/; classtype:trojan-activity;sid:84718604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.47.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855503/; classtype:trojan-activity;sid:84718603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"196.189.68.239"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855502/; classtype:trojan-activity;sid:84718602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9a286ffd-d061-4747-b81a-ad9ca5b16ba3"; depth:37; endswith; nocase; http.host; content:"wjkhmcp.sm188dvlv.cfd"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855501/; classtype:trojan-activity;sid:84718601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.5.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855500/; classtype:trojan-activity;sid:84718600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.25.172"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855499/; classtype:trojan-activity;sid:84718599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.228.164"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855498/; classtype:trojan-activity;sid:84718598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.60.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855497/; classtype:trojan-activity;sid:84718597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.47.22"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855496/; classtype:trojan-activity;sid:84718596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"5.230.74.12"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855491/; classtype:trojan-activity;sid:84718591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"5.230.74.12"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855492/; classtype:trojan-activity;sid:84718592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_x64"; depth:13; endswith; nocase; http.host; content:"5.230.74.12"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855493/; classtype:trojan-activity;sid:84718593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"5.230.74.12"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855494/; classtype:trojan-activity;sid:84718594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"5.230.74.12"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855495/; classtype:trojan-activity;sid:84718595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"5.230.74.12"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855490/; classtype:trojan-activity;sid:84718590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6101ae48-5dac-4758-a7f3-caf98bb9beca"; depth:47; endswith; nocase; http.host; content:"htcaqoat.universaltyresautos.com.au"; depth:35; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855489/; classtype:trojan-activity;sid:84718589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.228.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855488/; classtype:trojan-activity;sid:84718588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ae938762-7cde-4fab-aaf5-6dc401f7fec1"; depth:37; endswith; nocase; http.host; content:"nkqzyrf.sm188wing.cyou"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855487/; classtype:trojan-activity;sid:84718587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.241.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855486/; classtype:trojan-activity;sid:84718586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.60.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855485/; classtype:trojan-activity;sid:84718585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/09732ed4-0df6-4ba4-98bc-89853cfe3be9"; depth:37; endswith; nocase; http.host; content:"mdwkkvc.sm188login.rest"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855484/; classtype:trojan-activity;sid:84718584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.221.253.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855483/; classtype:trojan-activity;sid:84718583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.241.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855482/; classtype:trojan-activity;sid:84718582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.24.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855481/; classtype:trojan-activity;sid:84718581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.228.163"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855480/; classtype:trojan-activity;sid:84718580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.209.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855479/; classtype:trojan-activity;sid:84718579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.47.130"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855478/; classtype:trojan-activity;sid:84718578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.12.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855477/; classtype:trojan-activity;sid:84718577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.110.23.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855476/; classtype:trojan-activity;sid:84718576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.12.40"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855475/; classtype:trojan-activity;sid:84718575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/61ac6212-3cc4-49c6-9fe7-16136ac33657"; depth:37; endswith; nocase; http.host; content:"ajrnaww.sm188login.cyou"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855474/; classtype:trojan-activity;sid:84718574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.127.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855473/; classtype:trojan-activity;sid:84718573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/07602255-bd71-4f4a-a2cd-34b29dd53d32"; depth:37; endswith; nocase; http.host; content:"phijdnv.sm188login.cyou"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855472/; classtype:trojan-activity;sid:84718572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.221.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855471/; classtype:trojan-activity;sid:84718571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aa5e77e8-f76a-4699-a140-18c101cea45a"; depth:37; endswith; nocase; http.host; content:"xdmvxmt.sm188login.cyou"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855470/; classtype:trojan-activity;sid:84718570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.215.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855469/; classtype:trojan-activity;sid:84718569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.127.26"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855468/; classtype:trojan-activity;sid:84718568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.102.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855467/; classtype:trojan-activity;sid:84718567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.238.134.184"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855466/; classtype:trojan-activity;sid:84718566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855465/; classtype:trojan-activity;sid:84718565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.242.56.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855464/; classtype:trojan-activity;sid:84718564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.48.24.73"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855463/; classtype:trojan-activity;sid:84718563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.215.180"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855462/; classtype:trojan-activity;sid:84718562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.255.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855461/; classtype:trojan-activity;sid:84718561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.221.154"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855460/; classtype:trojan-activity;sid:84718560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c28ad606-0cfc-4e1a-be32-a18cceb68a28"; depth:37; endswith; nocase; http.host; content:"cxaxqwe.sm188login.cfd"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855459/; classtype:trojan-activity;sid:84718559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=e0adb66b-50eb-42c6-9fff-74f872002aac"; depth:47; endswith; nocase; http.host; content:"635k6cma.uniquetilingsa.com.au"; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855458/; classtype:trojan-activity;sid:84718558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ac1cd28e-1a92-496c-99b6-71bbf8851def"; depth:37; endswith; nocase; http.host; content:"gxhkg.sm188dvlv.skin"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855457/; classtype:trojan-activity;sid:84718557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.39.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855456/; classtype:trojan-activity;sid:84718556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/303ff662-de3b-4da7-a570-50e5970be474"; depth:37; endswith; nocase; http.host; content:"mjugj.sm188dvlv.hair"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855455/; classtype:trojan-activity;sid:84718555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"83.142.209.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855454/; classtype:trojan-activity;sid:84718554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"46.151.182.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855453/; classtype:trojan-activity;sid:84718553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"46.151.182.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855452/; classtype:trojan-activity;sid:84718552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"46.151.182.31"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855450/; classtype:trojan-activity;sid:84718550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"46.151.182.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855451/; classtype:trojan-activity;sid:84718551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.255.118"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855449/; classtype:trojan-activity;sid:84718549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.242.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855448/; classtype:trojan-activity;sid:84718548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5b113217-1aae-457f-b146-b38fef6bd1c2"; depth:37; endswith; nocase; http.host; content:"kftla.sm188login.sbs"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855447/; classtype:trojan-activity;sid:84718547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.242.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855446/; classtype:trojan-activity;sid:84718546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1cbb343a-23dd-4876-9df0-09664bdf1eba"; depth:37; endswith; nocase; http.host; content:"xxegq.sm188login.sbs"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855445/; classtype:trojan-activity;sid:84718545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.234.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855444/; classtype:trojan-activity;sid:84718544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.100.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855443/; classtype:trojan-activity;sid:84718543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.39.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855442/; classtype:trojan-activity;sid:84718542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/523b7965-c5ff-4276-9794-b8416e1b6dc7"; depth:37; endswith; nocase; http.host; content:"xsqil.sm188dvlv.skin"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855441/; classtype:trojan-activity;sid:84718541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.249.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855440/; classtype:trojan-activity;sid:84718540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.238.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855438/; classtype:trojan-activity;sid:84718538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.45.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855439/; classtype:trojan-activity;sid:84718539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.153.31"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855437/; classtype:trojan-activity;sid:84718537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.177.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855436/; classtype:trojan-activity;sid:84718536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"159.253.120.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855432/; classtype:trojan-activity;sid:84718532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"159.253.120.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855433/; classtype:trojan-activity;sid:84718533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"159.253.120.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855434/; classtype:trojan-activity;sid:84718534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"159.253.120.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855435/; classtype:trojan-activity;sid:84718535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"159.253.120.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855431/; classtype:trojan-activity;sid:84718531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"159.253.120.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855430/; classtype:trojan-activity;sid:84718530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.210.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855429/; classtype:trojan-activity;sid:84718529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.153.31"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855428/; classtype:trojan-activity;sid:84718528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.177.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855427/; classtype:trojan-activity;sid:84718527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.100.17"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855426/; classtype:trojan-activity;sid:84718526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.229.237.106"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855425/; classtype:trojan-activity;sid:84718525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.45.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855424/; classtype:trojan-activity;sid:84718524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.238.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855423/; classtype:trojan-activity;sid:84718523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c0f07c5b-1e5e-4724-b400-76d91d32b807"; depth:37; endswith; nocase; http.host; content:"rbzsq.sm188login.cfd"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855422/; classtype:trojan-activity;sid:84718522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.148.103.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855421/; classtype:trojan-activity;sid:84718521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.35.203"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855420/; classtype:trojan-activity;sid:84718520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=4e441814-11bf-4f62-a552-5a40a354f68e"; depth:47; endswith; nocase; http.host; content:"vekdf8au.srlashnbrow.com.au"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855419/; classtype:trojan-activity;sid:84718519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.65.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855418/; classtype:trojan-activity;sid:84718518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"159.253.120.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855417/; classtype:trojan-activity;sid:84718517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.229.237.106"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855416/; classtype:trojan-activity;sid:84718516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.237.11"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855415/; classtype:trojan-activity;sid:84718515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/18ba4fc2-9cb5-4779-b456-85c6418ee76c"; depth:37; endswith; nocase; http.host; content:"jbyap.sm188login.cyou"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855414/; classtype:trojan-activity;sid:84718514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.153.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855413/; classtype:trojan-activity;sid:84718513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.103.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855412/; classtype:trojan-activity;sid:84718512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proto.mpsl"; depth:11; endswith; nocase; http.host; content:"202.71.14.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855407/; classtype:trojan-activity;sid:84718507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proto.arm6"; depth:11; endswith; nocase; http.host; content:"202.71.14.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855408/; classtype:trojan-activity;sid:84718508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proto.arm7"; depth:11; endswith; nocase; http.host; content:"202.71.14.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855409/; classtype:trojan-activity;sid:84718509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proto.arm5"; depth:11; endswith; nocase; http.host; content:"202.71.14.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855410/; classtype:trojan-activity;sid:84718510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proto.mips"; depth:11; endswith; nocase; http.host; content:"202.71.14.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855411/; classtype:trojan-activity;sid:84718511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"172.168.163.190"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855406/; classtype:trojan-activity;sid:84718506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo./xqe.sh"; depth:14; endswith; nocase; http.host; content:"204.10.194.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855404/; classtype:trojan-activity;sid:84718504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rondo./jbt.sh"; depth:14; endswith; nocase; http.host; content:"204.10.194.134"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855405/; classtype:trojan-activity;sid:84718505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.231.95.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855403/; classtype:trojan-activity;sid:84718503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"37.52.153.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855402/; classtype:trojan-activity;sid:84718502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.15.12.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855401/; classtype:trojan-activity;sid:84718501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.210.238.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855400/; classtype:trojan-activity;sid:84718500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.48.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855399/; classtype:trojan-activity;sid:84718499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.18.60"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855398/; classtype:trojan-activity;sid:84718498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.210.238.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855397/; classtype:trojan-activity;sid:84718497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3fa7e99e-af1b-4dd9-9c15-e99fea0b7efd"; depth:37; endswith; nocase; http.host; content:"pable.sm188login.rest"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855396/; classtype:trojan-activity;sid:84718496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.226.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855395/; classtype:trojan-activity;sid:84718495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.12.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855394/; classtype:trojan-activity;sid:84718494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.231.95.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855393/; classtype:trojan-activity;sid:84718493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855392/; classtype:trojan-activity;sid:84718492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"171.38.42.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855391/; classtype:trojan-activity;sid:84718491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855390/; classtype:trojan-activity;sid:84718490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855385/; classtype:trojan-activity;sid:84718485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855386/; classtype:trojan-activity;sid:84718486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855387/; classtype:trojan-activity;sid:84718487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855388/; classtype:trojan-activity;sid:84718488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsrouter"; depth:16; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855389/; classtype:trojan-activity;sid:84718489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855382/; classtype:trojan-activity;sid:84718482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855383/; classtype:trojan-activity;sid:84718483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"45.84.199.79"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855384/; classtype:trojan-activity;sid:84718484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.226.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855381/; classtype:trojan-activity;sid:84718481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/be700480-6f5d-49a1-ae90-89b497d0f5ec"; depth:37; endswith; nocase; http.host; content:"rzbve.sm188login.sbs"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855380/; classtype:trojan-activity;sid:84718480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"171.38.42.108"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855379/; classtype:trojan-activity;sid:84718479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.72.28.143"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855378/; classtype:trojan-activity;sid:84718478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=6f4cb37b-040c-41a5-b3c1-bbcb836171f3"; depth:47; endswith; nocase; http.host; content:"s61j30vp.snugglebloom.com.au"; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855377/; classtype:trojan-activity;sid:84718477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.255.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855376/; classtype:trojan-activity;sid:84718476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a4422a79-8a7a-4e6a-8cca-5fa687d2b897"; depth:37; endswith; nocase; http.host; content:"advbc.sm188dvlv.hair"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855375/; classtype:trojan-activity;sid:84718475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.247.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855374/; classtype:trojan-activity;sid:84718474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.61.234"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855373/; classtype:trojan-activity;sid:84718473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.255.252"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855372/; classtype:trojan-activity;sid:84718472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/login"; depth:17; endswith; nocase; http.host; content:"8.218.120.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855371/; classtype:trojan-activity;sid:84718471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.247.55"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855370/; classtype:trojan-activity;sid:84718470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3310c827-f621-4684-98e6-4b5b043bdcc0"; depth:37; endswith; nocase; http.host; content:"zzksh.sm188dvlv.rest"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855369/; classtype:trojan-activity;sid:84718469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.224.0.246"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855368/; classtype:trojan-activity;sid:84718468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.210.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855367/; classtype:trojan-activity;sid:84718467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.0.246"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855366/; classtype:trojan-activity;sid:84718466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.220.86"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855365/; classtype:trojan-activity;sid:84718465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8e4b67f6-384e-4cff-b029-ae179948e31d"; depth:37; endswith; nocase; http.host; content:"wrjfn.wlwyb.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855364/; classtype:trojan-activity;sid:84718464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.24.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855363/; classtype:trojan-activity;sid:84718463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.76.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855362/; classtype:trojan-activity;sid:84718462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=|7c|26|7c|c=move0to0other0sc|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; depth:175; endswith; nocase; http.host; content:"femilessn.top"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855361/; classtype:trojan-activity;sid:84718461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d96de9685eddc8d9.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855359/; classtype:trojan-activity;sid:84718459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_0d2d22ba78aa7fcd.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855360/; classtype:trojan-activity;sid:84718460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.76.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855358/; classtype:trojan-activity;sid:84718458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855357/; classtype:trojan-activity;sid:84718457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.215.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855356/; classtype:trojan-activity;sid:84718456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.201.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855355/; classtype:trojan-activity;sid:84718455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.103.121.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855354/; classtype:trojan-activity;sid:84718454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a054d958-c1f5-40b7-8de6-0a1e9a904c46"; depth:37; endswith; nocase; http.host; content:"wzpmw.webrevelem.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855353/; classtype:trojan-activity;sid:84718453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.24.172"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855352/; classtype:trojan-activity;sid:84718452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.137.176.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855351/; classtype:trojan-activity;sid:84718451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.215.103"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855350/; classtype:trojan-activity;sid:84718450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.221.253.208"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855349/; classtype:trojan-activity;sid:84718449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855348/; classtype:trojan-activity;sid:84718448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/df0a2bd973a1"; depth:15; endswith; nocase; http.host; content:"hexfiles.top"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855347/; classtype:trojan-activity;sid:84718447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/270ed203a388"; depth:15; endswith; nocase; http.host; content:"hexfiles.top"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855346/; classtype:trojan-activity;sid:84718446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=d985e9d3-06bd-4cf5-9b50-188c9451a6b6"; depth:47; endswith; nocase; http.host; content:"avjquzsd.seresniki.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855345/; classtype:trojan-activity;sid:84718445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.179.236.181"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855344/; classtype:trojan-activity;sid:84718444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.56.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855343/; classtype:trojan-activity;sid:84718443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855342/; classtype:trojan-activity;sid:84718442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.162.51.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855341/; classtype:trojan-activity;sid:84718441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef9b687c-b972-45f2-8479-af2e85dc341c"; depth:37; endswith; nocase; http.host; content:"tiemj.technologiaiviz.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855340/; classtype:trojan-activity;sid:84718440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.102.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855339/; classtype:trojan-activity;sid:84718439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.76.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855338/; classtype:trojan-activity;sid:84718438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_90f7a777377c2eee.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855337/; classtype:trojan-activity;sid:84718437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_9ccec9397e556e69.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855335/; classtype:trojan-activity;sid:84718435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3cd2ec64936efbf4.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855336/; classtype:trojan-activity;sid:84718436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_8f99359c1d45a20b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855334/; classtype:trojan-activity;sid:84718434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0095332-c29a-441b-a6a2-997df8e339e7/goog.ct"; depth:45; endswith; nocase; http.host; content:"jnyut.zsatom.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855333/; classtype:trojan-activity;sid:84718433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_cdd4d99f6260455f.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855331/; classtype:trojan-activity;sid:84718431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_e4b01466ba6c7a93.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855332/; classtype:trojan-activity;sid:84718432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.2.23"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855330/; classtype:trojan-activity;sid:84718430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.105.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855329/; classtype:trojan-activity;sid:84718429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"14.128.50.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855328/; classtype:trojan-activity;sid:84718428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.89.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855327/; classtype:trojan-activity;sid:84718427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"31.162.51.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855326/; classtype:trojan-activity;sid:84718426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.76.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855324/; classtype:trojan-activity;sid:84718424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.56.176.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855325/; classtype:trojan-activity;sid:84718425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/519431b8-bde5-4702-af31-65b311f9cd52"; depth:37; endswith; nocase; http.host; content:"hvpho.visszateritok.hu"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855323/; classtype:trojan-activity;sid:84718423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.105.82"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855322/; classtype:trojan-activity;sid:84718422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.96.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855321/; classtype:trojan-activity;sid:84718421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.229.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855319/; classtype:trojan-activity;sid:84718419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.89.150.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855320/; classtype:trojan-activity;sid:84718420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.31.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855318/; classtype:trojan-activity;sid:84718418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.105.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855317/; classtype:trojan-activity;sid:84718417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.10.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855316/; classtype:trojan-activity;sid:84718416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.149.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855315/; classtype:trojan-activity;sid:84718415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.72.28.143"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855314/; classtype:trojan-activity;sid:84718414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.165.85.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855313/; classtype:trojan-activity;sid:84718413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bcaaf201-5fb2-4066-aaf0-779e6267e159"; depth:37; endswith; nocase; http.host; content:"tehpm.zsatom.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855312/; classtype:trojan-activity;sid:84718412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.89.150.219"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855311/; classtype:trojan-activity;sid:84718411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb24.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855310/; classtype:trojan-activity;sid:84718410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb26.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855302/; classtype:trojan-activity;sid:84718402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb15.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855303/; classtype:trojan-activity;sid:84718403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb30.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855304/; classtype:trojan-activity;sid:84718404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb28.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855305/; classtype:trojan-activity;sid:84718405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb27.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855306/; classtype:trojan-activity;sid:84718406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb16.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855307/; classtype:trojan-activity;sid:84718407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb14.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855308/; classtype:trojan-activity;sid:84718408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb29.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855309/; classtype:trojan-activity;sid:84718409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb17.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855300/; classtype:trojan-activity;sid:84718400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb20.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855301/; classtype:trojan-activity;sid:84718401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb21.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855295/; classtype:trojan-activity;sid:84718395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb19.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855296/; classtype:trojan-activity;sid:84718396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb18.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855297/; classtype:trojan-activity;sid:84718397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb23.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855298/; classtype:trojan-activity;sid:84718398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb22.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855299/; classtype:trojan-activity;sid:84718399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb11.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855292/; classtype:trojan-activity;sid:84718392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb12.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855293/; classtype:trojan-activity;sid:84718393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lb13.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855294/; classtype:trojan-activity;sid:84718394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.31.205"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855291/; classtype:trojan-activity;sid:84718391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.79.160.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855290/; classtype:trojan-activity;sid:84718390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.236.100.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855289/; classtype:trojan-activity;sid:84718389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.96.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855287/; classtype:trojan-activity;sid:84718387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.4.149.209"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855288/; classtype:trojan-activity;sid:84718388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2c0b51f8-977d-4aca-b8c0-5b5b488ac633"; depth:47; endswith; nocase; http.host; content:"dsc8ybog.schleer.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855286/; classtype:trojan-activity;sid:84718386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.15.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855284/; classtype:trojan-activity;sid:84718384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.103.176"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855285/; classtype:trojan-activity;sid:84718385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/649961c9-a4ad-47db-9ccf-090206987e4b"; depth:37; endswith; nocase; http.host; content:"qaezg.sm188akurat.sbs"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855283/; classtype:trojan-activity;sid:84718383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.90.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855282/; classtype:trojan-activity;sid:84718382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.26.195.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855281/; classtype:trojan-activity;sid:84718381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.236.100.191"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855280/; classtype:trojan-activity;sid:84718380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.90.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855279/; classtype:trojan-activity;sid:84718379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.173.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855278/; classtype:trojan-activity;sid:84718378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.10.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855277/; classtype:trojan-activity;sid:84718377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.113.15.105"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855276/; classtype:trojan-activity;sid:84718376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f51dd4fa-bba5-4107-ae67-8827e1131458"; depth:37; endswith; nocase; http.host; content:"mfrpd.sm188daftar.cfd"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855275/; classtype:trojan-activity;sid:84718375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97018d57-874a-4e5a-a011-894d422e3a6f"; depth:37; endswith; nocase; http.host; content:"tooca.sm188daftar.skin"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855274/; classtype:trojan-activity;sid:84718374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"121.202.215.196"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855273/; classtype:trojan-activity;sid:84718373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.173.24"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855272/; classtype:trojan-activity;sid:84718372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.67.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855271/; classtype:trojan-activity;sid:84718371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.240.255.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855270/; classtype:trojan-activity;sid:84718370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.205.92"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855269/; classtype:trojan-activity;sid:84718369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855268/; classtype:trojan-activity;sid:84718368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.240.255.49"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855267/; classtype:trojan-activity;sid:84718367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.155.69"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855266/; classtype:trojan-activity;sid:84718366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.67.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855265/; classtype:trojan-activity;sid:84718365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.166.209.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855264/; classtype:trojan-activity;sid:84718364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.0.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855263/; classtype:trojan-activity;sid:84718363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.3.243"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855262/; classtype:trojan-activity;sid:84718362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b85b1637-1849-4b75-bdbe-a7c462b5a26e"; depth:37; endswith; nocase; http.host; content:"qbtnd.sm188dvlv.cfd"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855261/; classtype:trojan-activity;sid:84718361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855260/; classtype:trojan-activity;sid:84718360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm6"; depth:23; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855257/; classtype:trojan-activity;sid:84718357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.ppc"; depth:22; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855258/; classtype:trojan-activity;sid:84718358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm5"; depth:23; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855259/; classtype:trojan-activity;sid:84718359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm7"; depth:23; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855256/; classtype:trojan-activity;sid:84718356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arm"; depth:22; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855249/; classtype:trojan-activity;sid:84718349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mips"; depth:23; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855250/; classtype:trojan-activity;sid:84718350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86"; depth:22; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855251/; classtype:trojan-activity;sid:84718351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.sh4"; depth:22; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855252/; classtype:trojan-activity;sid:84718352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.arc"; depth:22; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855253/; classtype:trojan-activity;sid:84718353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.m68k"; depth:23; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855254/; classtype:trojan-activity;sid:84718354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.mpsl"; depth:23; endswith; nocase; http.host; content:"176.65.139.77"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855255/; classtype:trojan-activity;sid:84718355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.115.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855248/; classtype:trojan-activity;sid:84718348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=044148fa-e522-4250-85a3-8806814165d4"; depth:47; endswith; nocase; http.host; content:"nblvwres.stgsolar.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855247/; classtype:trojan-activity;sid:84718347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855246/; classtype:trojan-activity;sid:84718346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855245/; classtype:trojan-activity;sid:84718345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855239/; classtype:trojan-activity;sid:84718339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855240/; classtype:trojan-activity;sid:84718340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855241/; classtype:trojan-activity;sid:84718341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855242/; classtype:trojan-activity;sid:84718342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855243/; classtype:trojan-activity;sid:84718343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855244/; classtype:trojan-activity;sid:84718344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855238/; classtype:trojan-activity;sid:84718338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"140.237.6.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855237/; classtype:trojan-activity;sid:84718337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_666e9cf30b4ca362.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855236/; classtype:trojan-activity;sid:84718336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.114.250.81"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855235/; classtype:trojan-activity;sid:84718335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b9f5fb58-c055-435a-a1ca-5d1f6e5df1d0"; depth:37; endswith; nocase; http.host; content:"pixey.lampaoszlopbolt.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855234/; classtype:trojan-activity;sid:84718334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.79.160.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855233/; classtype:trojan-activity;sid:84718333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.66.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855232/; classtype:trojan-activity;sid:84718332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.15.9.25"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855231/; classtype:trojan-activity;sid:84718331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/well/random.exe/"; depth:17; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855229/; classtype:trojan-activity;sid:84718329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom/random.exe"; depth:16; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855230/; classtype:trojan-activity;sid:84718330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cost/build.exe"; depth:15; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855225/; classtype:trojan-activity;sid:84718325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nah11/file.exe"; depth:15; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855226/; classtype:trojan-activity;sid:84718326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1e6327727d411740.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855227/; classtype:trojan-activity;sid:84718327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d369551b73a17113.msi/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855228/; classtype:trojan-activity;sid:84718328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.66.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855224/; classtype:trojan-activity;sid:84718324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_7d01c44e3628c3f5.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855197/; classtype:trojan-activity;sid:84718297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_91aca91ebbe1b031.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855198/; classtype:trojan-activity;sid:84718298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f82e3c02c153f34c.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855199/; classtype:trojan-activity;sid:84718299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opvjr94jfe/index.php"; depth:21; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855200/; classtype:trojan-activity;sid:84718300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b0b4b0878640b39e.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855201/; classtype:trojan-activity;sid:84718301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8717422379/bkrjaut.exe07ab97d7aeesdb"; depth:43; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855202/; classtype:trojan-activity;sid:84718302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8370492159/5buqavl.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855203/; classtype:trojan-activity;sid:84718303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/7377994722/cyqxspn.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855204/; classtype:trojan-activity;sid:84718304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_493059e7d0c25c4e.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855205/; classtype:trojan-activity;sid:84718305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/8370492159/090uxhz.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855206/; classtype:trojan-activity;sid:84718306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_58172909a01f97ec.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855207/; classtype:trojan-activity;sid:84718307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_ca18e602c7a72d9c.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855208/; classtype:trojan-activity;sid:84718308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_7df0584ffde92dad.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855209/; classtype:trojan-activity;sid:84718309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_05e451303f19b057.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855210/; classtype:trojan-activity;sid:84718310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_3128548b360e043a.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855211/; classtype:trojan-activity;sid:84718311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/1781548144/xfsds2p.exe"; depth:29; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855212/; classtype:trojan-activity;sid:84718312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_8829a458a496e6ef.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855213/; classtype:trojan-activity;sid:84718313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_fd7b5d0935bcfaad.exe/"; depth:49; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855214/; classtype:trojan-activity;sid:84718314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/am2.exe"; depth:12; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855215/; classtype:trojan-activity;sid:84718315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps/zcakwdnvadwd.ps1"; depth:20; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855216/; classtype:trojan-activity;sid:84718316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mem/program.exe"; depth:16; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855217/; classtype:trojan-activity;sid:84718317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/div/55.ps1"; depth:11; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855218/; classtype:trojan-activity;sid:84718318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/div/53.ps1"; depth:11; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855219/; classtype:trojan-activity;sid:84718319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nah11/file.exe/"; depth:16; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855220/; classtype:trojan-activity;sid:84718320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nah11/test.exe"; depth:15; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855221/; classtype:trojan-activity;sid:84718321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mem/program.exe/"; depth:17; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855222/; classtype:trojan-activity;sid:84718322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/at11/random.exe"; depth:16; endswith; nocase; http.host; content:"89.125.188.171"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855223/; classtype:trojan-activity;sid:84718323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/believepuppet"; depth:14; endswith; nocase; http.host; content:"paste.sensio.no"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855196/; classtype:trojan-activity;sid:84718296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gs/gamechanger.js"; depth:18; endswith; nocase; http.host; content:"kollins.co.za"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855195/; classtype:trojan-activity;sid:84718295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855194/; classtype:trojan-activity;sid:84718294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.224.65.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855193/; classtype:trojan-activity;sid:84718293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6ns9-9zty-n247-ux3j/img_qehyar.png"; depth:35; endswith; nocase; http.host; content:"small-morning-8be0.fsocietyandtools.workers.dev"; depth:47; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855192/; classtype:trojan-activity;sid:84718292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stego_payload.png"; depth:18; endswith; nocase; http.host; content:"ritubohara.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855191/; classtype:trojan-activity;sid:84718291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imag.png"; depth:9; endswith; nocase; http.host; content:"ritubohara.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855190/; classtype:trojan-activity;sid:84718290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syst3md"; depth:8; endswith; nocase; http.host; content:"62.60.130.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855188/; classtype:trojan-activity;sid:84718288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/log"; depth:4; endswith; nocase; http.host; content:"62.60.130.237"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855189/; classtype:trojan-activity;sid:84718289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"138.204.196.136"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855187/; classtype:trojan-activity;sid:84718287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=63e88b25-86dc-4131-a28f-69a71dca394e"; depth:47; endswith; nocase; http.host; content:"dvzzer4n.parossag.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855186/; classtype:trojan-activity;sid:84718286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.1.15"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855185/; classtype:trojan-activity;sid:84718285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.56.232.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855184/; classtype:trojan-activity;sid:84718284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a479652d-1bb1-45d0-a83a-94e4b238fe0d"; depth:37; endswith; nocase; http.host; content:"fjtdm.sm188wing.cyou"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855183/; classtype:trojan-activity;sid:84718283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.115.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855181/; classtype:trojan-activity;sid:84718281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.26.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855182/; classtype:trojan-activity;sid:84718282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.52.1.15"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855180/; classtype:trojan-activity;sid:84718280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20dcb803-2bfa-44e4-8390-def8fb97d642"; depth:37; endswith; nocase; http.host; content:"gzhcn.sm188login.sbs"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855179/; classtype:trojan-activity;sid:84718279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.26.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855178/; classtype:trojan-activity;sid:84718278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//mips"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855176/; classtype:trojan-activity;sid:84718276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"154.89.148.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855177/; classtype:trojan-activity;sid:84718277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//x86"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855170/; classtype:trojan-activity;sid:84718270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.m68k"; depth:21; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855171/; classtype:trojan-activity;sid:84718271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sh4"; depth:20; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855172/; classtype:trojan-activity;sid:84718272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm"; depth:20; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855173/; classtype:trojan-activity;sid:84718273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.ppc"; depth:20; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855174/; classtype:trojan-activity;sid:84718274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.i686"; depth:21; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855175/; classtype:trojan-activity;sid:84718275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sh4"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855163/; classtype:trojan-activity;sid:84718263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sparc"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855164/; classtype:trojan-activity;sid:84718264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm5"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855165/; classtype:trojan-activity;sid:84718265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855166/; classtype:trojan-activity;sid:84718266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//m68k"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855167/; classtype:trojan-activity;sid:84718267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//ppc"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855168/; classtype:trojan-activity;sid:84718268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm6"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855169/; classtype:trojan-activity;sid:84718269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips"; depth:21; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855155/; classtype:trojan-activity;sid:84718255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm5"; depth:21; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855156/; classtype:trojan-activity;sid:84718256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm7"; depth:21; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855157/; classtype:trojan-activity;sid:84718257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arm6"; depth:21; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855158/; classtype:trojan-activity;sid:84718258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mpsl"; depth:21; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855159/; classtype:trojan-activity;sid:84718259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.arc"; depth:20; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855160/; classtype:trojan-activity;sid:84718260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86"; depth:20; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855161/; classtype:trojan-activity;sid:84718261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//i686"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855162/; classtype:trojan-activity;sid:84718262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.mips64"; depth:23; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855153/; classtype:trojan-activity;sid:84718253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"202.107.69.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855154/; classtype:trojan-activity;sid:84718254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.sparc"; depth:22; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855152/; classtype:trojan-activity;sid:84718252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/space.x86_64"; depth:23; endswith; nocase; http.host; content:"159.65.6.197"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855151/; classtype:trojan-activity;sid:84718251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//x86_64"; depth:8; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855146/; classtype:trojan-activity;sid:84718246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arc"; depth:5; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855147/; classtype:trojan-activity;sid:84718247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//mipsl"; depth:7; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855148/; classtype:trojan-activity;sid:84718248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//mips64"; depth:8; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855149/; classtype:trojan-activity;sid:84718249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm7"; depth:6; endswith; nocase; http.host; content:"176.65.139.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855150/; classtype:trojan-activity;sid:84718250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.144.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855145/; classtype:trojan-activity;sid:84718245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npc"; depth:4; endswith; nocase; http.host; content:"38.47.108.62"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855144/; classtype:trojan-activity;sid:84718244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855137/; classtype:trojan-activity;sid:84718237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsrouter"; depth:16; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855138/; classtype:trojan-activity;sid:84718238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855139/; classtype:trojan-activity;sid:84718239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855140/; classtype:trojan-activity;sid:84718240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855141/; classtype:trojan-activity;sid:84718241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855142/; classtype:trojan-activity;sid:84718242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855143/; classtype:trojan-activity;sid:84718243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855133/; classtype:trojan-activity;sid:84718233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855134/; classtype:trojan-activity;sid:84718234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855135/; classtype:trojan-activity;sid:84718235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855136/; classtype:trojan-activity;sid:84718236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/kythy1.exe"; depth:20; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855131/; classtype:trojan-activity;sid:84718231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e3fba633-a8bf-4401-9a73-ea5cf79d0858"; depth:37; endswith; nocase; http.host; content:"zqyij.sm188login.rest"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855132/; classtype:trojan-activity;sid:84718232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855130/; classtype:trojan-activity;sid:84718230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nancore.msi"; depth:12; endswith; nocase; http.host; content:"admirable-dolphin-7483f8.netlify.app"; depth:36; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855129/; classtype:trojan-activity;sid:84718229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.41.226.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855128/; classtype:trojan-activity;sid:84718228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/crz.exe"; depth:17; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855127/; classtype:trojan-activity;sid:84718227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jufprujs.exe"; depth:22; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855126/; classtype:trojan-activity;sid:84718226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/kjljljw9.exe"; depth:22; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855125/; classtype:trojan-activity;sid:84718225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/kythy.exe"; depth:15; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855124/; classtype:trojan-activity;sid:84718224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/onbud.exe"; depth:19; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855119/; classtype:trojan-activity;sid:84718219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vwaht.exe"; depth:19; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855120/; classtype:trojan-activity;sid:84718220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/ljhkkuu7.exe"; depth:22; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855121/; classtype:trojan-activity;sid:84718221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/kuhjkuh9.exe"; depth:22; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855122/; classtype:trojan-activity;sid:84718222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/inus.exe"; depth:18; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855123/; classtype:trojan-activity;sid:84718223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/bjbh.exe"; depth:14; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855116/; classtype:trojan-activity;sid:84718216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/hnmh.exe"; depth:14; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855117/; classtype:trojan-activity;sid:84718217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/ojujn.exe"; depth:15; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855118/; classtype:trojan-activity;sid:84718218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/kliulij.exe"; depth:17; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855115/; classtype:trojan-activity;sid:84718215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/ww7.exe"; depth:17; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855113/; classtype:trojan-activity;sid:84718213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/gxjgd.exe"; depth:19; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855114/; classtype:trojan-activity;sid:84718214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/cry.exe"; depth:17; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855111/; classtype:trojan-activity;sid:84718211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vibo.exe"; depth:18; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855112/; classtype:trojan-activity;sid:84718212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jghkyh7.exe"; depth:21; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855108/; classtype:trojan-activity;sid:84718208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vbiqp.exe"; depth:19; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855109/; classtype:trojan-activity;sid:84718209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/somaliacruises.exe"; depth:28; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855110/; classtype:trojan-activity;sid:84718210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/urgoy.exe"; depth:19; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855100/; classtype:trojan-activity;sid:84718200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/hkdfkhfd19.exe"; depth:24; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855101/; classtype:trojan-activity;sid:84718201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/beb.exe"; depth:17; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855102/; classtype:trojan-activity;sid:84718202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/hjbk.exe"; depth:14; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855103/; classtype:trojan-activity;sid:84718203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/jhgkuyyg.exe"; depth:18; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855104/; classtype:trojan-activity;sid:84718204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/u.exe"; depth:15; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855105/; classtype:trojan-activity;sid:84718205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jlffdd.exe"; depth:20; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855106/; classtype:trojan-activity;sid:84718206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/cxmfd.exe"; depth:19; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855107/; classtype:trojan-activity;sid:84718207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vkkqj.exe"; depth:19; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855098/; classtype:trojan-activity;sid:84718198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/gkguied.exe"; depth:21; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855099/; classtype:trojan-activity;sid:84718199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/sdfdsf.exe"; depth:20; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855095/; classtype:trojan-activity;sid:84718195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/statingconnectors.exe"; depth:31; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855096/; classtype:trojan-activity;sid:84718196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jkhkj7.exe"; depth:20; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855097/; classtype:trojan-activity;sid:84718197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/cuservice.exe"; depth:23; endswith; nocase; http.host; content:"host4file.cc"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855094/; classtype:trojan-activity;sid:84718194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/crz.exe"; depth:17; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855093/; classtype:trojan-activity;sid:84718193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/beb.exe"; depth:17; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855091/; classtype:trojan-activity;sid:84718191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jufprujs.exe"; depth:22; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855092/; classtype:trojan-activity;sid:84718192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vibo.exe"; depth:18; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855087/; classtype:trojan-activity;sid:84718187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vwaht.exe"; depth:19; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855088/; classtype:trojan-activity;sid:84718188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/inus.exe"; depth:18; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855089/; classtype:trojan-activity;sid:84718189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/onbud.exe"; depth:19; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855090/; classtype:trojan-activity;sid:84718190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/bjbh.exe"; depth:14; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855081/; classtype:trojan-activity;sid:84718181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/u.exe"; depth:15; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855082/; classtype:trojan-activity;sid:84718182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/kjljljw9.exe"; depth:22; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855083/; classtype:trojan-activity;sid:84718183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jghkyh7.exe"; depth:21; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855084/; classtype:trojan-activity;sid:84718184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/kythy1.exe"; depth:20; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855085/; classtype:trojan-activity;sid:84718185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/ljhkkuu7.exe"; depth:22; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855086/; classtype:trojan-activity;sid:84718186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/hnmh.exe"; depth:14; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855080/; classtype:trojan-activity;sid:84718180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/ojujn.exe"; depth:15; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855076/; classtype:trojan-activity;sid:84718176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/hjbk.exe"; depth:14; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855077/; classtype:trojan-activity;sid:84718177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jkhkj7.exe"; depth:20; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855078/; classtype:trojan-activity;sid:84718178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/ww7.exe"; depth:17; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855079/; classtype:trojan-activity;sid:84718179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/gkguied.exe"; depth:21; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855070/; classtype:trojan-activity;sid:84718170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/kythy.exe"; depth:15; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855071/; classtype:trojan-activity;sid:84718171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/jhgkuyyg.exe"; depth:18; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855072/; classtype:trojan-activity;sid:84718172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/hkdfkhfd19.exe"; depth:24; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855073/; classtype:trojan-activity;sid:84718173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vbiqp.exe"; depth:19; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855074/; classtype:trojan-activity;sid:84718174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/kliulij.exe"; depth:17; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855075/; classtype:trojan-activity;sid:84718175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/jlffdd.exe"; depth:20; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855069/; classtype:trojan-activity;sid:84718169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/cuservice.exe"; depth:23; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855066/; classtype:trojan-activity;sid:84718166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/sdfdsf.exe"; depth:20; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855067/; classtype:trojan-activity;sid:84718167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/somaliacruises.exe"; depth:28; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855068/; classtype:trojan-activity;sid:84718168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/statingconnectors.exe"; depth:31; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855065/; classtype:trojan-activity;sid:84718165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/gxjgd.exe"; depth:19; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855063/; classtype:trojan-activity;sid:84718163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/cxmfd.exe"; depth:19; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855064/; classtype:trojan-activity;sid:84718164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/cry.exe"; depth:17; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855062/; classtype:trojan-activity;sid:84718162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/kuhjkuh9.exe"; depth:22; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855061/; classtype:trojan-activity;sid:84718161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/urgoy.exe"; depth:19; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855060/; classtype:trojan-activity;sid:84718160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/load/os1/vkkqj.exe"; depth:19; endswith; nocase; http.host; content:"cloud55file.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855059/; classtype:trojan-activity;sid:84718159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.aarch64"; depth:13; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855057/; classtype:trojan-activity;sid:84718157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attachments/1490900873822474320/1508137801701658734/clean_nightcord.rar|3f|ex=6a19b847|7c|26|7c|is=6a1866c7|7c|26|7c|hm=c3b982c7ed7e8bbcce7b6b72b1a5d374bd71378806b528d3607242b9a0f844c3|7c|26|7c|"; depth:195; endswith; nocase; http.host; content:"cdn.discordapp.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855058/; classtype:trojan-activity;sid:84718158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_7d01c44e3628c3f5.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855056/; classtype:trojan-activity;sid:84718156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"desktop-app.click"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855053/; classtype:trojan-activity;sid:84718153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/loader.sh|3f|build=94dabb3c6bb6d13338b7dadcc1432c4a"; depth:58; endswith; nocase; http.host; content:"qw4c12qqqqoepwq.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855054/; classtype:trojan-activity;sid:84718154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_45d1704c898d14f8.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855055/; classtype:trojan-activity;sid:84718155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855048/; classtype:trojan-activity;sid:84718148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855049/; classtype:trojan-activity;sid:84718149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855050/; classtype:trojan-activity;sid:84718150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"31.56.209.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855051/; classtype:trojan-activity;sid:84718151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/index.php|3f|a=dl|7c|26|7c|token=8caaf953d89478b8a7191eb32295c117a310b53ac9059d4ad69a1e397ec3b2d4|7c|26|7c|rv=ab62effa5c33ec478e5f054b773a4ee7|7c|26|7c|src=majesticlubricants.com|7c|26|7c|mode=cloudflare"; depth:208; endswith; nocase; http.host; content:"megamegalodon.click"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855052/; classtype:trojan-activity;sid:84718152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug/payload.applescript|3f|build=94dabb3c6bb6d13338b7dadcc1432c4a"; depth:68; endswith; nocase; http.host; content:"qw4c12qqqqoepwq.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855047/; classtype:trojan-activity;sid:84718147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b0b4b0878640b39e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855038/; classtype:trojan-activity;sid:84718138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_23072663be1ad896.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855039/; classtype:trojan-activity;sid:84718139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_42a45fe118a2b7f7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855040/; classtype:trojan-activity;sid:84718140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_759c91dbd997474a.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855041/; classtype:trojan-activity;sid:84718141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_58172909a01f97ec.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855042/; classtype:trojan-activity;sid:84718142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1b5fffcbdaeda72e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855043/; classtype:trojan-activity;sid:84718143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_aa41fd6af11d1007.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855044/; classtype:trojan-activity;sid:84718144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_5b4533c16578801d.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855045/; classtype:trojan-activity;sid:84718145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_1e6327727d411740.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855046/; classtype:trojan-activity;sid:84718146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2dd47b5-0d5b-45ce-9af8-2ae01b6d3085"; depth:37; endswith; nocase; http.host; content:"nzaqn.sm188login.cyou"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855037/; classtype:trojan-activity;sid:84718137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.42.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855036/; classtype:trojan-activity;sid:84718136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.54.117.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855035/; classtype:trojan-activity;sid:84718135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6d71363d-12e8-4281-826c-95ad27314a6d"; depth:37; endswith; nocase; http.host; content:"mzpyn.sm188login.cfd"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855034/; classtype:trojan-activity;sid:84718134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"221.13.149.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855033/; classtype:trojan-activity;sid:84718133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=20bb2940-3f79-4b97-92ed-730c00d1cdbe"; depth:47; endswith; nocase; http.host; content:"xqorxfh1.seresniki.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855032/; classtype:trojan-activity;sid:84718132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"206.237.30.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855031/; classtype:trojan-activity;sid:84718131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.127.115.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855030/; classtype:trojan-activity;sid:84718130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s"; depth:2; endswith; nocase; http.host; content:"154.89.148.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855029/; classtype:trojan-activity;sid:84718129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update"; depth:7; endswith; nocase; http.host; content:"154.89.148.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855027/; classtype:trojan-activity;sid:84718127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"154.89.148.115"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855028/; classtype:trojan-activity;sid:84718128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.72.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855026/; classtype:trojan-activity;sid:84718126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6e692ac2-d9aa-434b-89c2-e3c75d29488d"; depth:37; endswith; nocase; http.host; content:"uzysz.sm188dvlv.skin"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855025/; classtype:trojan-activity;sid:84718125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.20.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855024/; classtype:trojan-activity;sid:84718124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"221.13.149.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855023/; classtype:trojan-activity;sid:84718123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.127.115.133"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855022/; classtype:trojan-activity;sid:84718122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.112.42.148"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855021/; classtype:trojan-activity;sid:84718121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/71252fbe-b657-46e0-8f80-32f07391f418"; depth:37; endswith; nocase; http.host; content:"slrsd.sm188dvlv.rest"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855020/; classtype:trojan-activity;sid:84718120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.24.10.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855019/; classtype:trojan-activity;sid:84718119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f826c31f-8654-463d-9077-915c8b55ec46"; depth:37; endswith; nocase; http.host; content:"skgya.sm188dvlv.hair"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855018/; classtype:trojan-activity;sid:84718118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.41.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855017/; classtype:trojan-activity;sid:84718117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.58.146.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855016/; classtype:trojan-activity;sid:84718116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.24.10.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855015/; classtype:trojan-activity;sid:84718115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/500c64d4-983b-40aa-9359-7b4041d6bb4b"; depth:37; endswith; nocase; http.host; content:"zntck.sm188dvlv.cfd"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855014/; classtype:trojan-activity;sid:84718114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.41.226.141"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855013/; classtype:trojan-activity;sid:84718113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.202.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855012/; classtype:trojan-activity;sid:84718112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.41.122"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855011/; classtype:trojan-activity;sid:84718111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.58.146.33"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855010/; classtype:trojan-activity;sid:84718110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=c217a950-baf0-4d7c-b7ae-9f9bd27266c6"; depth:47; endswith; nocase; http.host; content:"nwtca6gs.schleer.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855009/; classtype:trojan-activity;sid:84718109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0a9ac4b6-50ac-47fc-a3df-567b10ef68c1"; depth:37; endswith; nocase; http.host; content:"gvshj.sm188daftar.skin"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855008/; classtype:trojan-activity;sid:84718108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.73.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855007/; classtype:trojan-activity;sid:84718107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.202.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855006/; classtype:trojan-activity;sid:84718106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.120.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855005/; classtype:trojan-activity;sid:84718105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.119.182.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855004/; classtype:trojan-activity;sid:84718104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.190.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855003/; classtype:trojan-activity;sid:84718103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.73.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855002/; classtype:trojan-activity;sid:84718102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a4595256-e879-47e1-993c-080129317140"; depth:37; endswith; nocase; http.host; content:"txfbc.sm188daftar.net"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855001/; classtype:trojan-activity;sid:84718101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.81.244.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855000/; classtype:trojan-activity;sid:84718100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.100.177"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854999/; classtype:trojan-activity;sid:84718099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.118.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854998/; classtype:trojan-activity;sid:84718098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/lterouter"; depth:13; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854997/; classtype:trojan-activity;sid:84718097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.183.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854996/; classtype:trojan-activity;sid:84718096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.119.182.50"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854995/; classtype:trojan-activity;sid:84718095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.190.200"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854994/; classtype:trojan-activity;sid:84718094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.98.97.91"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854993/; classtype:trojan-activity;sid:84718093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv7l"; depth:10; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854992/; classtype:trojan-activity;sid:84718092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv4l"; depth:10; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854991/; classtype:trojan-activity;sid:84718091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv5l"; depth:10; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854986/; classtype:trojan-activity;sid:84718086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mpsl"; depth:8; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854987/; classtype:trojan-activity;sid:84718087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/aarch64"; depth:11; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854988/; classtype:trojan-activity;sid:84718088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86_64"; depth:10; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854989/; classtype:trojan-activity;sid:84718089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/armv6l"; depth:10; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854990/; classtype:trojan-activity;sid:84718090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/m68k"; depth:8; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854984/; classtype:trojan-activity;sid:84718084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/sh4"; depth:7; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854985/; classtype:trojan-activity;sid:84718085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/ppc"; depth:7; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854982/; classtype:trojan-activity;sid:84718082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mips64"; depth:10; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854983/; classtype:trojan-activity;sid:84718083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/05d41b41-46d1-468c-bfa6-7fed2af2275d"; depth:37; endswith; nocase; http.host; content:"vkdif.sm188daftar.cfd"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854981/; classtype:trojan-activity;sid:84718081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.14.183.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854980/; classtype:trojan-activity;sid:84718080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/tbk"; depth:7; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854979/; classtype:trojan-activity;sid:84718079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/x86"; depth:7; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854978/; classtype:trojan-activity;sid:84718078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2/mips"; depth:8; endswith; nocase; http.host; content:"51.81.104.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854977/; classtype:trojan-activity;sid:84718077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.77.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854976/; classtype:trojan-activity;sid:84718076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.98.97.91"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854975/; classtype:trojan-activity;sid:84718075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0b8b55bc-90c6-4674-b9a7-d9634de4dfdd"; depth:37; endswith; nocase; http.host; content:"chhul.sm188akurat.sbs"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854974/; classtype:trojan-activity;sid:84718074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.155.56.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854973/; classtype:trojan-activity;sid:84718073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"39.81.244.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854972/; classtype:trojan-activity;sid:84718072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.206.90.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854971/; classtype:trojan-activity;sid:84718071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.146.86.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854970/; classtype:trojan-activity;sid:84718070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.155.56.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854969/; classtype:trojan-activity;sid:84718069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3db4852f-3eb6-434c-9be6-75086eaf3c49"; depth:37; endswith; nocase; http.host; content:"jrszz.popi999.net"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854968/; classtype:trojan-activity;sid:84718068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.245.142"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854967/; classtype:trojan-activity;sid:84718067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.227.134.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854966/; classtype:trojan-activity;sid:84718066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=f30359cb-cca7-4996-875c-24c22a93ff96"; depth:47; endswith; nocase; http.host; content:"2c5gt5bd.seresniki.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854965/; classtype:trojan-activity;sid:84718065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.52.66.88"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854964/; classtype:trojan-activity;sid:84718064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f2bab7b1-1e71-474b-a669-9858138c4605"; depth:37; endswith; nocase; http.host; content:"eibnb.slotmacau188z.bond"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854963/; classtype:trojan-activity;sid:84718063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.3.49"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854962/; classtype:trojan-activity;sid:84718062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.144.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854961/; classtype:trojan-activity;sid:84718061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.146.86.254"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854960/; classtype:trojan-activity;sid:84718060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.87.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854959/; classtype:trojan-activity;sid:84718059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.52.66.88"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854958/; classtype:trojan-activity;sid:84718058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.227.134.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854957/; classtype:trojan-activity;sid:84718057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3a64119b-4c3f-40b7-aad1-5c56c49081c9"; depth:37; endswith; nocase; http.host; content:"yznfo.slotmacau188q.hair"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854956/; classtype:trojan-activity;sid:84718056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.87.223"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854955/; classtype:trojan-activity;sid:84718055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/70e21bb2-cd57-41b2-bd96-b02416d3dccc"; depth:37; endswith; nocase; http.host; content:"hunzm.slotmacau188k.sbs"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854954/; classtype:trojan-activity;sid:84718054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proto.x86"; depth:10; endswith; nocase; http.host; content:"202.71.14.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854953/; classtype:trojan-activity;sid:84718053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.239.240.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854952/; classtype:trojan-activity;sid:84718052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854951/; classtype:trojan-activity;sid:84718051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.239.240.205"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854950/; classtype:trojan-activity;sid:84718050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d45ab30c-80eb-411e-96d9-b0f931a7885a"; depth:37; endswith; nocase; http.host; content:"ywrav.slotmacau188ab.sbs"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854949/; classtype:trojan-activity;sid:84718049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.132.95"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854948/; classtype:trojan-activity;sid:84718048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.0.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854947/; classtype:trojan-activity;sid:84718047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.132.95"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3854946/; classtype:trojan-activity;sid:84718046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cd1ff812-8dd9-4c3a-a78e-9bda5b2ffe17"; depth:37; endswith; nocase; http.host; content:"gwfsj.ski123.net"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854945/; classtype:trojan-activity;sid:84718045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.44.158"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854944/; classtype:trojan-activity;sid:84718044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=41579c05-28f3-4ca5-809a-cf79197cb464"; depth:47; endswith; nocase; http.host; content:"gec56eyc.pczrt.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854943/; classtype:trojan-activity;sid:84718043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.44.16.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854942/; classtype:trojan-activity;sid:84718042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/62424427-a4a4-4914-9053-0ab3be1f63a5"; depth:37; endswith; nocase; http.host; content:"gahay.visszateritok.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854941/; classtype:trojan-activity;sid:84718041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.44.16.187"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854940/; classtype:trojan-activity;sid:84718040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.154.183.56"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854939/; classtype:trojan-activity;sid:84718039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d6d5a86e-2b8f-4497-9e20-09f07fabd040"; depth:37; endswith; nocase; http.host; content:"eyzfh.ksfogszabalyozas.hu"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854938/; classtype:trojan-activity;sid:84718038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.207.69"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854937/; classtype:trojan-activity;sid:84718037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.254.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854936/; classtype:trojan-activity;sid:84718036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.116.114.173"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854935/; classtype:trojan-activity;sid:84718035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.247.88.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854934/; classtype:trojan-activity;sid:84718034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/af865701-e4bf-4462-9222-d47c93cc2332"; depth:37; endswith; nocase; http.host; content:"febrn.laborfotostudio.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854933/; classtype:trojan-activity;sid:84718033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.28.183"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854932/; classtype:trojan-activity;sid:84718032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.254.168"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854931/; classtype:trojan-activity;sid:84718031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.176.178.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854930/; classtype:trojan-activity;sid:84718030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.56.176.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854929/; classtype:trojan-activity;sid:84718029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.52.83.228"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854928/; classtype:trojan-activity;sid:84718028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.116.114.173"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854927/; classtype:trojan-activity;sid:84718027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/273e0892-e361-4cb3-8939-92155a5f924b"; depth:37; endswith; nocase; http.host; content:"akfzi.lampaoszlopbolt.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854926/; classtype:trojan-activity;sid:84718026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=bc6bae50-fdba-48c1-bcdb-429c08d10540"; depth:47; endswith; nocase; http.host; content:"hxoaa2b8.parossag.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854925/; classtype:trojan-activity;sid:84718025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.176.178.35"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854924/; classtype:trojan-activity;sid:84718024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.89.2"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854923/; classtype:trojan-activity;sid:84718023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.187.137.7"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854922/; classtype:trojan-activity;sid:84718022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.52.83.228"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854921/; classtype:trojan-activity;sid:84718021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.22.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854920/; classtype:trojan-activity;sid:84718020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.91.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854919/; classtype:trojan-activity;sid:84718019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.157.191.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854918/; classtype:trojan-activity;sid:84718018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.12.193.100"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854917/; classtype:trojan-activity;sid:84718017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3df77533-10c3-4773-8de7-65d9ce5a7973"; depth:37; endswith; nocase; http.host; content:"ulyow.legrandpartnerklub.hu"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854916/; classtype:trojan-activity;sid:84718016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.196.185.190"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854915/; classtype:trojan-activity;sid:84718015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"117.196.185.190"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854914/; classtype:trojan-activity;sid:84718014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.bat"; depth:9; endswith; nocase; http.host; content:"we.love.servers.at.ioflood.net"; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854911/; classtype:trojan-activity;sid:84718011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.js"; depth:8; endswith; nocase; http.host; content:"we.love.servers.at.ioflood.net"; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854912/; classtype:trojan-activity;sid:84718012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.vbs"; depth:9; endswith; nocase; http.host; content:"we.love.servers.at.ioflood.net"; depth:30; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854913/; classtype:trojan-activity;sid:84718013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.bat"; depth:9; endswith; nocase; http.host; content:"148.163.124.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854909/; classtype:trojan-activity;sid:84718009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.js"; depth:8; endswith; nocase; http.host; content:"148.163.124.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854910/; classtype:trojan-activity;sid:84718010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hold.vbs"; depth:9; endswith; nocase; http.host; content:"148.163.124.99"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854908/; classtype:trojan-activity;sid:84718008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854907/; classtype:trojan-activity;sid:84718007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854906/; classtype:trojan-activity;sid:84718006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854897/; classtype:trojan-activity;sid:84717997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854898/; classtype:trojan-activity;sid:84717998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854899/; classtype:trojan-activity;sid:84717999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854900/; classtype:trojan-activity;sid:84718000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854901/; classtype:trojan-activity;sid:84718001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854902/; classtype:trojan-activity;sid:84718002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854903/; classtype:trojan-activity;sid:84718003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854904/; classtype:trojan-activity;sid:84718004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"45.141.26.218"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854905/; classtype:trojan-activity;sid:84718005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.157.191.90"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854896/; classtype:trojan-activity;sid:84717996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.91.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854895/; classtype:trojan-activity;sid:84717995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4be3eaad-7dbf-4e92-81a6-b9731b084b38"; depth:37; endswith; nocase; http.host; content:"wiwcg.lelekbuvar.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854894/; classtype:trojan-activity;sid:84717994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.248.186.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854893/; classtype:trojan-activity;sid:84717993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_mips"; depth:12; endswith; nocase; http.host; content:"146.19.213.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854891/; classtype:trojan-activity;sid:84717991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_amd64"; depth:13; endswith; nocase; http.host; content:"parisspinsnow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854892/; classtype:trojan-activity;sid:84717992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_386"; depth:11; endswith; nocase; http.host; content:"146.19.213.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854890/; classtype:trojan-activity;sid:84717990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_arm7"; depth:12; endswith; nocase; http.host; content:"146.19.213.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854881/; classtype:trojan-activity;sid:84717981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_arm5"; depth:12; endswith; nocase; http.host; content:"146.19.213.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854882/; classtype:trojan-activity;sid:84717982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_arm5"; depth:12; endswith; nocase; http.host; content:"parisspinsnow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854883/; classtype:trojan-activity;sid:84717983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_arm7"; depth:12; endswith; nocase; http.host; content:"parisspinsnow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854884/; classtype:trojan-activity;sid:84717984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_amd64"; depth:13; endswith; nocase; http.host; content:"146.19.213.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854885/; classtype:trojan-activity;sid:84717985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_mips"; depth:12; endswith; nocase; http.host; content:"parisspinsnow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854886/; classtype:trojan-activity;sid:84717986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_mipsle"; depth:14; endswith; nocase; http.host; content:"parisspinsnow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854887/; classtype:trojan-activity;sid:84717987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_386"; depth:11; endswith; nocase; http.host; content:"parisspinsnow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854888/; classtype:trojan-activity;sid:84717988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_mipsle"; depth:14; endswith; nocase; http.host; content:"146.19.213.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854889/; classtype:trojan-activity;sid:84717989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_arm64"; depth:13; endswith; nocase; http.host; content:"146.19.213.198"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854879/; classtype:trojan-activity;sid:84717979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vulcan_arm64"; depth:13; endswith; nocase; http.host; content:"parisspinsnow.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854880/; classtype:trojan-activity;sid:84717980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.245.142"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854878/; classtype:trojan-activity;sid:84717978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4fc813e4-e453-4e2b-82bf-143da48069fe"; depth:37; endswith; nocase; http.host; content:"ucovu.lelekszepsegstudio.hu"; depth:27; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854877/; classtype:trojan-activity;sid:84717977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.248.186.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854876/; classtype:trojan-activity;sid:84717976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.169.231.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854875/; classtype:trojan-activity;sid:84717975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=46f6b009-5a99-4da7-b896-47750edede00"; depth:47; endswith; nocase; http.host; content:"2b2eg8hr.otthonfelujitasprogram2024.hu"; depth:38; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854874/; classtype:trojan-activity;sid:84717974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/97d4d20d-c486-4d48-ad99-8aebcfd58cb8"; depth:37; endswith; nocase; http.host; content:"wusjo.zsatom.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854873/; classtype:trojan-activity;sid:84717973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/78a66a83-9e77-43d1-897e-9522a5165e0a"; depth:37; endswith; nocase; http.host; content:"ncgxk.visszateritok.hu"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854872/; classtype:trojan-activity;sid:84717972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6a398c57-9c1c-4f36-8392-ce70ebccb1ce"; depth:37; endswith; nocase; http.host; content:"olakv.technologiaiviz.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854871/; classtype:trojan-activity;sid:84717971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.107.69.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854870/; classtype:trojan-activity;sid:84717970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.101.181.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854869/; classtype:trojan-activity;sid:84717969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.9.87"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854868/; classtype:trojan-activity;sid:84717968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.48.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854867/; classtype:trojan-activity;sid:84717967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0d87c4f2-e62f-49db-9b40-c5b1f89c8ebd"; depth:37; endswith; nocase; http.host; content:"cklrd.webrevelem.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854866/; classtype:trojan-activity;sid:84717966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.77.146"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854865/; classtype:trojan-activity;sid:84717965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854864/; classtype:trojan-activity;sid:84717964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854863/; classtype:trojan-activity;sid:84717963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b1c36e1a-62c8-4e83-9fb9-094e3abe8dde"; depth:37; endswith; nocase; http.host; content:"pyexv.yanis.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854862/; classtype:trojan-activity;sid:84717962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.48.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854861/; classtype:trojan-activity;sid:84717961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.101.181.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854860/; classtype:trojan-activity;sid:84717960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.164.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854859/; classtype:trojan-activity;sid:84717959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.139.110.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854858/; classtype:trojan-activity;sid:84717958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"103.179.240.227"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854857/; classtype:trojan-activity;sid:84717957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.173.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854856/; classtype:trojan-activity;sid:84717956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.215.55.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854855/; classtype:trojan-activity;sid:84717955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"36.88.136.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854853/; classtype:trojan-activity;sid:84717953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.254.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854854/; classtype:trojan-activity;sid:84717954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.22.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854852/; classtype:trojan-activity;sid:84717952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.38.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854851/; classtype:trojan-activity;sid:84717951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.57.181.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854850/; classtype:trojan-activity;sid:84717950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cae31968-5feb-4b7e-a5bf-e882433a1f9d"; depth:37; endswith; nocase; http.host; content:"ggtgi.wlwyb.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854849/; classtype:trojan-activity;sid:84717949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.139.110.237"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854848/; classtype:trojan-activity;sid:84717948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.38.211.139"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854846/; classtype:trojan-activity;sid:84717946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.215.55.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854847/; classtype:trojan-activity;sid:84717947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.254.179"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854845/; classtype:trojan-activity;sid:84717945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.173.32"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854844/; classtype:trojan-activity;sid:84717944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/838201a8-8dd2-4d37-a759-344d3733ef55"; depth:37; endswith; nocase; http.host; content:"apxij.zsatom.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854843/; classtype:trojan-activity;sid:84717943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.189.236.127"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854842/; classtype:trojan-activity;sid:84717942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=ab464c53-100e-4228-bb17-d78b5956a886"; depth:47; endswith; nocase; http.host; content:"5mk6bgje.stgsolar.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854841/; classtype:trojan-activity;sid:84717941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.37.101.71"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854840/; classtype:trojan-activity;sid:84717940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/87716bf1-74fe-42e1-8432-227afe7ee8bc"; depth:37; endswith; nocase; http.host; content:"ocjly.visszateritok.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854839/; classtype:trojan-activity;sid:84717939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.17.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854838/; classtype:trojan-activity;sid:84717938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.189.236.127"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854837/; classtype:trojan-activity;sid:84717937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.57.181.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854836/; classtype:trojan-activity;sid:84717936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.13.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854835/; classtype:trojan-activity;sid:84717935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.255.44.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854834/; classtype:trojan-activity;sid:84717934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.39.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854833/; classtype:trojan-activity;sid:84717933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/57a076b3-aab4-4815-97fa-42fd12f1b699"; depth:37; endswith; nocase; http.host; content:"xjlft.visszateritok.hu"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854832/; classtype:trojan-activity;sid:84717932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.13.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854831/; classtype:trojan-activity;sid:84717931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.21.210"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854830/; classtype:trojan-activity;sid:84717930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.113.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854829/; classtype:trojan-activity;sid:84717929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7664e16f-ca7a-4b61-8945-a8fd0f93d535"; depth:37; endswith; nocase; http.host; content:"syrzz.technologiaiviz.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854828/; classtype:trojan-activity;sid:84717928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.167.80.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854827/; classtype:trojan-activity;sid:84717927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.43.22.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854826/; classtype:trojan-activity;sid:84717926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4d9a24f-ecdf-453f-9f33-cd50a932f026"; depth:37; endswith; nocase; http.host; content:"jugha.webrevelem.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854825/; classtype:trojan-activity;sid:84717925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"42.230.42.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854824/; classtype:trojan-activity;sid:84717924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.14.36.255"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854823/; classtype:trojan-activity;sid:84717923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e54bce3b-8738-4b9f-816a-3fa5c5e8184b"; depth:37; endswith; nocase; http.host; content:"pbwmk.wlwyb.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854822/; classtype:trojan-activity;sid:84717922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"38.226.161.90"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854821/; classtype:trojan-activity;sid:84717921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=108c20ae-2f37-4225-a53d-ef4cb54cc586"; depth:47; endswith; nocase; http.host; content:"lpo88ruu.seresniki.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854820/; classtype:trojan-activity;sid:84717920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.165.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854819/; classtype:trojan-activity;sid:84717919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.165.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854818/; classtype:trojan-activity;sid:84717918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.55.165.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854817/; classtype:trojan-activity;sid:84717917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"193.26.115.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854816/; classtype:trojan-activity;sid:84717916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"193.26.115.231"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854815/; classtype:trojan-activity;sid:84717915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/899dcb3b-7bdb-473f-8556-3054cdc16cc1"; depth:37; endswith; nocase; http.host; content:"vbyiq.yanis.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854814/; classtype:trojan-activity;sid:84717914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.122.234.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854813/; classtype:trojan-activity;sid:84717913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/63c104de-63af-452f-9d62-0d5e63fe8135"; depth:37; endswith; nocase; http.host; content:"hpxqt.accredit.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854812/; classtype:trojan-activity;sid:84717912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.232.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854811/; classtype:trojan-activity;sid:84717911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.207.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854810/; classtype:trojan-activity;sid:84717910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.205.52"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854809/; classtype:trojan-activity;sid:84717909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.42.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854808/; classtype:trojan-activity;sid:84717908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.142.250.1"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854807/; classtype:trojan-activity;sid:84717907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.207.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854806/; classtype:trojan-activity;sid:84717906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3ee4530b-403c-423c-819a-fb6ca4d406d3"; depth:37; endswith; nocase; http.host; content:"amici.addmagad.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854805/; classtype:trojan-activity;sid:84717905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.122.234.103"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854804/; classtype:trojan-activity;sid:84717904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.46.149.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854803/; classtype:trojan-activity;sid:84717903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.4.177"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854802/; classtype:trojan-activity;sid:84717902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.142.250.1"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854801/; classtype:trojan-activity;sid:84717901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k"; depth:2; endswith; nocase; http.host; content:"193.135.9.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854800/; classtype:trojan-activity;sid:84717900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.bin"; depth:12; endswith; nocase; http.host; content:"103.45.68.4"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854799/; classtype:trojan-activity;sid:84717899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"103.45.68.4"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854798/; classtype:trojan-activity;sid:84717898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.dll"; depth:6; endswith; nocase; http.host; content:"103.45.68.4"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854797/; classtype:trojan-activity;sid:84717897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4e33c999-8435-4a8e-a1a1-69d1c8140539"; depth:37; endswith; nocase; http.host; content:"tpgpd.vikstore.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854796/; classtype:trojan-activity;sid:84717896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.53.123.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854795/; classtype:trojan-activity;sid:84717895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.39.235.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854794/; classtype:trojan-activity;sid:84717894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.124.160.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854793/; classtype:trojan-activity;sid:84717893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.66.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854792/; classtype:trojan-activity;sid:84717892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.148.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854791/; classtype:trojan-activity;sid:84717891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.148.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854790/; classtype:trojan-activity;sid:84717890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=14adf0cc-405b-4699-b140-e58d098f0a1c"; depth:47; endswith; nocase; http.host; content:"kb2lqx8d.schleer.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854789/; classtype:trojan-activity;sid:84717889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.230.204"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854788/; classtype:trojan-activity;sid:84717888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.145.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854787/; classtype:trojan-activity;sid:84717887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/24fdbd4a-a7ca-4351-a165-d5bac8de3bda"; depth:37; endswith; nocase; http.host; content:"xvfxe.technologiaiviz.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854786/; classtype:trojan-activity;sid:84717886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.53.123.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854785/; classtype:trojan-activity;sid:84717885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/certificado.exe"; depth:16; endswith; nocase; http.host; content:"178.16.54.243"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854784/; classtype:trojan-activity;sid:84717884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.235.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854783/; classtype:trojan-activity;sid:84717883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.48.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854782/; classtype:trojan-activity;sid:84717882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f49922ef9bcf1f82.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854781/; classtype:trojan-activity;sid:84717881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.124.160.52"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854780/; classtype:trojan-activity;sid:84717880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.x86_64"; depth:12; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854779/; classtype:trojan-activity;sid:84717879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.i486"; depth:10; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854772/; classtype:trojan-activity;sid:84717872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.m68k"; depth:10; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854773/; classtype:trojan-activity;sid:84717873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.powerpc"; depth:13; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854774/; classtype:trojan-activity;sid:84717874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sh4"; depth:9; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854775/; classtype:trojan-activity;sid:84717875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.arc"; depth:9; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854776/; classtype:trojan-activity;sid:84717876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv5l"; depth:12; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854777/; classtype:trojan-activity;sid:84717877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsel"; depth:12; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854778/; classtype:trojan-activity;sid:84717878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mips"; depth:10; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854771/; classtype:trojan-activity;sid:84717871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv6l"; depth:12; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854766/; classtype:trojan-activity;sid:84717866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv4l"; depth:12; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854767/; classtype:trojan-activity;sid:84717867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.sparc"; depth:11; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854768/; classtype:trojan-activity;sid:84717868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.armv7l"; depth:12; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854769/; classtype:trojan-activity;sid:84717869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iran.mipsrouter"; depth:16; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854770/; classtype:trojan-activity;sid:84717870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.237.48.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854765/; classtype:trojan-activity;sid:84717865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0cbf89cd-dfed-4996-8ee6-4ef05c6ef57c"; depth:37; endswith; nocase; http.host; content:"kiouc.visszateritok.hu"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854764/; classtype:trojan-activity;sid:84717864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.145.223"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854763/; classtype:trojan-activity;sid:84717863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.113.30"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854762/; classtype:trojan-activity;sid:84717862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d4f4ec34-639c-4538-bb33-d2a2a2ee559d"; depth:37; endswith; nocase; http.host; content:"igidw.visszateritok.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854761/; classtype:trojan-activity;sid:84717861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payload.sh"; depth:11; endswith; nocase; http.host; content:"45.85.218.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854760/; classtype:trojan-activity;sid:84717860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.167.80.155"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854759/; classtype:trojan-activity;sid:84717859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.188.105.51"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854758/; classtype:trojan-activity;sid:84717858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.100.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854757/; classtype:trojan-activity;sid:84717857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854751/; classtype:trojan-activity;sid:84717851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854752/; classtype:trojan-activity;sid:84717852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854753/; classtype:trojan-activity;sid:84717853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854754/; classtype:trojan-activity;sid:84717854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854755/; classtype:trojan-activity;sid:84717855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854756/; classtype:trojan-activity;sid:84717856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854749/; classtype:trojan-activity;sid:84717849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854750/; classtype:trojan-activity;sid:84717850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.55.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854748/; classtype:trojan-activity;sid:84717848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.55.11"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854747/; classtype:trojan-activity;sid:84717847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854744/; classtype:trojan-activity;sid:84717844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854745/; classtype:trojan-activity;sid:84717845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"176.65.139.36"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854746/; classtype:trojan-activity;sid:84717846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854743/; classtype:trojan-activity;sid:84717843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854741/; classtype:trojan-activity;sid:84717841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854742/; classtype:trojan-activity;sid:84717842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854732/; classtype:trojan-activity;sid:84717832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854733/; classtype:trojan-activity;sid:84717833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854734/; classtype:trojan-activity;sid:84717834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854735/; classtype:trojan-activity;sid:84717835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854736/; classtype:trojan-activity;sid:84717836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854737/; classtype:trojan-activity;sid:84717837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854738/; classtype:trojan-activity;sid:84717838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854739/; classtype:trojan-activity;sid:84717839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854740/; classtype:trojan-activity;sid:84717840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854730/; classtype:trojan-activity;sid:84717830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.111"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854731/; classtype:trojan-activity;sid:84717831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.136.142.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854729/; classtype:trojan-activity;sid:84717829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_05e451303f19b057.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854728/; classtype:trojan-activity;sid:84717828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.100.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854727/; classtype:trojan-activity;sid:84717827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0da84ce9-7ff6-4279-90d6-1c467de99519"; depth:37; endswith; nocase; http.host; content:"hrcox.zsatom.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854726/; classtype:trojan-activity;sid:84717826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.234.234.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854725/; classtype:trojan-activity;sid:84717825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854701/; classtype:trojan-activity;sid:84717801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; depth:29; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854702/; classtype:trojan-activity;sid:84717802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854703/; classtype:trojan-activity;sid:84717803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm6"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854704/; classtype:trojan-activity;sid:84717804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerx86"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854705/; classtype:trojan-activity;sid:84717805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zersh4"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854706/; classtype:trojan-activity;sid:84717806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklsh4"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854707/; classtype:trojan-activity;sid:84717807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854708/; classtype:trojan-activity;sid:84717808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854709/; classtype:trojan-activity;sid:84717809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854710/; classtype:trojan-activity;sid:84717810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; depth:37; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854711/; classtype:trojan-activity;sid:84717811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854712/; classtype:trojan-activity;sid:84717812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; depth:36; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854713/; classtype:trojan-activity;sid:84717813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklm68k"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854714/; classtype:trojan-activity;sid:84717814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854715/; classtype:trojan-activity;sid:84717815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerm68k"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854716/; classtype:trojan-activity;sid:84717816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854717/; classtype:trojan-activity;sid:84717817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklppc"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854718/; classtype:trojan-activity;sid:84717818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerppc"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854719/; classtype:trojan-activity;sid:84717819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklarm5"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854720/; classtype:trojan-activity;sid:84717820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmpsl"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854721/; classtype:trojan-activity;sid:84717821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854722/; classtype:trojan-activity;sid:84717822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854723/; classtype:trojan-activity;sid:84717823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklmips"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854724/; classtype:trojan-activity;sid:84717824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklspc"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854699/; classtype:trojan-activity;sid:84717799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jklx86"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854700/; classtype:trojan-activity;sid:84717800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerlarm7"; depth:9; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854698/; classtype:trojan-activity;sid:84717798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854696/; classtype:trojan-activity;sid:84717796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerspc"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854697/; classtype:trojan-activity;sid:84717797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/a.dyno|3f|ref_type=heads"; depth:57; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854690/; classtype:trojan-activity;sid:84717790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/b.dyno|3f|inline=false"; depth:55; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854691/; classtype:trojan-activity;sid:84717791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/t.exe|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854692/; classtype:trojan-activity;sid:84717792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/v.exe|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854693/; classtype:trojan-activity;sid:84717793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/b.dyno|3f|ref_type=heads"; depth:57; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854694/; classtype:trojan-activity;sid:84717794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/ag2.bin|3f|ref_type=heads"; depth:58; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854695/; classtype:trojan-activity;sid:84717795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854689/; classtype:trojan-activity;sid:84717789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854687/; classtype:trojan-activity;sid:84717787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854688/; classtype:trojan-activity;sid:84717788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854682/; classtype:trojan-activity;sid:84717782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854683/; classtype:trojan-activity;sid:84717783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854684/; classtype:trojan-activity;sid:84717784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854685/; classtype:trojan-activity;sid:84717785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854686/; classtype:trojan-activity;sid:84717786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v"; depth:2; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854680/; classtype:trojan-activity;sid:84717780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854681/; classtype:trojan-activity;sid:84717781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854678/; classtype:trojan-activity;sid:84717778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/weed"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854679/; classtype:trojan-activity;sid:84717779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854677/; classtype:trojan-activity;sid:84717777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phi.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854676/; classtype:trojan-activity;sid:84717776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s"; depth:2; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854675/; classtype:trojan-activity;sid:84717775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tot"; depth:4; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854674/; classtype:trojan-activity;sid:84717774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854673/; classtype:trojan-activity;sid:84717773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f"; depth:2; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854670/; classtype:trojan-activity;sid:84717770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmips"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854671/; classtype:trojan-activity;sid:84717771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/esf"; depth:4; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854672/; classtype:trojan-activity;sid:84717772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/z"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854667/; classtype:trojan-activity;sid:84717767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bork"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854668/; classtype:trojan-activity;sid:84717768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854669/; classtype:trojan-activity;sid:84717769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854666/; classtype:trojan-activity;sid:84717766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854665/; classtype:trojan-activity;sid:84717765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854664/; classtype:trojan-activity;sid:84717764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftpget.sh"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854663/; classtype:trojan-activity;sid:84717763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854662/; classtype:trojan-activity;sid:84717762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b"; depth:2; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854661/; classtype:trojan-activity;sid:84717761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nabarm4"; depth:13; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854659/; classtype:trojan-activity;sid:84717759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nkppc"; depth:11; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854660/; classtype:trojan-activity;sid:84717760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854657/; classtype:trojan-activity;sid:84717757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854658/; classtype:trojan-activity;sid:84717758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854636/; classtype:trojan-activity;sid:84717736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854637/; classtype:trojan-activity;sid:84717737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854638/; classtype:trojan-activity;sid:84717738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854639/; classtype:trojan-activity;sid:84717739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854640/; classtype:trojan-activity;sid:84717740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nksh4"; depth:11; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854641/; classtype:trojan-activity;sid:84717741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm4"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854642/; classtype:trojan-activity;sid:84717742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jklarm4"; depth:13; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854643/; classtype:trojan-activity;sid:84717743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zerarm4"; depth:13; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854644/; classtype:trojan-activity;sid:84717744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854645/; classtype:trojan-activity;sid:84717745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/nkx86"; depth:11; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854646/; classtype:trojan-activity;sid:84717746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854647/; classtype:trojan-activity;sid:84717747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854648/; classtype:trojan-activity;sid:84717748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854649/; classtype:trojan-activity;sid:84717749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm4"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854650/; classtype:trojan-activity;sid:84717750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854651/; classtype:trojan-activity;sid:84717751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854652/; classtype:trojan-activity;sid:84717752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854653/; classtype:trojan-activity;sid:84717753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splm68k"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854654/; classtype:trojan-activity;sid:84717754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854655/; classtype:trojan-activity;sid:84717755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854656/; classtype:trojan-activity;sid:84717756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm7"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854617/; classtype:trojan-activity;sid:84717717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854618/; classtype:trojan-activity;sid:84717718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854619/; classtype:trojan-activity;sid:84717719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm5"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854620/; classtype:trojan-activity;sid:84717720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm5"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854621/; classtype:trojan-activity;sid:84717721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splmpsl"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854622/; classtype:trojan-activity;sid:84717722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm6"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854623/; classtype:trojan-activity;sid:84717723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm7"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854624/; classtype:trojan-activity;sid:84717724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854625/; classtype:trojan-activity;sid:84717725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854626/; classtype:trojan-activity;sid:84717726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854627/; classtype:trojan-activity;sid:84717727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splarm"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854628/; classtype:trojan-activity;sid:84717728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splspc"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854629/; classtype:trojan-activity;sid:84717729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermpsl"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854630/; classtype:trojan-activity;sid:84717730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zerarm6"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854631/; classtype:trojan-activity;sid:84717731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splx86"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854632/; classtype:trojan-activity;sid:84717732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splsh4"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854633/; classtype:trojan-activity;sid:84717733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zermips"; depth:8; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854634/; classtype:trojan-activity;sid:84717734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/splppc"; depth:7; endswith; nocase; http.host; content:"176.65.139.164"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854635/; classtype:trojan-activity;sid:84717735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854611/; classtype:trojan-activity;sid:84717711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854612/; classtype:trojan-activity;sid:84717712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.65.9"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854613/; classtype:trojan-activity;sid:84717713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm"; depth:13; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854614/; classtype:trojan-activity;sid:84717714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.45.64.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854615/; classtype:trojan-activity;sid:84717715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dbg"; depth:4; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854616/; classtype:trojan-activity;sid:84717716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.136.142.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854610/; classtype:trojan-activity;sid:84717710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.48.238.96"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854608/; classtype:trojan-activity;sid:84717708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.234.234.250"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854609/; classtype:trojan-activity;sid:84717709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm5"; depth:14; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854599/; classtype:trojan-activity;sid:84717699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854600/; classtype:trojan-activity;sid:84717700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854601/; classtype:trojan-activity;sid:84717701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854602/; classtype:trojan-activity;sid:84717702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854603/; classtype:trojan-activity;sid:84717703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854604/; classtype:trojan-activity;sid:84717704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854605/; classtype:trojan-activity;sid:84717705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854606/; classtype:trojan-activity;sid:84717706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854607/; classtype:trojan-activity;sid:84717707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm6"; depth:14; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854597/; classtype:trojan-activity;sid:84717697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.spc"; depth:13; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854598/; classtype:trojan-activity;sid:84717698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.m68k"; depth:14; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854595/; classtype:trojan-activity;sid:84717695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm6"; depth:9; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854596/; classtype:trojan-activity;sid:84717696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854591/; classtype:trojan-activity;sid:84717691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854592/; classtype:trojan-activity;sid:84717692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854593/; classtype:trojan-activity;sid:84717693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854594/; classtype:trojan-activity;sid:84717694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/invoice.zip|3f|ref_type=heads"; depth:60; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854590/; classtype:trojan-activity;sid:84717690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854587/; classtype:trojan-activity;sid:84717687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854588/; classtype:trojan-activity;sid:84717688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854589/; classtype:trojan-activity;sid:84717689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; depth:29; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854585/; classtype:trojan-activity;sid:84717685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854586/; classtype:trojan-activity;sid:84717686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm7"; depth:9; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854578/; classtype:trojan-activity;sid:84717678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854579/; classtype:trojan-activity;sid:84717679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854580/; classtype:trojan-activity;sid:84717680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854581/; classtype:trojan-activity;sid:84717681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854582/; classtype:trojan-activity;sid:84717682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; depth:36; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854583/; classtype:trojan-activity;sid:84717683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/c/umpdc.dll|3f|inline=false"; depth:58; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854584/; classtype:trojan-activity;sid:84717684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854575/; classtype:trojan-activity;sid:84717675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mips"; depth:14; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854576/; classtype:trojan-activity;sid:84717676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mips"; depth:9; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854577/; classtype:trojan-activity;sid:84717677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854557/; classtype:trojan-activity;sid:84717657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.mpsl"; depth:14; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854558/; classtype:trojan-activity;sid:84717658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.ppc"; depth:13; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854559/; classtype:trojan-activity;sid:84717659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854560/; classtype:trojan-activity;sid:84717660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.arm7"; depth:14; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854561/; classtype:trojan-activity;sid:84717661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854562/; classtype:trojan-activity;sid:84717662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.12.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854563/; classtype:trojan-activity;sid:84717663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adb.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854564/; classtype:trojan-activity;sid:84717664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.m68k"; depth:9; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854565/; classtype:trojan-activity;sid:84717665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/run.sh"; depth:7; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854566/; classtype:trojan-activity;sid:84717666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.spc"; depth:8; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854567/; classtype:trojan-activity;sid:84717667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854568/; classtype:trojan-activity;sid:84717668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854569/; classtype:trojan-activity;sid:84717669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854570/; classtype:trojan-activity;sid:84717670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; depth:37; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854571/; classtype:trojan-activity;sid:84717671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854572/; classtype:trojan-activity;sid:84717672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854573/; classtype:trojan-activity;sid:84717673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854574/; classtype:trojan-activity;sid:84717674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cat.sh"; depth:12; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854556/; classtype:trojan-activity;sid:84717656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.sh4"; depth:13; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854554/; classtype:trojan-activity;sid:84717654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854555/; classtype:trojan-activity;sid:84717655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/dlr.x86"; depth:13; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854552/; classtype:trojan-activity;sid:84717652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.sh4"; depth:8; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854553/; classtype:trojan-activity;sid:84717653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854545/; classtype:trojan-activity;sid:84717645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.mpsl"; depth:9; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854546/; classtype:trojan-activity;sid:84717646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"176.65.139.67"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854547/; classtype:trojan-activity;sid:84717647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm"; depth:8; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854548/; classtype:trojan-activity;sid:84717648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.arm5"; depth:9; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854549/; classtype:trojan-activity;sid:84717649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.x86"; depth:8; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854550/; classtype:trojan-activity;sid:84717650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlr.ppc"; depth:8; endswith; nocase; http.host; content:"176.65.139.22"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854551/; classtype:trojan-activity;sid:84717651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"176.65.139.220"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854544/; classtype:trojan-activity;sid:84717644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.42.198"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854543/; classtype:trojan-activity;sid:84717643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2db55997-ff39-4599-9c03-2f14ad03e180"; depth:37; endswith; nocase; http.host; content:"hfikf.webrevelem.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854542/; classtype:trojan-activity;sid:84717642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/loader.zip|3f|ref_type=heads"; depth:59; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854541/; classtype:trojan-activity;sid:84717641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/fqxwnir05yr2"; depth:19; endswith; nocase; http.host; content:"tempshare.su"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854540/; classtype:trojan-activity;sid:84717640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/dk.zip|3f|ref_type=heads"; depth:55; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854538/; classtype:trojan-activity;sid:84717638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/test.zip|3f|ref_type=heads"; depth:57; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854539/; classtype:trojan-activity;sid:84717639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/s/s.exe|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854536/; classtype:trojan-activity;sid:84717636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/br.exe|3f|ref_type=heads"; depth:57; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854527/; classtype:trojan-activity;sid:84717627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/dk2.zip|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854528/; classtype:trojan-activity;sid:84717628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/c.exe|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854529/; classtype:trojan-activity;sid:84717629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/c/c.exe|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854530/; classtype:trojan-activity;sid:84717630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/a.zip|3f|ref_type=heads"; depth:54; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854531/; classtype:trojan-activity;sid:84717631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/sd.exe|3f|ref_type=heads"; depth:57; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854532/; classtype:trojan-activity;sid:84717632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/r.zip|3f|ref_type=heads"; depth:54; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854533/; classtype:trojan-activity;sid:84717633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/sno.exe|3f|ref_type=heads"; depth:58; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854534/; classtype:trojan-activity;sid:84717634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/b.exe|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854535/; classtype:trojan-activity;sid:84717635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/c/c.exe|3f|inline=false"; depth:54; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854525/; classtype:trojan-activity;sid:84717625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/b/b.exe|3f|ref_type=heads"; depth:56; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854526/; classtype:trojan-activity;sid:84717626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/umpdc.dll|3f|ref_type=heads"; depth:58; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854519/; classtype:trojan-activity;sid:84717619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/c/umpdc.dll|3f|ref_type=heads"; depth:60; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854520/; classtype:trojan-activity;sid:84717620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/icudt63.dll|3f|ref_type=heads"; depth:60; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854521/; classtype:trojan-activity;sid:84717621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/b/umpdc.dll|3f|ref_type=heads"; depth:60; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854522/; classtype:trojan-activity;sid:84717622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/d/umpdc.dll|3f|ref_type=heads"; depth:60; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854523/; classtype:trojan-activity;sid:84717623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/c/demo.exe|3f|inline=false"; depth:57; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854516/; classtype:trojan-activity;sid:84717616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/1.zip|3f|ref_type=heads|7c|26|7c|inline=false"; depth:76; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854517/; classtype:trojan-activity;sid:84717617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/jajaja/umpdc.dll|3f|ref_type=heads"; depth:65; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854518/; classtype:trojan-activity;sid:84717618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|id=1m9ujcruela6f-mvxjmznsktxdbef-ryv|7c|26|7c|export=download|7c|26|7c|authuser=0"; depth:94; endswith; nocase; http.host; content:"drive.usercontent.google.com"; depth:28; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854515/; classtype:trojan-activity;sid:84717615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoangdepzaivcl/ccc/-/raw/main/pulsar.sln|3f|ref_type=heads|7c|26|7c|inline=false"; depth:81; endswith; nocase; http.host; content:"gitlab.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854514/; classtype:trojan-activity;sid:84717614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_855aa1dda650d7c3.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854513/; classtype:trojan-activity;sid:84717613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.15.124.98"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854512/; classtype:trojan-activity;sid:84717612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5c64133e-3a4b-4023-8190-4d1c5acbf9aa"; depth:47; endswith; nocase; http.host; content:"p5f6dr8y.padelconstruct.hu"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854511/; classtype:trojan-activity;sid:84717611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854510/; classtype:trojan-activity;sid:84717610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e17ba43e-388d-4b0a-a33c-6b3791df1330"; depth:37; endswith; nocase; http.host; content:"gptjr.visszateritok.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854509/; classtype:trojan-activity;sid:84717609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.232.91.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854508/; classtype:trojan-activity;sid:84717608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.112.230.144"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854507/; classtype:trojan-activity;sid:84717607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/e73a9f1c-6303-4bad-bc8e-b9eb408a220a"; depth:37; endswith; nocase; http.host; content:"zhxtq.visszateritok.hu"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854506/; classtype:trojan-activity;sid:84717606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.200.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854505/; classtype:trojan-activity;sid:84717605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.232.91.105"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854504/; classtype:trojan-activity;sid:84717604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.200.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854503/; classtype:trojan-activity;sid:84717603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"61.52.60.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854502/; classtype:trojan-activity;sid:84717602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f99ab23b-06a2-4854-a391-7671809bbcc1"; depth:37; endswith; nocase; http.host; content:"igyom.technologiaiviz.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854501/; classtype:trojan-activity;sid:84717601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.109.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854500/; classtype:trojan-activity;sid:84717600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.166.221.98"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854499/; classtype:trojan-activity;sid:84717599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.230.201.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854498/; classtype:trojan-activity;sid:84717598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.207.125.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854497/; classtype:trojan-activity;sid:84717597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.166.209.182"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854496/; classtype:trojan-activity;sid:84717596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854495/; classtype:trojan-activity;sid:84717595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab22851d-fd74-470b-aaa7-d979e9ccb886"; depth:37; endswith; nocase; http.host; content:"uswai.vikstore.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854494/; classtype:trojan-activity;sid:84717594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.109.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854493/; classtype:trojan-activity;sid:84717593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.13.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854492/; classtype:trojan-activity;sid:84717592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.237.62.37"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854491/; classtype:trojan-activity;sid:84717591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.230.201.223"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854490/; classtype:trojan-activity;sid:84717590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.186.231.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854489/; classtype:trojan-activity;sid:84717589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.82.111.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854488/; classtype:trojan-activity;sid:84717588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3489fa83-0770-4118-a33c-310fcc21d1fa"; depth:37; endswith; nocase; http.host; content:"mrlls.aileadfactory.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854487/; classtype:trojan-activity;sid:84717587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.43.22.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854486/; classtype:trojan-activity;sid:84717586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.186.231.55"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854485/; classtype:trojan-activity;sid:84717585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.40.66.3"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854484/; classtype:trojan-activity;sid:84717584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"185.82.111.122"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854483/; classtype:trojan-activity;sid:84717583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.9.35.137"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854482/; classtype:trojan-activity;sid:84717582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4c7dcdde-ee62-448f-95c6-d297b8b850e3"; depth:37; endswith; nocase; http.host; content:"cajya.addmagad.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854481/; classtype:trojan-activity;sid:84717581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.207.125.29"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854480/; classtype:trojan-activity;sid:84717580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.56.176.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854479/; classtype:trojan-activity;sid:84717579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.45.64.29"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854478/; classtype:trojan-activity;sid:84717578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.228.155.183"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854477/; classtype:trojan-activity;sid:84717577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.56.176.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854476/; classtype:trojan-activity;sid:84717576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.225.200.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854475/; classtype:trojan-activity;sid:84717575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854474/; classtype:trojan-activity;sid:84717574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.9.35.137"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854473/; classtype:trojan-activity;sid:84717573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_m68k"; depth:10; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854463/; classtype:trojan-activity;sid:84717563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_ppc"; depth:9; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854464/; classtype:trojan-activity;sid:84717564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854465/; classtype:trojan-activity;sid:84717565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854466/; classtype:trojan-activity;sid:84717566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854467/; classtype:trojan-activity;sid:84717567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_sh4"; depth:9; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854468/; classtype:trojan-activity;sid:84717568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shcript.sh"; depth:11; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854469/; classtype:trojan-activity;sid:84717569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854470/; classtype:trojan-activity;sid:84717570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86_64"; depth:12; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854471/; classtype:trojan-activity;sid:84717571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm7"; depth:10; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854472/; classtype:trojan-activity;sid:84717572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm6"; depth:10; endswith; nocase; http.host; content:"boatbeach.online"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854462/; classtype:trojan-activity;sid:84717562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.187.137.7"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854461/; classtype:trojan-activity;sid:84717561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3a9cdd3b-9bb1-45f2-8fad-80c77805dadb"; depth:37; endswith; nocase; http.host; content:"snonc.accredit.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854460/; classtype:trojan-activity;sid:84717560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"148.170.135.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854459/; classtype:trojan-activity;sid:84717559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.228.155.183"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854458/; classtype:trojan-activity;sid:84717558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.66.3"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854457/; classtype:trojan-activity;sid:84717557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.238.60"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854456/; classtype:trojan-activity;sid:84717556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.41.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854455/; classtype:trojan-activity;sid:84717555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6458715c-380a-49d1-b680-4621ee8bc4b0"; depth:37; endswith; nocase; http.host; content:"dkhgk.zaszlorudbolt.hu"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854454/; classtype:trojan-activity;sid:84717554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"148.170.135.198"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854453/; classtype:trojan-activity;sid:84717553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.85.99.229"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854452/; classtype:trojan-activity;sid:84717552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.15.1"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854451/; classtype:trojan-activity;sid:84717551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.113.254.9"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854450/; classtype:trojan-activity;sid:84717550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.121.41.199"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854449/; classtype:trojan-activity;sid:84717549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35167c62-3437-46f7-808b-bacd88cd8306"; depth:37; endswith; nocase; http.host; content:"vggil.yanis.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854448/; classtype:trojan-activity;sid:84717548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.55.165.26"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854447/; classtype:trojan-activity;sid:84717547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.76.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854446/; classtype:trojan-activity;sid:84717546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.46.149.221"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854445/; classtype:trojan-activity;sid:84717545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.240.165.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854444/; classtype:trojan-activity;sid:84717544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_d369551b73a17113.msi"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854443/; classtype:trojan-activity;sid:84717543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.255.44.45"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854442/; classtype:trojan-activity;sid:84717542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"5.255.102.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854441/; classtype:trojan-activity;sid:84717541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"5.255.102.84"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854440/; classtype:trojan-activity;sid:84717540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7118a056-2ee6-4bd6-a0b6-6a5ce2a68090"; depth:37; endswith; nocase; http.host; content:"xawur.workoutwithdorci.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854439/; classtype:trojan-activity;sid:84717539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.20.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854438/; classtype:trojan-activity;sid:84717538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=021cb5cc-7d5e-4dce-bd9a-e29f73661662"; depth:47; endswith; nocase; http.host; content:"2vmkhs7s.riherino.com"; depth:21; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854437/; classtype:trojan-activity;sid:84717537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"91.240.165.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854436/; classtype:trojan-activity;sid:84717536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.76.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854435/; classtype:trojan-activity;sid:84717535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.108.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854434/; classtype:trojan-activity;sid:84717534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.200.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854433/; classtype:trojan-activity;sid:84717533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/f60efd87-ce39-4480-8b2c-64d3f1a81a37"; depth:37; endswith; nocase; http.host; content:"afnsw.wlwyb.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854432/; classtype:trojan-activity;sid:84717532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.18.70.118"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854431/; classtype:trojan-activity;sid:84717531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.177.244.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854430/; classtype:trojan-activity;sid:84717530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; depth:63; endswith; nocase; http.host; content:"admin.hbdhfijnsgjnds.top"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854429/; classtype:trojan-activity;sid:84717529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854428/; classtype:trojan-activity;sid:84717528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=71d3fa29-5500-4960-9af8-03a286b27f0d"; depth:47; endswith; nocase; http.host; content:"g6zaqd6k.schleer.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854427/; classtype:trojan-activity;sid:84717527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"113.230.117.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854426/; classtype:trojan-activity;sid:84717526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.177.244.216"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854425/; classtype:trojan-activity;sid:84717525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2351f3ab-b686-481a-8851-3581f1c0e4ae"; depth:37; endswith; nocase; http.host; content:"miixn.wilhelmglobal.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854424/; classtype:trojan-activity;sid:84717524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"113.230.117.179"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854423/; classtype:trojan-activity;sid:84717523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.148.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854422/; classtype:trojan-activity;sid:84717522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.45.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854421/; classtype:trojan-activity;sid:84717521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.93.217"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854420/; classtype:trojan-activity;sid:84717520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.247.88.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854419/; classtype:trojan-activity;sid:84717519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"77.247.88.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854418/; classtype:trojan-activity;sid:84717518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.108.125"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854417/; classtype:trojan-activity;sid:84717517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9264b5e0-3b45-4b1c-90e2-88163780329b"; depth:37; endswith; nocase; http.host; content:"yjkjr.westinvesteuropa.hu"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854416/; classtype:trojan-activity;sid:84717516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.50.64.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854415/; classtype:trojan-activity;sid:84717515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.148.116"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854414/; classtype:trojan-activity;sid:84717514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"163.142.76.147"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854413/; classtype:trojan-activity;sid:84717513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.126.125.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854412/; classtype:trojan-activity;sid:84717512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.62.181.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854411/; classtype:trojan-activity;sid:84717511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.72.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854410/; classtype:trojan-activity;sid:84717510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h"; depth:2; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854409/; classtype:trojan-activity;sid:84717509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_f82e3c02c153f34c.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854408/; classtype:trojan-activity;sid:84717508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cf023057-c5f4-40c4-ad45-80df6993e956"; depth:37; endswith; nocase; http.host; content:"hwujn.welovevent.com"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854407/; classtype:trojan-activity;sid:84717507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.11.79.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854406/; classtype:trojan-activity;sid:84717506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.36.72.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854405/; classtype:trojan-activity;sid:84717505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agent.ashx"; depth:11; endswith; nocase; http.host; content:"azurenetfiles.net"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854404/; classtype:trojan-activity;sid:84717504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=14anap4vh2de4bcbl0hej1xdo25edli0w"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854403/; classtype:trojan-activity;sid:84717503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.126.125.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854402/; classtype:trojan-activity;sid:84717502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.97.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854401/; classtype:trojan-activity;sid:84717501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8ff8ae87-f176-4531-a5de-767bbf9e743a"; depth:37; endswith; nocase; http.host; content:"elsms.webgondozas.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854400/; classtype:trojan-activity;sid:84717500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekinohore/tekirat/blob/main/itsukamirat.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854399/; classtype:trojan-activity;sid:84717499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_493059e7d0c25c4e.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854396/; classtype:trojan-activity;sid:84717496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_145a9d07fe09fc20.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854397/; classtype:trojan-activity;sid:84717497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enmadorokuro625-ui/medapp/blob/main/setup.bat"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854398/; classtype:trojan-activity;sid:84717498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_7e4df19583e6a8e7.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854392/; classtype:trojan-activity;sid:84717492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_7df0584ffde92dad.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854393/; classtype:trojan-activity;sid:84717493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_6d302aeaf98e0e26.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854394/; classtype:trojan-activity;sid:84717494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_4505eed11e44ee10.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854395/; classtype:trojan-activity;sid:84717495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.x86"; depth:20; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854387/; classtype:trojan-activity;sid:84717487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.m68k"; depth:21; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854388/; classtype:trojan-activity;sid:84717488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.arm5"; depth:21; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854389/; classtype:trojan-activity;sid:84717489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.ppc"; depth:20; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854390/; classtype:trojan-activity;sid:84717490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.sh4"; depth:20; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854391/; classtype:trojan-activity;sid:84717491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.mpsl"; depth:21; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854385/; classtype:trojan-activity;sid:84717485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.arm"; depth:20; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854386/; classtype:trojan-activity;sid:84717486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.mips"; depth:21; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854382/; classtype:trojan-activity;sid:84717482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.arm6"; depth:21; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854383/; classtype:trojan-activity;sid:84717483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.arm7"; depth:21; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854384/; classtype:trojan-activity;sid:84717484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i686"; depth:23; endswith; nocase; http.host; content:"50.56.159.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854381/; classtype:trojan-activity;sid:84717481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.arc"; depth:20; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854374/; classtype:trojan-activity;sid:84717474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.x86_64"; depth:23; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854375/; classtype:trojan-activity;sid:84717475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.i686"; depth:21; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854376/; classtype:trojan-activity;sid:84717476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.mips64"; depth:23; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854377/; classtype:trojan-activity;sid:84717477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.i468"; depth:23; endswith; nocase; http.host; content:"50.56.159.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854378/; classtype:trojan-activity;sid:84717478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.x86_64"; depth:25; endswith; nocase; http.host; content:"50.56.159.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854379/; classtype:trojan-activity;sid:84717479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hiddenbin/boatnet.spc"; depth:22; endswith; nocase; http.host; content:"50.56.159.185"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854380/; classtype:trojan-activity;sid:84717480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uranium/uranium.sparc"; depth:22; endswith; nocase; http.host; content:"176.65.139.168"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854373/; classtype:trojan-activity;sid:84717473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"177.86.229.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854372/; classtype:trojan-activity;sid:84717472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.50.64.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854371/; classtype:trojan-activity;sid:84717471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.11.79.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854370/; classtype:trojan-activity;sid:84717470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"175.148.147.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854369/; classtype:trojan-activity;sid:84717469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/well/random.exe"; depth:16; endswith; nocase; http.host; content:"62.60.226.140"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854368/; classtype:trojan-activity;sid:84717468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.121.43.65"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854367/; classtype:trojan-activity;sid:84717467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.49.2.95"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854366/; classtype:trojan-activity;sid:84717466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.62.181.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854365/; classtype:trojan-activity;sid:84717465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/8d688e0a-1f07-4db9-8544-68bd018259df"; depth:37; endswith; nocase; http.host; content:"siase.webermann.hu"; depth:18; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854364/; classtype:trojan-activity;sid:84717464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"177.86.229.12"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854363/; classtype:trojan-activity;sid:84717463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.49.2.95"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854362/; classtype:trojan-activity;sid:84717462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.6.248.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854361/; classtype:trojan-activity;sid:84717461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.228.35.95"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854360/; classtype:trojan-activity;sid:84717460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.13.77.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854359/; classtype:trojan-activity;sid:84717459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=5dab695a-9c2c-4779-8aec-0e5f8baf20ab"; depth:47; endswith; nocase; http.host; content:"2718gc20.seresniki.com"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854358/; classtype:trojan-activity;sid:84717458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.40.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854357/; classtype:trojan-activity;sid:84717457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.5.5.249"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854356/; classtype:trojan-activity;sid:84717456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/06b752c5-c9f4-4312-841a-66a147c5fefc"; depth:37; endswith; nocase; http.host; content:"dqgrg.vrtigo.hu"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854355/; classtype:trojan-activity;sid:84717455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.13.77.59"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854354/; classtype:trojan-activity;sid:84717454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.6.248.157"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854353/; classtype:trojan-activity;sid:84717453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.40.215"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854352/; classtype:trojan-activity;sid:84717452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.254.180"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854351/; classtype:trojan-activity;sid:84717451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.104.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854350/; classtype:trojan-activity;sid:84717450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad7bd207-8d54-46d0-94c8-d1156f22e21b"; depth:37; endswith; nocase; http.host; content:"gbhij.vilagom.hu"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854349/; classtype:trojan-activity;sid:84717449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.228.35.95"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854348/; classtype:trojan-activity;sid:84717448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"125.47.85.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854347/; classtype:trojan-activity;sid:84717447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.5.5.249"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854346/; classtype:trojan-activity;sid:84717446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.97.252.78"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854345/; classtype:trojan-activity;sid:84717445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.235.87.104"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854344/; classtype:trojan-activity;sid:84717444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/006c94e2-9c2f-4246-8771-49312d121304"; depth:37; endswith; nocase; http.host; content:"ycnvr.vikstore.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854343/; classtype:trojan-activity;sid:84717443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.7.223.193"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854342/; classtype:trojan-activity;sid:84717442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.104.218"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854341/; classtype:trojan-activity;sid:84717441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.73.21"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854340/; classtype:trojan-activity;sid:84717440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.235.87.104"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854339/; classtype:trojan-activity;sid:84717439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.118.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854338/; classtype:trojan-activity;sid:84717438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/9aeb35c5-ee7c-4edf-ae00-c387a3219ee1"; depth:37; endswith; nocase; http.host; content:"vorro.vigaf.hu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854337/; classtype:trojan-activity;sid:84717437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.7.223.193"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854336/; classtype:trojan-activity;sid:84717436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"60.23.204.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854335/; classtype:trojan-activity;sid:84717435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.47.85.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854334/; classtype:trojan-activity;sid:84717434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.61.118.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854333/; classtype:trojan-activity;sid:84717433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.118.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854332/; classtype:trojan-activity;sid:84717432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.101.181.9"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854331/; classtype:trojan-activity;sid:84717431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.10.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854330/; classtype:trojan-activity;sid:84717430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.179.250.77"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854329/; classtype:trojan-activity;sid:84717429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mips"; depth:10; endswith; nocase; http.host; content:"209.200.246.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854324/; classtype:trojan-activity;sid:84717424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm"; depth:9; endswith; nocase; http.host; content:"209.200.246.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854325/; classtype:trojan-activity;sid:84717425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_arm5"; depth:10; endswith; nocase; http.host; content:"209.200.246.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854326/; classtype:trojan-activity;sid:84717426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_mpsl"; depth:10; endswith; nocase; http.host; content:"209.200.246.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854327/; classtype:trojan-activity;sid:84717427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/main_x86"; depth:9; endswith; nocase; http.host; content:"209.200.246.153"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854328/; classtype:trojan-activity;sid:84717428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b2cfeb8f-7d34-47f2-835e-087faf8183a9"; depth:37; endswith; nocase; http.host; content:"pyzoi.ceremoniavezeto.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854323/; classtype:trojan-activity;sid:84717423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.233.166.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854322/; classtype:trojan-activity;sid:84717422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"60.23.204.201"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854321/; classtype:trojan-activity;sid:84717421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=2cbc0fec-ff00-46a5-be37-e0d3144b7366"; depth:47; endswith; nocase; http.host; content:"7orku7ut.taxrundo.sk"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854320/; classtype:trojan-activity;sid:84717420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.233.166.120"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854319/; classtype:trojan-activity;sid:84717419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.96.140.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854318/; classtype:trojan-activity;sid:84717418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"119.179.250.77"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854317/; classtype:trojan-activity;sid:84717417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"203.101.181.9"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854316/; classtype:trojan-activity;sid:84717416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69fa3392-0e6c-41aa-ad7f-bacbbbb9373f"; depth:37; endswith; nocase; http.host; content:"ooeet.cannaturalgroup.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854315/; classtype:trojan-activity;sid:84717415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.105.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854314/; classtype:trojan-activity;sid:84717414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.61.118.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854313/; classtype:trojan-activity;sid:84717413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.137.105.71"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854312/; classtype:trojan-activity;sid:84717412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"42.5.110.210"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854311/; classtype:trojan-activity;sid:84717411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.36.75.245"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854310/; classtype:trojan-activity;sid:84717410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"59.96.140.27"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854309/; classtype:trojan-activity;sid:84717409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/22a5bb62-8fab-46d7-8219-c34720bf5b59"; depth:37; endswith; nocase; http.host; content:"xosum.butoralberlet.com"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854308/; classtype:trojan-activity;sid:84717408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm"; depth:25; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854306/; classtype:trojan-activity;sid:84717406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/00101010101001/morte.arm7"; depth:26; endswith; nocase; http.host; content:"38.79.154.87"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854307/; classtype:trojan-activity;sid:84717407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.96.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854305/; classtype:trojan-activity;sid:84717405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.63.13.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854304/; classtype:trojan-activity;sid:84717404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.141.37.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854303/; classtype:trojan-activity;sid:84717403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.4.201.53"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854302/; classtype:trojan-activity;sid:84717402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ad46eee6-7297-4f37-a642-267b965edf5a"; depth:37; endswith; nocase; http.host; content:"gvsob.buborekjatszohaz.hu"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854301/; classtype:trojan-activity;sid:84717401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.39.242.135"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854300/; classtype:trojan-activity;sid:84717400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"61.156.208.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854299/; classtype:trojan-activity;sid:84717399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"222.141.37.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854298/; classtype:trojan-activity;sid:84717398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.96.89"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854297/; classtype:trojan-activity;sid:84717397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"115.63.13.123"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854296/; classtype:trojan-activity;sid:84717396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.116.75.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854295/; classtype:trojan-activity;sid:84717395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"42.225.231.85"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854294/; classtype:trojan-activity;sid:84717394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/005621e6-914d-4872-a253-9ceff3a6962e"; depth:37; endswith; nocase; http.host; content:"oyazs.brssolar.hu"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854293/; classtype:trojan-activity;sid:84717393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.39.32"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854292/; classtype:trojan-activity;sid:84717392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.117.54.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854291/; classtype:trojan-activity;sid:84717391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"101.109.81.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854290/; classtype:trojan-activity;sid:84717390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"150.116.75.108"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854289/; classtype:trojan-activity;sid:84717389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.52.120"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854288/; classtype:trojan-activity;sid:84717388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cac4a6c9-f3a8-4e9e-be63-7de2e84344e4"; depth:37; endswith; nocase; http.host; content:"mfvea.bognartransport.hu"; depth:24; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854287/; classtype:trojan-activity;sid:84717387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"125.40.86.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854286/; classtype:trojan-activity;sid:84717386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|ublib=b463bd29-39ca-493f-8b84-43a2709f2a9f"; depth:47; endswith; nocase; http.host; content:"y4hvadqo.taxrundo.hu"; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854285/; classtype:trojan-activity;sid:84717385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"182.117.54.237"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854284/; classtype:trojan-activity;sid:84717384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"123.190.76.88"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854283/; classtype:trojan-activity;sid:84717383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.191.231.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854282/; classtype:trojan-activity;sid:84717382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a2875854-f58a-4d23-98e4-6ee026a4d3c4"; depth:37; endswith; nocase; http.host; content:"mtuvm.akonyvelod.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854281/; classtype:trojan-activity;sid:84717381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.61.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854280/; classtype:trojan-activity;sid:84717380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854279/; classtype:trojan-activity;sid:84717379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.137.80.251"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854278/; classtype:trojan-activity;sid:84717378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.190.76.88"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854277/; classtype:trojan-activity;sid:84717377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2fcdb899-5518-4970-86ab-8da8cd7ccd8c"; depth:37; endswith; nocase; http.host; content:"burwu.akonyvelod.hu"; depth:19; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854276/; classtype:trojan-activity;sid:84717376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"110.37.14.156"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854275/; classtype:trojan-activity;sid:84717375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cabeto850128/comicsam/refs/heads/main/kisbj4ddvg.pif"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854181/; classtype:trojan-activity;sid:84717281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cabeto850128/comicsam/refs/heads/main/cdbhhfa.html"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854179/; classtype:trojan-activity;sid:84717279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/ab/refs/heads/main/adkksfa.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854158/; classtype:trojan-activity;sid:84717258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/gt/refs/heads/main/djkpodd.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854146/; classtype:trojan-activity;sid:84717246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/nb/refs/heads/main/srdmaik.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854142/; classtype:trojan-activity;sid:84717242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/hy/refs/heads/main/cabdcfo.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854143/; classtype:trojan-activity;sid:84717243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/df/refs/heads/main/oicajon.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854144/; classtype:trojan-activity;sid:84717244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slaytonms/hi/refs/heads/main/peokjfs.txt"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854145/; classtype:trojan-activity;sid:84717245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dec"; depth:4; endswith; nocase; http.host; content:"95.182.98.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854013/; classtype:trojan-activity;sid:84717113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dec"; depth:4; endswith; nocase; http.host; content:"46.8.70.117"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854014/; classtype:trojan-activity;sid:84717114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mig"; depth:4; endswith; nocase; http.host; content:"95.182.98.126"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854008/; classtype:trojan-activity;sid:84717108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mig"; depth:4; endswith; nocase; http.host; content:"46.8.70.117"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854009/; classtype:trojan-activity;sid:84717109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mailrealfedex-svga/uploader/raw/refs/heads/main/finale.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3853721/; classtype:trojan-activity;sid:84716821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/respalditoxd122/cmd/refs/heads/main/cryp2_cvtres.txt"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853153/; classtype:trojan-activity;sid:84716253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/respalditoxd122/cmd/refs/heads/main/tumfuf.txt"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853148/; classtype:trojan-activity;sid:84716248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853095/; classtype:trojan-activity;sid:84716195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853096/; classtype:trojan-activity;sid:84716196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853097/; classtype:trojan-activity;sid:84716197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/spc"; depth:9; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853098/; classtype:trojan-activity;sid:84716198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm6"; depth:10; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853099/; classtype:trojan-activity;sid:84716199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853087/; classtype:trojan-activity;sid:84716187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853088/; classtype:trojan-activity;sid:84716188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853089/; classtype:trojan-activity;sid:84716189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853090/; classtype:trojan-activity;sid:84716190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl.sh"; depth:6; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853091/; classtype:trojan-activity;sid:84716191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853092/; classtype:trojan-activity;sid:84716192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853093/; classtype:trojan-activity;sid:84716193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"151.242.30.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853094/; classtype:trojan-activity;sid:84716194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"2.27.20.154"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853085/; classtype:trojan-activity;sid:84716185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"2.27.20.154"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853086/; classtype:trojan-activity;sid:84716186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86_64"; depth:12; endswith; nocase; http.host; content:"2.27.20.154"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853082/; classtype:trojan-activity;sid:84716182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/armv5l"; depth:12; endswith; nocase; http.host; content:"2.27.20.154"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853083/; classtype:trojan-activity;sid:84716183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"2.27.20.154"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853084/; classtype:trojan-activity;sid:84716184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itachiccnts-collab/donuthacks/main/gamble-rig%201.21.jar"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852846/; classtype:trojan-activity;sid:84715946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.mpsl"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852707/; classtype:trojan-activity;sid:84715807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.arm5"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852708/; classtype:trojan-activity;sid:84715808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.m68k"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852709/; classtype:trojan-activity;sid:84715809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.spc"; depth:12; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852710/; classtype:trojan-activity;sid:84715810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.sh4"; depth:12; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852711/; classtype:trojan-activity;sid:84715811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.ppc"; depth:12; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852712/; classtype:trojan-activity;sid:84715812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.arc"; depth:12; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852713/; classtype:trojan-activity;sid:84715813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.aarch64"; depth:16; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852714/; classtype:trojan-activity;sid:84715814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.x86_64"; depth:15; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852715/; classtype:trojan-activity;sid:84715815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.x86"; depth:12; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852716/; classtype:trojan-activity;sid:84715816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.i686"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852717/; classtype:trojan-activity;sid:84715817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.arm6"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852704/; classtype:trojan-activity;sid:84715804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.arm4"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852705/; classtype:trojan-activity;sid:84715805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.mips"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852706/; classtype:trojan-activity;sid:84715806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.arm"; depth:12; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852675/; classtype:trojan-activity;sid:84715775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclear.arm7"; depth:13; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852673/; classtype:trojan-activity;sid:84715773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.xml"; depth:6; endswith; nocase; http.host; content:"static.210.112.105.178.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852637/; classtype:trojan-activity;sid:84715737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"static.210.112.105.178.clients.your-server.de"; depth:45; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852636/; classtype:trojan-activity;sid:84715736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"178.105.112.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852633/; classtype:trojan-activity;sid:84715733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o.xml"; depth:6; endswith; nocase; http.host; content:"178.105.112.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852634/; classtype:trojan-activity;sid:84715734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linnn"; depth:6; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852524/; classtype:trojan-activity;sid:84715624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lll"; depth:4; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852523/; classtype:trojan-activity;sid:84715623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852462/; classtype:trojan-activity;sid:84715562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852460/; classtype:trojan-activity;sid:84715560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852461/; classtype:trojan-activity;sid:84715561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852456/; classtype:trojan-activity;sid:84715556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.129.184.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852319/; classtype:trojan-activity;sid:84715419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.129.184.213"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852315/; classtype:trojan-activity;sid:84715415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_a6357da6a05d7266.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_23; reference:url, urlhaus.abuse.ch/url/3852112/; classtype:trojan-activity;sid:84715212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rem"; depth:4; endswith; nocase; http.host; content:"vanta.st"; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_22; reference:url, urlhaus.abuse.ch/url/3851718/; classtype:trojan-activity;sid:84714818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1p6ct81hwfslgfjlgpg8tn-8afd8q2cx4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_21; reference:url, urlhaus.abuse.ch/url/3851341/; classtype:trojan-activity;sid:84714441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.183.254.69"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850976/; classtype:trojan-activity;sid:84714076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.3.108.87"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850978/; classtype:trojan-activity;sid:84714078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"14.35.13.228"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850979/; classtype:trojan-activity;sid:84714079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.225.67.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850974/; classtype:trojan-activity;sid:84714074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.229.20.247"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850975/; classtype:trojan-activity;sid:84714075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.43.75.2"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850968/; classtype:trojan-activity;sid:84714068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.149.160.65"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850944/; classtype:trojan-activity;sid:84714044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.16.236.187"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850945/; classtype:trojan-activity;sid:84714045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.90.225.193"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850946/; classtype:trojan-activity;sid:84714046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.142.70.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850937/; classtype:trojan-activity;sid:84714037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.168.128.146"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850939/; classtype:trojan-activity;sid:84714039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.203.86.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850941/; classtype:trojan-activity;sid:84714041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.114.239.238"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850943/; classtype:trojan-activity;sid:84714043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.62.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850914/; classtype:trojan-activity;sid:84714014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"101.58.73.179"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850928/; classtype:trojan-activity;sid:84714028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.212.61.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850898/; classtype:trojan-activity;sid:84713998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"74.66.64.199"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850887/; classtype:trojan-activity;sid:84713987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.85.90"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850882/; classtype:trojan-activity;sid:84713982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.81.12"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850878/; classtype:trojan-activity;sid:84713978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.8.20.75"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850874/; classtype:trojan-activity;sid:84713974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.25.2.23"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850869/; classtype:trojan-activity;sid:84713969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.212.61.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850872/; classtype:trojan-activity;sid:84713972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"74.66.64.199"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850873/; classtype:trojan-activity;sid:84713973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.212.61.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850865/; classtype:trojan-activity;sid:84713965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.32.179.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850861/; classtype:trojan-activity;sid:84713961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.89.92"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850862/; classtype:trojan-activity;sid:84713962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"79.1.229.42"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850863/; classtype:trojan-activity;sid:84713963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.29.186.243"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850864/; classtype:trojan-activity;sid:84713964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.136.203.189"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850859/; classtype:trojan-activity;sid:84713959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"136.233.149.66"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850842/; classtype:trojan-activity;sid:84713942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.96.52"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850843/; classtype:trojan-activity;sid:84713943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.40.52.169"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850844/; classtype:trojan-activity;sid:84713944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.96.198"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850847/; classtype:trojan-activity;sid:84713947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.25.2.23"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850838/; classtype:trojan-activity;sid:84713938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.132.114.159"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850839/; classtype:trojan-activity;sid:84713939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.8.20.75"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850837/; classtype:trojan-activity;sid:84713937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.156.106.146"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850836/; classtype:trojan-activity;sid:84713936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.210.131.156"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850834/; classtype:trojan-activity;sid:84713934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.96.91"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850826/; classtype:trojan-activity;sid:84713926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"74.66.64.199"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850830/; classtype:trojan-activity;sid:84713930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.8.20.75"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850824/; classtype:trojan-activity;sid:84713924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.25.2.23"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850821/; classtype:trojan-activity;sid:84713921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.8.20.75"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850818/; classtype:trojan-activity;sid:84713918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.55.94.142"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850819/; classtype:trojan-activity;sid:84713919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whatever.exe"; depth:13; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850067/; classtype:trojan-activity;sid:84713167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/djmay.png"; depth:10; endswith; nocase; http.host; content:"crescentegramas.com.br"; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849922/; classtype:trojan-activity;sid:84713022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.i586"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849869/; classtype:trojan-activity;sid:84712969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.m68k"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849870/; classtype:trojan-activity;sid:84712970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.armv7l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849871/; classtype:trojan-activity;sid:84712971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.armv5l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849872/; classtype:trojan-activity;sid:84712972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.powerpc"; depth:22; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849873/; classtype:trojan-activity;sid:84712973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.mips"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849874/; classtype:trojan-activity;sid:84712974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.armv6l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849875/; classtype:trojan-activity;sid:84712975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.sparc"; depth:20; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849876/; classtype:trojan-activity;sid:84712976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.mipsel"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849877/; classtype:trojan-activity;sid:84712977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.sh4"; depth:18; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849878/; classtype:trojan-activity;sid:84712978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.arc"; depth:18; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849867/; classtype:trojan-activity;sid:84712967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/dlr.armv4l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849866/; classtype:trojan-activity;sid:84712966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"14.46.136.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849687/; classtype:trojan-activity;sid:84712787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"14.46.136.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849688/; classtype:trojan-activity;sid:84712788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"14.46.136.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849689/; classtype:trojan-activity;sid:84712789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"14.46.136.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849686/; classtype:trojan-activity;sid:84712786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clean"; depth:6; endswith; nocase; http.host; content:"14.46.136.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849685/; classtype:trojan-activity;sid:84712785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh"; depth:3; endswith; nocase; http.host; content:"14.46.136.77"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849675/; classtype:trojan-activity;sid:84712775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c.sh"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849535/; classtype:trojan-activity;sid:84712635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849529/; classtype:trojan-activity;sid:84712629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849530/; classtype:trojan-activity;sid:84712630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849525/; classtype:trojan-activity;sid:84712625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849526/; classtype:trojan-activity;sid:84712626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.sh"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849518/; classtype:trojan-activity;sid:84712618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.sh"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849505/; classtype:trojan-activity;sid:84712605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849506/; classtype:trojan-activity;sid:84712606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/w.sh"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849509/; classtype:trojan-activity;sid:84712609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849511/; classtype:trojan-activity;sid:84712611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849512/; classtype:trojan-activity;sid:84712612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849502/; classtype:trojan-activity;sid:84712602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849503/; classtype:trojan-activity;sid:84712603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849498/; classtype:trojan-activity;sid:84712598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849494/; classtype:trojan-activity;sid:84712594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849492/; classtype:trojan-activity;sid:84712592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bee"; depth:4; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849490/; classtype:trojan-activity;sid:84712590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849484/; classtype:trojan-activity;sid:84712584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849485/; classtype:trojan-activity;sid:84712585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849479/; classtype:trojan-activity;sid:84712579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849468/; classtype:trojan-activity;sid:84712568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849463/; classtype:trojan-activity;sid:84712563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849459/; classtype:trojan-activity;sid:84712559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849455/; classtype:trojan-activity;sid:84712555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849452/; classtype:trojan-activity;sid:84712552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849441/; classtype:trojan-activity;sid:84712541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massload"; depth:9; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849440/; classtype:trojan-activity;sid:84712540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849431/; classtype:trojan-activity;sid:84712531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849435/; classtype:trojan-activity;sid:84712535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849411/; classtype:trojan-activity;sid:84712511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amd64"; depth:11; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849412/; classtype:trojan-activity;sid:84712512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849414/; classtype:trojan-activity;sid:84712514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849404/; classtype:trojan-activity;sid:84712504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849408/; classtype:trojan-activity;sid:84712508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.sh"; depth:7; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849392/; classtype:trojan-activity;sid:84712492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c"; depth:2; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849393/; classtype:trojan-activity;sid:84712493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849394/; classtype:trojan-activity;sid:84712494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp"; depth:3; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849398/; classtype:trojan-activity;sid:84712498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849388/; classtype:trojan-activity;sid:84712488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849389/; classtype:trojan-activity;sid:84712489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849384/; classtype:trojan-activity;sid:84712484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849386/; classtype:trojan-activity;sid:84712486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849387/; classtype:trojan-activity;sid:84712487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849379/; classtype:trojan-activity;sid:84712479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"cliftycreek.anondns.net"; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849381/; classtype:trojan-activity;sid:84712481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc64"; depth:10; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849034/; classtype:trojan-activity;sid:84712134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849023/; classtype:trojan-activity;sid:84712123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armhf"; depth:6; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849024/; classtype:trojan-activity;sid:84712124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849025/; classtype:trojan-activity;sid:84712125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849026/; classtype:trojan-activity;sid:84712126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849027/; classtype:trojan-activity;sid:84712127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849028/; classtype:trojan-activity;sid:84712128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849029/; classtype:trojan-activity;sid:84712129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849030/; classtype:trojan-activity;sid:84712130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849031/; classtype:trojan-activity;sid:84712131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849032/; classtype:trojan-activity;sid:84712132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"83.168.95.167"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849033/; classtype:trojan-activity;sid:84712133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"24.35.228.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849012/; classtype:trojan-activity;sid:84712112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848966/; classtype:trojan-activity;sid:84712066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848955/; classtype:trojan-activity;sid:84712055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848950/; classtype:trojan-activity;sid:84712050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848951/; classtype:trojan-activity;sid:84712051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848948/; classtype:trojan-activity;sid:84712048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848949/; classtype:trojan-activity;sid:84712049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848943/; classtype:trojan-activity;sid:84712043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848944/; classtype:trojan-activity;sid:84712044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848945/; classtype:trojan-activity;sid:84712045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848946/; classtype:trojan-activity;sid:84712046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"js.byxly.eu.cc"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848947/; classtype:trojan-activity;sid:84712047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuts/bolts"; depth:11; endswith; nocase; http.host; content:"31.58.226.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848495/; classtype:trojan-activity;sid:84711595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuts/poop"; depth:10; endswith; nocase; http.host; content:"31.58.226.146"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848486/; classtype:trojan-activity;sid:84711586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isass.exe"; depth:10; endswith; nocase; http.host; content:"134.122.189.74"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847684/; classtype:trojan-activity;sid:84710784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isass.exe"; depth:10; endswith; nocase; http.host; content:"134.122.189.98"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847682/; classtype:trojan-activity;sid:84710782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isass.exe"; depth:10; endswith; nocase; http.host; content:"134.122.189.79"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847683/; classtype:trojan-activity;sid:84710783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847641/; classtype:trojan-activity;sid:84710741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"45.198.224.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847643/; classtype:trojan-activity;sid:84710743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv4l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847412/; classtype:trojan-activity;sid:84710512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv6l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847406/; classtype:trojan-activity;sid:84710506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.sparc"; depth:20; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847407/; classtype:trojan-activity;sid:84710507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv5l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847408/; classtype:trojan-activity;sid:84710508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.arc"; depth:18; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847409/; classtype:trojan-activity;sid:84710509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv7l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847410/; classtype:trojan-activity;sid:84710510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.i586"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847411/; classtype:trojan-activity;sid:84710511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.sh4"; depth:18; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847401/; classtype:trojan-activity;sid:84710501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.powerpc"; depth:22; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847402/; classtype:trojan-activity;sid:84710502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.mipsel"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847403/; classtype:trojan-activity;sid:84710503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.mips"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847404/; classtype:trojan-activity;sid:84710504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.m68k"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847405/; classtype:trojan-activity;sid:84710505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/trans.sh"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847389/; classtype:trojan-activity;sid:84710489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.x/sys_users"; depth:13; endswith; nocase; http.host; content:"13.71.2.244"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847341/; classtype:trojan-activity;sid:84710441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_b584670f7ec2f317.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847340/; classtype:trojan-activity;sid:84710440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file123"; depth:8; endswith; nocase; http.host; content:"vanta.st"; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847339/; classtype:trojan-activity;sid:84710439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847261/; classtype:trojan-activity;sid:84710361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc64"; depth:6; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847259/; classtype:trojan-activity;sid:84710359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847260/; classtype:trojan-activity;sid:84710360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847254/; classtype:trojan-activity;sid:84710354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847255/; classtype:trojan-activity;sid:84710355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847256/; classtype:trojan-activity;sid:84710356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847257/; classtype:trojan-activity;sid:84710357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"45.202.247.123"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847258/; classtype:trojan-activity;sid:84710358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/21.exe"; depth:7; endswith; nocase; http.host; content:"130.12.182.175"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846859/; classtype:trojan-activity;sid:84709959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.smart/premium.mp4"; depth:19; endswith; nocase; http.host; content:"eventsyouwant.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846755/; classtype:trojan-activity;sid:84709855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mueiel09765.exe"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846753/; classtype:trojan-activity;sid:84709853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files-129312398/files/file_c0d2eb6a8b73120b.exe"; depth:48; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846716/; classtype:trojan-activity;sid:84709816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/scsi_tmf_0"; depth:16; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846683/; classtype:trojan-activity;sid:84709783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/cfg80211d"; depth:15; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846684/; classtype:trojan-activity;sid:84709784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/edac_polld"; depth:16; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846685/; classtype:trojan-activity;sid:84709785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xfsaild_sda"; depth:17; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846686/; classtype:trojan-activity;sid:84709786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/devfreq_wq"; depth:16; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846676/; classtype:trojan-activity;sid:84709776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/jbd2_sda1d"; depth:16; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846677/; classtype:trojan-activity;sid:84709777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ksoftirqd0"; depth:16; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846678/; classtype:trojan-activity;sid:84709778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kblockd0"; depth:14; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846679/; classtype:trojan-activity;sid:84709779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/bioset0"; depth:13; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846680/; classtype:trojan-activity;sid:84709780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/rcuop_0"; depth:13; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846681/; classtype:trojan-activity;sid:84709781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kworker_u8"; depth:16; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846682/; classtype:trojan-activity;sid:84709782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ecryptfsd"; depth:15; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846674/; classtype:trojan-activity;sid:84709774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kswapd0"; depth:13; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846675/; classtype:trojan-activity;sid:84709775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/zswap_shrinkd"; depth:19; endswith; nocase; http.host; content:"150.40.126.53"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846673/; classtype:trojan-activity;sid:84709773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846558/; classtype:trojan-activity;sid:84709658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"212.232.22.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846318/; classtype:trojan-activity;sid:84709418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"46.151.182.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846316/; classtype:trojan-activity;sid:84709416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"212.232.22.81"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846317/; classtype:trojan-activity;sid:84709417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"46.151.182.208"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846315/; classtype:trojan-activity;sid:84709415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetest0071154z7.png"; depth:23; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846232/; classtype:trojan-activity;sid:84709332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetest00711z5.png"; depth:21; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846231/; classtype:trojan-activity;sid:84709331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetest0093t536.png"; depth:22; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846228/; classtype:trojan-activity;sid:84709328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagecab001.png"; depth:16; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846229/; classtype:trojan-activity;sid:84709329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetext0117z45.png"; depth:21; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846230/; classtype:trojan-activity;sid:84709330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mdclient.exe"; depth:13; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846217/; classtype:trojan-activity;sid:84709317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//arm5"; depth:6; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845101/; classtype:trojan-activity;sid:84708201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"88.88.191.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845048/; classtype:trojan-activity;sid:84708148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetest001.png"; depth:17; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841856/; classtype:trojan-activity;sid:84704956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.231.7.219"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841137/; classtype:trojan-activity;sid:84704237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.231.7.219"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841120/; classtype:trojan-activity;sid:84704220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|filename=11.msi"; depth:20; endswith; nocase; http.host; content:"bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link"; depth:74; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840811/; classtype:trojan-activity;sid:84703911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pppc"; depth:10; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840659/; classtype:trojan-activity;sid:84703759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840660/; classtype:trojan-activity;sid:84703760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kla.sh"; depth:12; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840654/; classtype:trojan-activity;sid:84703754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840655/; classtype:trojan-activity;sid:84703755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/psh4"; depth:10; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840656/; classtype:trojan-activity;sid:84703756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840657/; classtype:trojan-activity;sid:84703757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840658/; classtype:trojan-activity;sid:84703758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840538/; classtype:trojan-activity;sid:84703638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840539/; classtype:trojan-activity;sid:84703639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"89.32.41.16"; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840540/; classtype:trojan-activity;sid:84703640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kikimora-arch/solid-doodle/releases/download/realease/kikikmoralibrary.exe"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839430/; classtype:trojan-activity;sid:84702530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"219.156.244.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838558/; classtype:trojan-activity;sid:84701658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"219.156.244.34"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838549/; classtype:trojan-activity;sid:84701649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.55.124"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837233/; classtype:trojan-activity;sid:84700333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.55.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837229/; classtype:trojan-activity;sid:84700329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.55.124"; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837226/; classtype:trojan-activity;sid:84700326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"178.16.54.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837223/; classtype:trojan-activity;sid:84700323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.54.34"; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837221/; classtype:trojan-activity;sid:84700321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.228.239.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836948/; classtype:trojan-activity;sid:84700048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.228.239.131"; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836936/; classtype:trojan-activity;sid:84700036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836242/; classtype:trojan-activity;sid:84699342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836232/; classtype:trojan-activity;sid:84699332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836233/; classtype:trojan-activity;sid:84699333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; depth:107; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836228/; classtype:trojan-activity;sid:84699328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836224/; classtype:trojan-activity;sid:84699324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836226/; classtype:trojan-activity;sid:84699326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; depth:100; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836221/; classtype:trojan-activity;sid:84699321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; depth:100; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836222/; classtype:trojan-activity;sid:84699322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asherfn/asherfn.github.io/raw/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836187/; classtype:trojan-activity;sid:84699287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khonneymann/nightops-drop/raw/refs/heads/main/loggat/nightops_drop_2.6.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836188/; classtype:trojan-activity;sid:84699288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asherfn/asherfn.github.io/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836183/; classtype:trojan-activity;sid:84699283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asherfn/acadex-ai-google-deepmind/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836185/; classtype:trojan-activity;sid:84699285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-greque/paimon-cpp/raw/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836171/; classtype:trojan-activity;sid:84699271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asherfn/acadex-ai-google-deepmind/raw/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; depth:107; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836172/; classtype:trojan-activity;sid:84699272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rockspeeder/devbar/refs/heads/main/prediplomatic/software-v3.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836174/; classtype:trojan-activity;sid:84699274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rockspeeder/rockspeeder.github.io/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836175/; classtype:trojan-activity;sid:84699275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khonneymann/khonneymann.github.io/raw/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836163/; classtype:trojan-activity;sid:84699263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khonneymann/nightops-drop/refs/heads/main/loggat/nightops_drop_2.6.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836165/; classtype:trojan-activity;sid:84699265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rockspeeder/rockspeeder.github.io/raw/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836166/; classtype:trojan-activity;sid:84699266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-greque/paimon-cpp/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836167/; classtype:trojan-activity;sid:84699267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khonneymann/khonneymann.github.io/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836152/; classtype:trojan-activity;sid:84699252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rockspeeder/devbar/raw/refs/heads/main/prediplomatic/software-v3.1.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836149/; classtype:trojan-activity;sid:84699249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-greque/i-greque.github.io/raw/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836147/; classtype:trojan-activity;sid:84699247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-greque/i-greque.github.io/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836146/; classtype:trojan-activity;sid:84699246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mctvcell/zon-ts/raw/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836136/; classtype:trojan-activity;sid:84699236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mctvcell/zon-ts/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836126/; classtype:trojan-activity;sid:84699226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/primmslimx/fivem-spoofer/refs/heads/main/cfxbypass.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836094/; classtype:trojan-activity;sid:84699194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/primmslimx/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836095/; classtype:trojan-activity;sid:84699195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sunwukongs.exe"; depth:15; endswith; nocase; http.host; content:"plasteredplayn.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835260/; classtype:trojan-activity;sid:84698360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagefryito6789.png"; depth:20; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834488/; classtype:trojan-activity;sid:84697588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image77490p.png"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834486/; classtype:trojan-activity;sid:84697586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagekdfgueuehedb6666.png"; depth:26; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834484/; classtype:trojan-activity;sid:84697584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagelkjh0987.png"; depth:18; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834485/; classtype:trojan-activity;sid:84697585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image9870.png"; depth:14; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834480/; classtype:trojan-activity;sid:84697580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagefre9003.png"; depth:17; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834481/; classtype:trojan-activity;sid:84697581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagefile001.png"; depth:17; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834483/; classtype:trojan-activity;sid:84697583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagecopy0956.png"; depth:18; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834473/; classtype:trojan-activity;sid:84697573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"39.65.192.75"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834223/; classtype:trojan-activity;sid:84697323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"109.236.46.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833868/; classtype:trojan-activity;sid:84696968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rum/optimized_msi.png"; depth:22; endswith; nocase; http.host; content:"spgint.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833743/; classtype:trojan-activity;sid:84696843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uplod/optimized_msi.png"; depth:24; endswith; nocase; http.host; content:"autobaenasl.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833740/; classtype:trojan-activity;sid:84696840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"postelnini.mk"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833733/; classtype:trojan-activity;sid:84696833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.236.46.215"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833499/; classtype:trojan-activity;sid:84696599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.62.41.165"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832920/; classtype:trojan-activity;sid:84696020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.88.191.25"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832742/; classtype:trojan-activity;sid:84695842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/xmrig.tar.gz"; depth:21; endswith; nocase; http.host; content:"31.57.109.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832733/; classtype:trojan-activity;sid:84695833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/watcher"; depth:16; endswith; nocase; http.host; content:"31.57.109.131"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832732/; classtype:trojan-activity;sid:84695832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.x86_64"; depth:27; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832516/; classtype:trojan-activity;sid:84695616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm6"; depth:25; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832514/; classtype:trojan-activity;sid:84695614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.mpsl"; depth:25; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832508/; classtype:trojan-activity;sid:84695608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.ppc"; depth:24; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832509/; classtype:trojan-activity;sid:84695609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm7"; depth:25; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832510/; classtype:trojan-activity;sid:84695610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm5"; depth:25; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832511/; classtype:trojan-activity;sid:84695611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.mips"; depth:25; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832502/; classtype:trojan-activity;sid:84695602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.arm"; depth:24; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832503/; classtype:trojan-activity;sid:84695603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.x86"; depth:24; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832504/; classtype:trojan-activity;sid:84695604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.sh4"; depth:24; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832505/; classtype:trojan-activity;sid:84695605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.spc"; depth:24; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832506/; classtype:trojan-activity;sid:84695606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.i686"; depth:25; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832500/; classtype:trojan-activity;sid:84695600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/terrabot/023782pler.m68k"; depth:25; endswith; nocase; http.host; content:"140.233.190.47"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832501/; classtype:trojan-activity;sid:84695601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.exe"; depth:34; endswith; nocase; http.host; content:"45.138.16.51"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832456/; classtype:trojan-activity;sid:84695556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nerd1337-afk/1337/raw/refs/heads/main/abe_decrypt.dll"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832353/; classtype:trojan-activity;sid:84695453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opvjr94jfe/plugins/cred64.dll"; depth:30; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832039/; classtype:trojan-activity;sid:84695139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opvjr94jfe/plugins/cred.dll"; depth:28; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832038/; classtype:trojan-activity;sid:84695138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aiermass/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831738/; classtype:trojan-activity;sid:84694838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labieds/splitwriter/raw/refs/heads/main/public/splitwriter-v2.8.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831490/; classtype:trojan-activity;sid:84694590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/web/hooks/cv-screener-3.4.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831491/; classtype:trojan-activity;sid:84694591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123affano1/claudetrack/raw/refs/heads/main/client/src/pages/software_v1.6.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831479/; classtype:trojan-activity;sid:84694579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/images/grammarfixer-2.5.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831480/; classtype:trojan-activity;sid:84694580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chamara1989/prismos-ai/main/docs/screenshots/prismos_ai_2.6.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831481/; classtype:trojan-activity;sid:84694581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamsujalarora/githubmeter/raw/refs/heads/main/src/styles/github_meter_v2.5.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831483/; classtype:trojan-activity;sid:84694583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggshcgdh/localtranslateapp/raw/refs/heads/main/kittly/translate_app_local_3.5.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831485/; classtype:trojan-activity;sid:84694585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/api/postman/screener_cv_v2.8-alpha.2.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831487/; classtype:trojan-activity;sid:84694587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/grammarfixer/resources/fixer-grammar-1.6.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831488/; classtype:trojan-activity;sid:84694588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lapk0m/n01d-overwatch/main/shared/overwatch-n-d-2.9.zip"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831478/; classtype:trojan-activity;sid:84694578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikey143-kun/agentchattr/main/session_templates/software-3.8.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831477/; classtype:trojan-activity;sid:84694577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayubalishah/mac-recorder/raw/refs/heads/main/dist/macrecorder-0.2.0.pkg"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831472/; classtype:trojan-activity;sid:84694572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayubalishah/mac-recorder/main/macrecorder/resources/assets.xcassets/recorder-mac-2.6.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831474/; classtype:trojan-activity;sid:84694574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightmanvr/modernnav/raw/refs/heads/main/src/hooks/modern_nav_1.5.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831475/; classtype:trojan-activity;sid:84694575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nightmanvr/modernnav/raw/refs/heads/main/public/fonts/modern-nav-v3.5.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831467/; classtype:trojan-activity;sid:84694567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labieds/splitwriter/main/src/windows%20-%20old/boards/text-engine/_old/software-v2.8-beta.5.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831471/; classtype:trojan-activity;sid:84694571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twelve-today822/juai/main/assets/ai_ju_riverwards.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831462/; classtype:trojan-activity;sid:84694562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/trading-3.1.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831451/; classtype:trojan-activity;sid:84694551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lacquerwarepernyimoth791/crosshair-x-custom-crosshair-overlay-for-every-game/raw/refs/heads/main/1.24.2/for_game_custom_overlay_every_crosshair_3.2-alpha.2.zip"; depth:160; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831448/; classtype:trojan-activity;sid:84694548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrfrank-07/ipa-edit/raw/refs/heads/main/modules/edit_i_p_v1.7.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831443/; classtype:trojan-activity;sid:84694543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bragii044/securekey-vault/main/context/secure_vault_key_v2.5.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831445/; classtype:trojan-activity;sid:84694545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ajobka/teams-alive/raw/refs/heads/main/childe/teams-alive-1.1.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831436/; classtype:trojan-activity;sid:84694536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/holasisisi23/telegram-media-downloader/raw/refs/heads/main/unnoticed/media-telegram-downloader-unhatched.zip"; depth:109; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831438/; classtype:trojan-activity;sid:84694538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/funeralvalue508/crossdevicetracker.desktop/main/unheretical/cross_tracker_desktop_device_v1.8.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831433/; classtype:trojan-activity;sid:84694533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ke029121/energized-time-tracker/raw/refs/heads/main/phlebopexy/energized-time-tracker-1.7.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831435/; classtype:trojan-activity;sid:84694535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparoecanthusfultoni104/exphora_db/raw/refs/heads/main/ui/src/components/settings/exphora-db-v3.4-beta.1.zip"; depth:109; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831429/; classtype:trojan-activity;sid:84694529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anandhupeepi/kafkalet/raw/refs/heads/main/frontend/node_modules/tailwindcss/lib/cli/software-cowardy.zip"; depth:105; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831430/; classtype:trojan-activity;sid:84694530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hundred-praisworthiness384/domainos/main/scripts/os-domain-1.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831425/; classtype:trojan-activity;sid:84694525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acting-correlationalanalysis567/twin-bridge-v1/main/frontend/src/bridge_twin_1.1.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831427/; classtype:trojan-activity;sid:84694527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kathan2504/auto-voice-over-tool/raw/refs/heads/main/src/windows/main/auto_tool_over_voice_fining.zip"; depth:101; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831417/; classtype:trojan-activity;sid:84694517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loeyyyyy/ai-voice-changer-real-time-2026/raw/refs/heads/main/cpp/de/jurihock/voicesmith/plug/time-changer-real-a-voice-3.4.zip"; depth:127; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831406/; classtype:trojan-activity;sid:84694506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/poetic-macroglia442/openclaw-desktop-launcher/raw/refs/heads/main/startopenclawlauncher/services/launcher_desktop_openclaw_v3.8-beta.2.zip"; depth:139; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831409/; classtype:trojan-activity;sid:84694509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/software_1.0.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831410/; classtype:trojan-activity;sid:84694510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sb090/tauri-plugin-macos-fps/main/examples/fps-diag/src-tauri/capabilities/plugin_macos_fps_tauri_2.4.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831411/; classtype:trojan-activity;sid:84694511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/koteshwr-ra/linux-mac/main/image/common/overlay/etc/linux_mac_hacker.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831403/; classtype:trojan-activity;sid:84694503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdulmejid/desktopledsync/main/providers/desktop_led_sync_v3.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831404/; classtype:trojan-activity;sid:84694504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eliasxii/nullbyte/raw/refs/heads/main/docs/assets/byte_null_v3.0-beta.4.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831405/; classtype:trojan-activity;sid:84694505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scriptez1/redxfreesteaminstaller/releases/download/v2.4.4/redx_setup.exe"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831369/; classtype:trojan-activity;sid:84694469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.129.153.224"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831230/; classtype:trojan-activity;sid:84694330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g.sh"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830970/; classtype:trojan-activity;sid:84694070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupa9495/youtube-hide-low-views-videos/raw/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; depth:106; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830938/; classtype:trojan-activity;sid:84694038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupa9495/n8n-mt5-fetch/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830936/; classtype:trojan-activity;sid:84694036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupa9495/n8n-mt5-fetch/raw/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830937/; classtype:trojan-activity;sid:84694037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupa9495/rupa9495.github.io/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830935/; classtype:trojan-activity;sid:84694035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupa9495/rupa9495.github.io/raw/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830934/; classtype:trojan-activity;sid:84694034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rupa9495/youtube-hide-low-views-videos/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830933/; classtype:trojan-activity;sid:84694033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/bright-future-academy/raw/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; depth:95; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830856/; classtype:trojan-activity;sid:84693956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muradaldahmashi/swiftuihelpers/raw/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830857/; classtype:trojan-activity;sid:84693957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muradaldahmashi/compose-password/raw/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; depth:126; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830859/; classtype:trojan-activity;sid:84693959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/particalfun/refs/heads/main/build/software-v3.8-beta.1.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830860/; classtype:trojan-activity;sid:84693960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevlar782/kevlar782.github.io/raw/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830861/; classtype:trojan-activity;sid:84693961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/claude-code-showcase/raw/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; depth:117; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830862/; classtype:trojan-activity;sid:84693962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/raw/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; depth:120; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830863/; classtype:trojan-activity;sid:84693963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muradaldahmashi/compose-password/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830865/; classtype:trojan-activity;sid:84693965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/portfolio/raw/refs/heads/main/assets/projects/software_v3.4.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830866/; classtype:trojan-activity;sid:84693966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fadeldia/facebook-marketing-automation/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830868/; classtype:trojan-activity;sid:84693968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/bright-future-academy/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830870/; classtype:trojan-activity;sid:84693970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/portfolio/refs/heads/main/assets/projects/software_v3.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830871/; classtype:trojan-activity;sid:84693971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muradaldahmashi/swiftuihelpers/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830874/; classtype:trojan-activity;sid:84693974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fadeldia/facebook-marketing-automation/raw/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; depth:113; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830876/; classtype:trojan-activity;sid:84693976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/particalfun/raw/refs/heads/main/build/software-v3.8-beta.1.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830851/; classtype:trojan-activity;sid:84693951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830853/; classtype:trojan-activity;sid:84693953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/ipoprock.github.io/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830854/; classtype:trojan-activity;sid:84693954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/builds/raw/refs/heads/main/build/software-1.4.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830855/; classtype:trojan-activity;sid:84693955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muradaldahmashi/android-development/refs/heads/main/examples/android-development-v3.7.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830849/; classtype:trojan-activity;sid:84693949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/builds/refs/heads/main/build/software-1.4.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830846/; classtype:trojan-activity;sid:84693946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/claude-code-showcase/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830842/; classtype:trojan-activity;sid:84693942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muradaldahmashi/android-development/raw/refs/heads/main/examples/android-development-v3.7.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830843/; classtype:trojan-activity;sid:84693943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ipoprock/ipoprock.github.io/raw/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830844/; classtype:trojan-activity;sid:84693944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hankamarvanova/hankamarvanova.github.io/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830817/; classtype:trojan-activity;sid:84693917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hankamarvanova/unified-db/raw/refs/heads/main/sources/db_unified_3.9.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830819/; classtype:trojan-activity;sid:84693919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevlar782/genshin-ts/raw/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830826/; classtype:trojan-activity;sid:84693926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/espressivep/nextjs-tailwind-postgresql-project-template/raw/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; depth:133; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830828/; classtype:trojan-activity;sid:84693928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/espressivep/espressivep.github.io/raw/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; depth:101; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830829/; classtype:trojan-activity;sid:84693929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hankamarvanova/unified-db/refs/heads/main/sources/db_unified_3.9.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830831/; classtype:trojan-activity;sid:84693931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/espressivep/nextjs-tailwind-postgresql-project-template/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; depth:129; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830834/; classtype:trojan-activity;sid:84693934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/espressivep/espressivep.github.io/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830837/; classtype:trojan-activity;sid:84693937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevlar782/kevlar782.github.io/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830838/; classtype:trojan-activity;sid:84693938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevlar782/genshin-ts/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830840/; classtype:trojan-activity;sid:84693940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hankamarvanova/hankamarvanova.github.io/raw/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; depth:105; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830814/; classtype:trojan-activity;sid:84693914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/bot-n-animado-con-html-y-css/raw/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; depth:103; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830784/; classtype:trojan-activity;sid:84693884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/w_merchs/raw/refs/heads/main/src/layouts/merchs_3.4.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830780/; classtype:trojan-activity;sid:84693880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ziebwon/cnmsb/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830777/; classtype:trojan-activity;sid:84693877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830778/; classtype:trojan-activity;sid:84693878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/bot-n-animado-con-html-y-css/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830763/; classtype:trojan-activity;sid:84693863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/propesy_demon/raw/refs/heads/main/public/propesy-demon-2.0.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830768/; classtype:trojan-activity;sid:84693868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/raw/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; depth:119; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830769/; classtype:trojan-activity;sid:84693869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/gestion_voluntario/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830770/; classtype:trojan-activity;sid:84693870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/gestion_voluntario/raw/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830771/; classtype:trojan-activity;sid:84693871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theenemylost/community-design-resources/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830772/; classtype:trojan-activity;sid:84693872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theenemylost/community-design-resources/raw/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; depth:118; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830773/; classtype:trojan-activity;sid:84693873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/w_merchs/refs/heads/main/src/layouts/merchs_3.4.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830774/; classtype:trojan-activity;sid:84693874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ziebwon/cnmsb/raw/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830776/; classtype:trojan-activity;sid:84693876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/propesy_demon/refs/heads/main/public/propesy-demon-2.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830749/; classtype:trojan-activity;sid:84693849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeffplatinum1013/jeffplatinum1013.github.io/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830751/; classtype:trojan-activity;sid:84693851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faisaloday/evotokendlm/refs/heads/master/assets/dlm_evo_token_1.0.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830752/; classtype:trojan-activity;sid:84693852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faisaloday/faisaloday.github.io/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830755/; classtype:trojan-activity;sid:84693855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theenemylost/theenemylost.github.io/raw/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; depth:100; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830756/; classtype:trojan-activity;sid:84693856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/appium-flutter-java-automation/raw/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; depth:120; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830760/; classtype:trojan-activity;sid:84693860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faisaloday/faisaloday.github.io/raw/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; depth:96; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830761/; classtype:trojan-activity;sid:84693861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/faisaloday/evotokendlm/raw/refs/heads/master/assets/dlm_evo_token_1.0.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830741/; classtype:trojan-activity;sid:84693841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/websyze.github.io/raw/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830743/; classtype:trojan-activity;sid:84693843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/websyze.github.io/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830744/; classtype:trojan-activity;sid:84693844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/theenemylost/theenemylost.github.io/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830745/; classtype:trojan-activity;sid:84693845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeffplatinum1013/jeffplatinum1013.github.io/raw/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; depth:109; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830746/; classtype:trojan-activity;sid:84693846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/websyze/appium-flutter-java-automation/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830747/; classtype:trojan-activity;sid:84693847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mo911-w16/novabar/refs/heads/main/src/about/bar-nova-spiritfully.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830725/; classtype:trojan-activity;sid:84693825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/darkexception22.github.io/raw/refs/heads/main/unreachably/darkexception_github_io_v2.7.zip"; depth:107; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830729/; classtype:trojan-activity;sid:84693829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novabiriseg/gpio-led-cycle/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830730/; classtype:trojan-activity;sid:84693830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/darkexception22.github.io/refs/heads/main/unreachably/darkexception_github_io_v2.7.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830732/; classtype:trojan-activity;sid:84693832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mo911-w16/mo911-w16.github.io/raw/refs/heads/main/towards/github-w-mo-io-badenite.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830720/; classtype:trojan-activity;sid:84693820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mo911-w16/mo911-w16.github.io/refs/heads/main/towards/github-w-mo-io-badenite.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830721/; classtype:trojan-activity;sid:84693821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mo911-w16/novabar/raw/refs/heads/main/src/about/bar-nova-spiritfully.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830723/; classtype:trojan-activity;sid:84693823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novabiriseg/gpio-led-cycle/raw/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; depth:101; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830724/; classtype:trojan-activity;sid:84693824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/da-hood-lock-script-showcase/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830712/; classtype:trojan-activity;sid:84693812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/raw/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; depth:110; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830713/; classtype:trojan-activity;sid:84693813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/aayush/refs/heads/master/dietic/software-commenceable.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830706/; classtype:trojan-activity;sid:84693806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/aayush/raw/refs/heads/master/dietic/software-commenceable.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830707/; classtype:trojan-activity;sid:84693807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/da-hood-lock-script-showcase/raw/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; depth:113; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830708/; classtype:trojan-activity;sid:84693808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgmonitorbrasil/nav2_hybrid_a_star/raw/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830702/; classtype:trojan-activity;sid:84693802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/alphabet/raw/refs/heads/main/src/cmps/software_unattuned.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830693/; classtype:trojan-activity;sid:84693793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgmonitorbrasil/nav2_hybrid_a_star/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830694/; classtype:trojan-activity;sid:84693794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830695/; classtype:trojan-activity;sid:84693795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/darkexception22/alphabet/refs/heads/main/src/cmps/software_unattuned.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830690/; classtype:trojan-activity;sid:84693790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sooryanaga/qt-liquid-glass/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830682/; classtype:trojan-activity;sid:84693782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdoooali/corellm/refs/heads/main/corellm/software_calaba.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830681/; classtype:trojan-activity;sid:84693781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sooryanaga/obscure-affairs-unlocked-edition/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830680/; classtype:trojan-activity;sid:84693780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/momofrd00/wpu-resolusi/raw/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830666/; classtype:trojan-activity;sid:84693766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wijewardhanagayashi/grifindo_toy_new_system/raw/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; depth:102; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830668/; classtype:trojan-activity;sid:84693768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/momofrd00/jquery-status-message/raw/refs/heads/main/css/status_message_jquery_2.2.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830669/; classtype:trojan-activity;sid:84693769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830670/; classtype:trojan-activity;sid:84693770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/raw/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; depth:158; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830671/; classtype:trojan-activity;sid:84693771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sooryanaga/obscure-affairs-unlocked-edition/raw/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; depth:119; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830672/; classtype:trojan-activity;sid:84693772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/momofrd00/wpu-resolusi/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830673/; classtype:trojan-activity;sid:84693773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/raw/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; depth:107; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830674/; classtype:trojan-activity;sid:84693774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdoooali/corellm/raw/refs/heads/main/corellm/software_calaba.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830675/; classtype:trojan-activity;sid:84693775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wijewardhanagayashi/awesome-dotnet/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830676/; classtype:trojan-activity;sid:84693776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/celestiapolyunsaturated14/helios-engine/raw/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830644/; classtype:trojan-activity;sid:84693744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lumansitrevormwesigwa/parallaxparticles/raw/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; depth:151; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830645/; classtype:trojan-activity;sid:84693745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wijewardhanagayashi/photography_website/raw/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; depth:132; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830646/; classtype:trojan-activity;sid:84693746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wijewardhanagayashi/photography_website/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; depth:128; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830647/; classtype:trojan-activity;sid:84693747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; depth:154; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830648/; classtype:trojan-activity;sid:84693748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/celestiapolyunsaturated14/helios-engine/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830651/; classtype:trojan-activity;sid:84693751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdoooali/precision-aim-8ball-pool/raw/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; depth:108; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830652/; classtype:trojan-activity;sid:84693752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sooryanaga/qt-liquid-glass/raw/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830653/; classtype:trojan-activity;sid:84693753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wijewardhanagayashi/grifindo_toy_new_system/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830655/; classtype:trojan-activity;sid:84693755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdoooali/precision-aim-8ball-pool/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830658/; classtype:trojan-activity;sid:84693758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/momofrd00/jquery-status-message/refs/heads/main/css/status_message_jquery_2.2.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830660/; classtype:trojan-activity;sid:84693760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dishonorpeachpit230/fijahu-5/raw/refs/heads/main/quiz/fijahu_v2.1.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830663/; classtype:trojan-activity;sid:84693763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wijewardhanagayashi/awesome-dotnet/raw/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830664/; classtype:trojan-activity;sid:84693764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lumansitrevormwesigwa/parallaxparticles/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; depth:147; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830641/; classtype:trojan-activity;sid:84693741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dishonorpeachpit230/fijahu-5/refs/heads/main/quiz/fijahu_v2.1.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830640/; classtype:trojan-activity;sid:84693740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ericliu8888/blog-preview-card/raw/refs/heads/main/assets/preview-blog-card-outtop.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830621/; classtype:trojan-activity;sid:84693721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonasedwardsalkfirehose824/bobanimelist/raw/refs/heads/main/.droid/software-2.9-beta.4.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830622/; classtype:trojan-activity;sid:84693722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ericliu8888/blog-preview-card/refs/heads/main/assets/preview-blog-card-outtop.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830624/; classtype:trojan-activity;sid:84693724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonasedwardsalkfirehose824/bobanimelist/refs/heads/main/.droid/software-2.9-beta.4.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830620/; classtype:trojan-activity;sid:84693720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/separatesoapmaker/cs2-report-tool/raw/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830601/; classtype:trojan-activity;sid:84693701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/separatesoapmaker/cs2-report-tool/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830602/; classtype:trojan-activity;sid:84693702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seizesectorpraise/7-days-to-die-player-detection/refs/heads/main/7daystodiepd-1.4.0-win64.rar"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830600/; classtype:trojan-activity;sid:84693700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seizesectorpraise/7-days-to-die-player-detection/raw/refs/heads/main/7daystodiepd-1.4.0-win64.rar"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830598/; classtype:trojan-activity;sid:84693698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.client.exe"; depth:23; endswith; nocase; http.host; content:"178.16.55.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830132/; classtype:trojan-activity;sid:84693232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/opvjr94jfe/plugins/vnc.exe"; depth:27; endswith; nocase; http.host; content:"91.92.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830135/; classtype:trojan-activity;sid:84693235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"112.226.178.108"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829580/; classtype:trojan-activity;sid:84692680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"112.226.178.108"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829559/; classtype:trojan-activity;sid:84692659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salesplataniik-commits/updates/v1/1583.txt"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829410/; classtype:trojan-activity;sid:84692510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salesplataniik-commits/sales/raw/refs/heads/main/nrrwihqidthwszel.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829411/; classtype:trojan-activity;sid:84692511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829387/; classtype:trojan-activity;sid:84692487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829389/; classtype:trojan-activity;sid:84692489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829391/; classtype:trojan-activity;sid:84692491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829392/; classtype:trojan-activity;sid:84692492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829393/; classtype:trojan-activity;sid:84692493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829394/; classtype:trojan-activity;sid:84692494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829395/; classtype:trojan-activity;sid:84692495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829396/; classtype:trojan-activity;sid:84692496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829397/; classtype:trojan-activity;sid:84692497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829398/; classtype:trojan-activity;sid:84692498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"23.140.244.57"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829399/; classtype:trojan-activity;sid:84692499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oualiide/manageengine-desktop-central-crack/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829211/; classtype:trojan-activity;sid:84692311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamevoid2366/authcrack-v8/raw/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829208/; classtype:trojan-activity;sid:84692308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oualiide/manageengine-desktop-central-crack/raw/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; depth:125; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829209/; classtype:trojan-activity;sid:84692309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/cloudweb/raw/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829210/; classtype:trojan-activity;sid:84692310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/cloudweb/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829203/; classtype:trojan-activity;sid:84692303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamevoid2366/authcrack-v8/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829205/; classtype:trojan-activity;sid:84692305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/vercel/refs/heads/main/methylanthracene/software_1.9.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829206/; classtype:trojan-activity;sid:84692306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/todo/refs/heads/main/eyeberry/software_v3.2.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829207/; classtype:trojan-activity;sid:84692307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/vercel/raw/refs/heads/main/methylanthracene/software_1.9.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829201/; classtype:trojan-activity;sid:84692301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/hash_crack/raw/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; depth:99; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829199/; classtype:trojan-activity;sid:84692299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/todo/raw/refs/heads/main/eyeberry/software_v3.2.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829200/; classtype:trojan-activity;sid:84692300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/web/raw/refs/heads/main/reticence/software-uncivilish.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829198/; classtype:trojan-activity;sid:84692298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/hash_crack/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829196/; classtype:trojan-activity;sid:84692296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jcalumag19/web/refs/heads/main/reticence/software-uncivilish.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829197/; classtype:trojan-activity;sid:84692297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaktiigrover/autopasscrack/raw/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829173/; classtype:trojan-activity;sid:84692273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wuaricoco23/whiteboxaescrack/raw/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829174/; classtype:trojan-activity;sid:84692274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaktiigrover/shakti-site/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829175/; classtype:trojan-activity;sid:84692275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaktiigrover/shakti-site/raw/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829176/; classtype:trojan-activity;sid:84692276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wuaricoco23/valentine/raw/refs/heads/main/effortful/software-2.3.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829179/; classtype:trojan-activity;sid:84692279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wuaricoco23/whiteboxaescrack/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829170/; classtype:trojan-activity;sid:84692270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaktiigrover/autopasscrack/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829171/; classtype:trojan-activity;sid:84692271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wuaricoco23/valentine/refs/heads/main/effortful/software-2.3.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829172/; classtype:trojan-activity;sid:84692272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pammyhangdog747/claude-cracks-the-whip/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829150/; classtype:trojan-activity;sid:84692250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pammyhangdog747/claude-cracks-the-whip/raw/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; depth:101; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829151/; classtype:trojan-activity;sid:84692251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guvann/guvann1/raw/refs/heads/main/confirmatory/guvann-v1.7.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829135/; classtype:trojan-activity;sid:84692235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guvann/cursor-reset/raw/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829125/; classtype:trojan-activity;sid:84692225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guvann/cursor-reset/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829116/; classtype:trojan-activity;sid:84692216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guvann/guvann1/refs/heads/main/confirmatory/guvann-v1.7.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829117/; classtype:trojan-activity;sid:84692217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t"; depth:2; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828598/; classtype:trojan-activity;sid:84691698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tp"; depth:3; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828599/; classtype:trojan-activity;sid:84691699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828600/; classtype:trojan-activity;sid:84691700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssh.sh"; depth:7; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828601/; classtype:trojan-activity;sid:84691701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp.sh"; depth:8; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828602/; classtype:trojan-activity;sid:84691702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p.sh"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828603/; classtype:trojan-activity;sid:84691703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mpsl"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828589/; classtype:trojan-activity;sid:84691689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr.sh"; depth:7; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828590/; classtype:trojan-activity;sid:84691690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl.sh"; depth:8; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828591/; classtype:trojan-activity;sid:84691691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d.sh"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828592/; classtype:trojan-activity;sid:84691692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828588/; classtype:trojan-activity;sid:84691688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dvr"; depth:4; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828583/; classtype:trojan-activity;sid:84691683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g"; depth:2; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828584/; classtype:trojan-activity;sid:84691684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c"; depth:2; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828585/; classtype:trojan-activity;sid:84691685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn"; depth:3; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828586/; classtype:trojan-activity;sid:84691686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/w.sh"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828580/; classtype:trojan-activity;sid:84691680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sh4"; depth:9; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828575/; classtype:trojan-activity;sid:84691675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/m68k"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828576/; classtype:trojan-activity;sid:84691676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/i686"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828577/; classtype:trojan-activity;sid:84691677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm7"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828578/; classtype:trojan-activity;sid:84691678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c.sh"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828574/; classtype:trojan-activity;sid:84691674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/wget.sh"; depth:13; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828569/; classtype:trojan-activity;sid:84691669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mipsel"; depth:12; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828570/; classtype:trojan-activity;sid:84691670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/ppc"; depth:9; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828571/; classtype:trojan-activity;sid:84691671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/x86"; depth:9; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828572/; classtype:trojan-activity;sid:84691672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/mips"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828573/; classtype:trojan-activity;sid:84691673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm"; depth:9; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828566/; classtype:trojan-activity;sid:84691666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/arm5"; depth:10; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828567/; classtype:trojan-activity;sid:84691667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/amd64"; depth:11; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828568/; classtype:trojan-activity;sid:84691668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bee"; depth:4; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828565/; classtype:trojan-activity;sid:84691665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amd64"; depth:6; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828564/; classtype:trojan-activity;sid:84691664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wget.sh"; depth:8; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828518/; classtype:trojan-activity;sid:84691618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massload"; depth:9; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828245/; classtype:trojan-activity;sid:84691345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deermoment/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828228/; classtype:trojan-activity;sid:84691328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deermoment/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828229/; classtype:trojan-activity;sid:84691329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828100/; classtype:trojan-activity;sid:84691200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828101/; classtype:trojan-activity;sid:84691201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828092/; classtype:trojan-activity;sid:84691192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828093/; classtype:trojan-activity;sid:84691193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828094/; classtype:trojan-activity;sid:84691194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828095/; classtype:trojan-activity;sid:84691195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828096/; classtype:trojan-activity;sid:84691196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828097/; classtype:trojan-activity;sid:84691197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828098/; classtype:trojan-activity;sid:84691198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828099/; classtype:trojan-activity;sid:84691199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"208.84.100.209"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827962/; classtype:trojan-activity;sid:84691062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grab.exe"; depth:9; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827862/; classtype:trojan-activity;sid:84690962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"123.232.142.200"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827734/; classtype:trojan-activity;sid:84690834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/april_staff_appraisal_4qsk_pdf.arj"; depth:35; endswith; nocase; http.host; content:"mosselnet.co.za"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827620/; classtype:trojan-activity;sid:84690720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"24.35.228.16"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827318/; classtype:trojan-activity;sid:84690418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emacute/maize_disease_detection_system/raw/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; depth:111; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826347/; classtype:trojan-activity;sid:84689447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/emacute/maize_disease_detection_system/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826343/; classtype:trojan-activity;sid:84689443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/camilo-vs/patching-hacked-world/raw/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; depth:134; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826334/; classtype:trojan-activity;sid:84689434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/camilo-vs/patching-hacked-world/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826320/; classtype:trojan-activity;sid:84689420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//tmp/f/10dfff942805d90d6ebb28bd58093653_20251208021850.so"; depth:58; endswith; nocase; http.host; content:"fd.v2downf.shop"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_19; reference:url, urlhaus.abuse.ch/url/3825863/; classtype:trojan-activity;sid:84688963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.168.128.146"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825482/; classtype:trojan-activity;sid:84688582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagedan73.png"; depth:15; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824667/; classtype:trojan-activity;sid:84687767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagepoiuy0.png"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824503/; classtype:trojan-activity;sid:84687603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imageiuyre99.png"; depth:17; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824501/; classtype:trojan-activity;sid:84687601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imageven098.png"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824500/; classtype:trojan-activity;sid:84687600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagesddff00.png"; depth:17; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824498/; classtype:trojan-activity;sid:84687598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagehola21.png"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824497/; classtype:trojan-activity;sid:84687597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imageyyyy1.png"; depth:15; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824496/; classtype:trojan-activity;sid:84687596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagelokoko222.png"; depth:19; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824495/; classtype:trojan-activity;sid:84687595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagefresk090.png"; depth:18; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824494/; classtype:trojan-activity;sid:84687594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image77490p.png"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824492/; classtype:trojan-activity;sid:84687592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagecdg09.png"; depth:15; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824490/; classtype:trojan-activity;sid:84687590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image09iug0.png"; depth:16; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824489/; classtype:trojan-activity;sid:84687589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image222.png"; depth:13; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824438/; classtype:trojan-activity;sid:84687538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagefre9003.png"; depth:17; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824134/; classtype:trojan-activity;sid:84687234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/4.log"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823984/; classtype:trojan-activity;sid:84687084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/4.log"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823983/; classtype:trojan-activity;sid:84687083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/3.log"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823982/; classtype:trojan-activity;sid:84687082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/3.log"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823981/; classtype:trojan-activity;sid:84687081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tursin-xd/thediscordbot/raw/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823977/; classtype:trojan-activity;sid:84687077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itzmesultan01/eventpipe/raw/refs/heads/main/src/formats/software_2.6.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823979/; classtype:trojan-activity;sid:84687079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/restaurant-management-saas/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823974/; classtype:trojan-activity;sid:84687074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/secure-vault/refs/heads/main/node_modules/%40supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823975/; classtype:trojan-activity;sid:84687075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tursin-xd/thediscordbot/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823976/; classtype:trojan-activity;sid:84687076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/securevault-password-manager/raw/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; depth:131; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823972/; classtype:trojan-activity;sid:84687072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/securevault-password-manager/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; depth:127; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823973/; classtype:trojan-activity;sid:84687073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/secure-vault/raw/refs/heads/main/node_modules/@supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; depth:116; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823967/; classtype:trojan-activity;sid:84687067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/spaceship-mcp/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823970/; classtype:trojan-activity;sid:84687070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tursin-xd/thescriptstoroblox/refs/heads/main/gaiter/software-v3.1.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823961/; classtype:trojan-activity;sid:84687061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tursin-xd/thescriptstoroblox/raw/refs/heads/main/gaiter/software-v3.1.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823963/; classtype:trojan-activity;sid:84687063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/spaceship-mcp/raw/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823964/; classtype:trojan-activity;sid:84687064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/restaurant-management-saas/raw/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; depth:121; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823965/; classtype:trojan-activity;sid:84687065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itzmesultan01/eventpipe/refs/heads/main/src/formats/software_2.6.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823958/; classtype:trojan-activity;sid:84687058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/smart-tutor/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823959/; classtype:trojan-activity;sid:84687059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naveenkm007/smart-tutor/raw/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823960/; classtype:trojan-activity;sid:84687060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackfalan/was/raw/refs/heads/master/augurship/software-v1.3-beta.2.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823951/; classtype:trojan-activity;sid:84687051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandro-beep/discord-message-forwarder/raw/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; depth:115; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823937/; classtype:trojan-activity;sid:84687037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jesusnnc/mtproxy/refs/heads/main/angiosporous/proxy_mt_v2.0.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823938/; classtype:trojan-activity;sid:84687038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jesusnnc/mtproxy/raw/refs/heads/main/angiosporous/proxy_mt_v2.0.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823942/; classtype:trojan-activity;sid:84687042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sandro-beep/discord-message-forwarder/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823945/; classtype:trojan-activity;sid:84687045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackfalan/happyview/refs/heads/master/yow/software_v2.0-beta.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823932/; classtype:trojan-activity;sid:84687032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saramc89mc/personal-website-template/raw/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; depth:121; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823933/; classtype:trojan-activity;sid:84687033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alecyi/cache-components-granular/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; depth:116; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823930/; classtype:trojan-activity;sid:84687030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invertebratekinanesthesia779/aios-core/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823926/; classtype:trojan-activity;sid:84687026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackfalan/happyview/raw/refs/heads/master/yow/software_v2.0-beta.1.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823924/; classtype:trojan-activity;sid:84687024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alecyi/cache-components-granular/raw/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; depth:120; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823922/; classtype:trojan-activity;sid:84687022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackfalan/was/refs/heads/master/augurship/software-v1.3-beta.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823921/; classtype:trojan-activity;sid:84687021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invertebratekinanesthesia779/aios-core/raw/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; depth:117; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823919/; classtype:trojan-activity;sid:84687019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/industrialintelligence/willywarriorportfolio/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823912/; classtype:trojan-activity;sid:84687012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/industrialintelligence/willywarriorportfolio/raw/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; depth:115; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823913/; classtype:trojan-activity;sid:84687013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/industrialintelligence/homestead_new_backend/raw/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; depth:115; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823911/; classtype:trojan-activity;sid:84687011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/industrialintelligence/homestead_new_backend/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; depth:111; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823909/; classtype:trojan-activity;sid:84687009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/industrialintelligence/homestead/raw/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; depth:101; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823910/; classtype:trojan-activity;sid:84687010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45d5r/databricks-mcp-server/raw/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; depth:103; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823908/; classtype:trojan-activity;sid:84687008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saramc89mc/personal-website-template/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823907/; classtype:trojan-activity;sid:84687007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/45d5r/databricks-mcp-server/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823905/; classtype:trojan-activity;sid:84687005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/industrialintelligence/homestead/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; depth:97; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823906/; classtype:trojan-activity;sid:84687006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikhildaharwal2004/context.nvim/raw/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822769/; classtype:trojan-activity;sid:84685869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonisark/html-portfolioes/raw/refs/heads/main/someone/html_portfolioes_1.1.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822771/; classtype:trojan-activity;sid:84685871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikhildaharwal2004/context.nvim/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822773/; classtype:trojan-activity;sid:84685873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonisark/djast/raw/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822765/; classtype:trojan-activity;sid:84685865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonisark/joni/raw/refs/heads/main/epiklesis/software-1.5.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822767/; classtype:trojan-activity;sid:84685867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonisark/git-demo/raw/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822761/; classtype:trojan-activity;sid:84685861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonisark/git-demo/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822762/; classtype:trojan-activity;sid:84685862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonisark/djast/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822755/; classtype:trojan-activity;sid:84685855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jonisark/html-portfolioes/refs/heads/main/someone/html_portfolioes_1.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822759/; classtype:trojan-activity;sid:84685859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yawnspe/custom-plugin-devops/raw/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822735/; classtype:trojan-activity;sid:84685835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reddinton95/custom-plugin-backend/raw/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; depth:114; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822736/; classtype:trojan-activity;sid:84685836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reddinton95/custom-plugin-backend/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822739/; classtype:trojan-activity;sid:84685839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/assignment-2/refs/heads/main/img/assignment_shelyak.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822726/; classtype:trojan-activity;sid:84685826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/assignment-2/raw/refs/heads/main/img/assignment_shelyak.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822727/; classtype:trojan-activity;sid:84685827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/assignment-1/raw/refs/heads/main/img/assignment-2.3.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822728/; classtype:trojan-activity;sid:84685828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yawnspe/custom-plugin-devops/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822729/; classtype:trojan-activity;sid:84685829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/tailwindproject/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; depth:126; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822730/; classtype:trojan-activity;sid:84685830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/gemini_cli_skill/raw/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822731/; classtype:trojan-activity;sid:84685831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaacww/var-lighter-auto-tool/raw/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; depth:105; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822732/; classtype:trojan-activity;sid:84685832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/tailwindproject/raw/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; depth:130; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822733/; classtype:trojan-activity;sid:84685833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/isaacww/var-lighter-auto-tool/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822734/; classtype:trojan-activity;sid:84685834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/assignment-1/refs/heads/main/img/assignment-2.3.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822724/; classtype:trojan-activity;sid:84685824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/junayedahmedd/gemini_cli_skill/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822725/; classtype:trojan-activity;sid:84685825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flix-ux/powersub-demo-7484/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822718/; classtype:trojan-activity;sid:84685818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jallinskyluca/entregafinal/raw/refs/heads/main/css/final-entrega-3.0.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822720/; classtype:trojan-activity;sid:84685820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jallinskyluca/entregafinal/refs/heads/main/css/final-entrega-3.0.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822707/; classtype:trojan-activity;sid:84685807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jallinskyluca/ai-etl-anomaly-detection/raw/refs/heads/main/data/anomaly_etl_ai_detection_2.1.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822711/; classtype:trojan-activity;sid:84685811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flix-ux/powersub-demo-7484/raw/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822713/; classtype:trojan-activity;sid:84685813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jallinskyluca/ai-etl-anomaly-detection/refs/heads/main/data/anomaly_etl_ai_detection_2.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822716/; classtype:trojan-activity;sid:84685816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizkiameli/blog-starter-template/raw/refs/heads/main/lib/blog_template_starter_2.4.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822698/; classtype:trojan-activity;sid:84685798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rizkiameli/blog-starter-template/refs/heads/main/lib/blog_template_starter_2.4.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822697/; classtype:trojan-activity;sid:84685797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/longphamok1323/2025doubao-free-api/refs/heads/master/public/doubao_api_free_inanga.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822678/; classtype:trojan-activity;sid:84685778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roseannspastic496/pyspark-etl-automation/raw/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; depth:112; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822679/; classtype:trojan-activity;sid:84685779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roseannspastic496/pyspark-etl-automation/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822683/; classtype:trojan-activity;sid:84685783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123luka123/k3s-proxmox-terraform/raw/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822686/; classtype:trojan-activity;sid:84685786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novice-cloud/workflow/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822689/; classtype:trojan-activity;sid:84685789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/longphamok1323/2025doubao-free-api/raw/refs/heads/master/public/doubao_api_free_inanga.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822694/; classtype:trojan-activity;sid:84685794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novice-cloud/workflow/raw/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; depth:107; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822673/; classtype:trojan-activity;sid:84685773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123luka123/k3s-proxmox-terraform/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822659/; classtype:trojan-activity;sid:84685759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/camm1ls/deviloff/raw/refs/heads/main/4j8576a0e8v3.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822575/; classtype:trojan-activity;sid:84685675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/camm1ls/deviloff/refs/heads/main/4j8576a0e8v3.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822574/; classtype:trojan-activity;sid:84685674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fornessa/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822557/; classtype:trojan-activity;sid:84685657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/landeliur/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822558/; classtype:trojan-activity;sid:84685658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeinfully/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822559/; classtype:trojan-activity;sid:84685659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hopeinfully/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822555/; classtype:trojan-activity;sid:84685655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/landeliur/fivem-spoofer/refs/heads/main/cfxbypass.exe"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822556/; classtype:trojan-activity;sid:84685656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fornessa/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822554/; classtype:trojan-activity;sid:84685654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.203.86.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822169/; classtype:trojan-activity;sid:84685269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan"; depth:6; endswith; nocase; http.host; content:"101.43.204.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821825/; classtype:trojan-activity;sid:84684925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lucifer.elf"; depth:12; endswith; nocase; http.host; content:"101.43.204.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821821/; classtype:trojan-activity;sid:84684921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g64.exe"; depth:8; endswith; nocase; http.host; content:"101.43.204.194"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821822/; classtype:trojan-activity;sid:84684922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=bat|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; depth:162; endswith; nocase; http.host; content:"184.174.20.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821609/; classtype:trojan-activity;sid:84684709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/femboy.sh"; depth:20; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821582/; classtype:trojan-activity;sid:84684682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.i586"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821583/; classtype:trojan-activity;sid:84684683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.sh4"; depth:18; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821584/; classtype:trojan-activity;sid:84684684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.sparc"; depth:20; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821585/; classtype:trojan-activity;sid:84684685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv4l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821586/; classtype:trojan-activity;sid:84684686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.m68k"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821587/; classtype:trojan-activity;sid:84684687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.mipsel"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821588/; classtype:trojan-activity;sid:84684688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv6l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821589/; classtype:trojan-activity;sid:84684689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.powerpc"; depth:22; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821590/; classtype:trojan-activity;sid:84684690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.mips"; depth:19; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821578/; classtype:trojan-activity;sid:84684678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv5l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821579/; classtype:trojan-activity;sid:84684679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.armv7l"; depth:21; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821580/; classtype:trojan-activity;sid:84684680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/systemctl/bin.arc"; depth:18; endswith; nocase; http.host; content:"46.8.78.55"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821581/; classtype:trojan-activity;sid:84684681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"65.99.181.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821392/; classtype:trojan-activity;sid:84684492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagepixxx011.png"; depth:18; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821391/; classtype:trojan-activity;sid:84684491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagevolume09875987654.png"; depth:27; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821380/; classtype:trojan-activity;sid:84684480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagehd09.png"; depth:14; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821356/; classtype:trojan-activity;sid:84684456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/support.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=4-4-2026|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=new|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; depth:164; endswith; nocase; http.host; content:"doc.e-statements.app"; depth:20; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821345/; classtype:trojan-activity;sid:84684445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; depth:63; endswith; nocase; http.host; content:"23.94.232.76"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821315/; classtype:trojan-activity;sid:84684415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3820855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/professor9-sys/oldlauncher928/refs/heads/main/woofer.rar"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_13; reference:url, urlhaus.abuse.ch/url/3820855/; classtype:trojan-activity;sid:84683955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3817332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/net_launcher.exe"; depth:26; endswith; nocase; http.host; content:"185.149.120.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3817332/; classtype:trojan-activity;sid:84680432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pato851/pato851.github.io/raw/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816932/; classtype:trojan-activity;sid:84680032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pato851/rock-breaker/refs/heads/main/src/components/rock_breaker_v1.9.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816929/; classtype:trojan-activity;sid:84680029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pato851/rock-breaker/raw/refs/heads/main/src/components/rock_breaker_v1.9.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816930/; classtype:trojan-activity;sid:84680030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pato851/pato851.github.io/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816931/; classtype:trojan-activity;sid:84680031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talktobaby/infinity-snip3/raw/refs/heads/master/audio/infinity_snip_screeve.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816923/; classtype:trojan-activity;sid:84680023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talktobaby/talktobaby.github.io/raw/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; depth:92; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816921/; classtype:trojan-activity;sid:84680021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talktobaby/infinity-snip3/refs/heads/master/audio/infinity_snip_screeve.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816922/; classtype:trojan-activity;sid:84680022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/talktobaby/talktobaby.github.io/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816920/; classtype:trojan-activity;sid:84680020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xfoxusx/xfoxusx.github.io/raw/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816888/; classtype:trojan-activity;sid:84679988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xfoxusx/arduino-joystick-and-servo-control/raw/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; depth:114; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816889/; classtype:trojan-activity;sid:84679989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xfoxusx/arduino-joystick-and-servo-control/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816887/; classtype:trojan-activity;sid:84679987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xfoxusx/xfoxusx.github.io/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816886/; classtype:trojan-activity;sid:84679986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdalrhmanasif5/tic_tac_toe/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816841/; classtype:trojan-activity;sid:84679941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdalrhmanasif5/32/raw/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816837/; classtype:trojan-activity;sid:84679937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816838/; classtype:trojan-activity;sid:84679938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/raw/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; depth:109; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816839/; classtype:trojan-activity;sid:84679939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdalrhmanasif5/tic_tac_toe/raw/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816840/; classtype:trojan-activity;sid:84679940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdalrhmanasif5/32/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816836/; classtype:trojan-activity;sid:84679936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm64"; depth:12; endswith; nocase; http.host; content:"45.66.228.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816822/; classtype:trojan-activity;sid:84679922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"45.66.228.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816823/; classtype:trojan-activity;sid:84679923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mixteens/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816810/; classtype:trojan-activity;sid:84679910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mixteens/fivem-spoofer/refs/heads/main/cfxbypass.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816809/; classtype:trojan-activity;sid:84679909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jahredip/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816793/; classtype:trojan-activity;sid:84679893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jahredip/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816791/; classtype:trojan-activity;sid:84679891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trustnobodys/fivem-spoofer/refs/heads/main/cfxbypass.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816792/; classtype:trojan-activity;sid:84679892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trustnobodys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816790/; classtype:trojan-activity;sid:84679890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atteriss/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816784/; classtype:trojan-activity;sid:84679884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atteriss/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816785/; classtype:trojan-activity;sid:84679885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips"; depth:11; endswith; nocase; http.host; content:"45.66.228.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816741/; classtype:trojan-activity;sid:84679841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"45.66.228.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816739/; classtype:trojan-activity;sid:84679839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"45.66.228.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816740/; classtype:trojan-activity;sid:84679840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z"; depth:2; endswith; nocase; http.host; content:"103.232.213.24"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816485/; classtype:trojan-activity;sid:84679585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/net_launcher.exe"; depth:26; endswith; nocase; http.host; content:"furystaff.tech"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816386/; classtype:trojan-activity;sid:84679486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"45.66.228.93"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816329/; classtype:trojan-activity;sid:84679429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"58.37.0.5"; depth:9; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816317/; classtype:trojan-activity;sid:84679417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/launcher.dll"; depth:22; endswith; nocase; http.host; content:"185.149.120.3"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815736/; classtype:trojan-activity;sid:84678836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elementos/mhdcbdc.txt"; depth:22; endswith; nocase; http.host; content:"grupomcperu.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814916/; classtype:trojan-activity;sid:84678016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0/b/spenglercomics.firebasestorage.app/o/task.txt|3f|alt=media|7c|26|7c|token=f162f5ce-52f7-4407-8cc4-dd96cedd9b0e"; depth:116; endswith; nocase; http.host; content:"firebasestorage.googleapis.com"; depth:30; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814834/; classtype:trojan-activity;sid:84677934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/encrypted.hta"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814749/; classtype:trojan-activity;sid:84677849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/windowslogonservice.bat"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814747/; classtype:trojan-activity;sid:84677847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/pulsar-client.exe"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814748/; classtype:trojan-activity;sid:84677848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/maybeworking.hta"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814746/; classtype:trojan-activity;sid:84677846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/test/123123.exe"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814744/; classtype:trojan-activity;sid:84677844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/rickowens/refs/heads/main/encrypted.hta"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814742/; classtype:trojan-activity;sid:84677842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/detectionratetesting.hta"; depth:88; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814743/; classtype:trojan-activity;sid:84677843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/rickowens/raw/refs/heads/main/pulsar-client.exe"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814741/; classtype:trojan-activity;sid:84677841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/test/encrypted.hta"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814740/; classtype:trojan-activity;sid:84677840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/conhost.exe"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814107/; classtype:trojan-activity;sid:84677207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/randll32.exe"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814104/; classtype:trojan-activity;sid:84677204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsw0"; depth:5; endswith; nocase; http.host; content:"202.155.8.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3813947/; classtype:trojan-activity;sid:84677047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wsw0"; depth:5; endswith; nocase; http.host; content:"216.107.139.197"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813818/; classtype:trojan-activity;sid:84676918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"45.95.147.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813653/; classtype:trojan-activity;sid:84676753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k.php"; depth:6; endswith; nocase; http.host; content:"45.95.147.178"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813602/; classtype:trojan-activity;sid:84676702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x"; depth:2; endswith; nocase; http.host; content:"160.119.69.4"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813596/; classtype:trojan-activity;sid:84676696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbc"; depth:4; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812726/; classtype:trojan-activity;sid:84675826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.12.251.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812586/; classtype:trojan-activity;sid:84675686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u"; depth:2; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812407/; classtype:trojan-activity;sid:84675507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s"; depth:2; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812302/; classtype:trojan-activity;sid:84675402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3811002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t.sh"; depth:5; endswith; nocase; http.host; content:"5.175.223.249"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_04; reference:url, urlhaus.abuse.ch/url/3811002/; classtype:trojan-activity;sid:84674102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"65.99.181.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810858/; classtype:trojan-activity;sid:84673958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"85.12.251.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810839/; classtype:trojan-activity;sid:84673939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y"; depth:2; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810777/; classtype:trojan-activity;sid:84673877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"192.176.50.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810689/; classtype:trojan-activity;sid:84673789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"192.176.50.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810685/; classtype:trojan-activity;sid:84673785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peinf.exe"; depth:10; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810532/; classtype:trojan-activity;sid:84673632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rsvp_invite%23903388.exe"; depth:25; endswith; nocase; http.host; content:"pub-ec081eb0fab74385a17d8d77afeeda3b.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810486/; classtype:trojan-activity;sid:84673586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips64"; depth:7; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810447/; classtype:trojan-activity;sid:84673547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i586"; depth:5; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810361/; classtype:trojan-activity;sid:84673461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810363/; classtype:trojan-activity;sid:84673463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerpc"; depth:8; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810364/; classtype:trojan-activity;sid:84673464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i686"; depth:5; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810338/; classtype:trojan-activity;sid:84673438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arc"; depth:4; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810339/; classtype:trojan-activity;sid:84673439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sparc"; depth:6; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810342/; classtype:trojan-activity;sid:84673442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810343/; classtype:trojan-activity;sid:84673443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mipsel"; depth:7; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810347/; classtype:trojan-activity;sid:84673447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv4l"; depth:7; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810350/; classtype:trojan-activity;sid:84673450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i486"; depth:5; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810352/; classtype:trojan-activity;sid:84673452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810360/; classtype:trojan-activity;sid:84673460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv5l"; depth:7; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810337/; classtype:trojan-activity;sid:84673437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv6l"; depth:7; endswith; nocase; http.host; content:"195.178.110.204"; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810335/; classtype:trojan-activity;sid:84673435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcoss/dl/pptv(pplive)_forap_1084_9993.exe"; depth:42; endswith; nocase; http.host; content:"ossapp.suning.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809815/; classtype:trojan-activity;sid:84672915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.224.208.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809563/; classtype:trojan-activity;sid:84672663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sehhs_msi.png"; depth:14; endswith; nocase; http.host; content:"reutilizemais.co.mz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809024/; classtype:trojan-activity;sid:84672124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sehhs_msi.png"; depth:14; endswith; nocase; http.host; content:"reutilizemais.co.mz"; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809025/; classtype:trojan-activity;sid:84672125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"217.208.164.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3808984/; classtype:trojan-activity;sid:84672084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.224.208.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3808978/; classtype:trojan-activity;sid:84672078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/packages/83/b7/5e93f51cd157cc8cf5599f387e587a1926d50fc7e54fb76d04b342341fb0/telnyx-4.87.1-py3-none-any.whl"; depth:107; endswith; nocase; http.host; content:"files.pythonhosted.org"; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808366/; classtype:trojan-activity;sid:84671466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/packages/5a/73/87cb49434a1f89f253819b81993d3a4e65186ae08b013b9825633ceac359/telnyx-4.87.2-py3-none-any.whl"; depth:107; endswith; nocase; http.host; content:"files.pythonhosted.org"; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808367/; classtype:trojan-activity;sid:84671467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"90.224.208.190"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808154/; classtype:trojan-activity;sid:84671254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zouag94/map/refs/heads/main/or/75.txt"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807792/; classtype:trojan-activity;sid:84670892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zouag94/map/raw/refs/heads/main/or/75.txt"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807793/; classtype:trojan-activity;sid:84670893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustkimkureshi/cafe-erp-system/raw/refs/heads/main/css/system-er-caf-v3.3.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807785/; classtype:trojan-activity;sid:84670885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nopaleafifo630/tic-tac-toe-game/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807786/; classtype:trojan-activity;sid:84670886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustkimkureshi/cafe-erp-system/refs/heads/main/css/system-er-caf-v3.3.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807787/; classtype:trojan-activity;sid:84670887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nopaleafifo630/tic-tac-toe-game/raw/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807788/; classtype:trojan-activity;sid:84670888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeckef/unnamed_game_1_v2/raw/refs/heads/main/epidictical/game-unnamed-v-1.3-beta.4.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807790/; classtype:trojan-activity;sid:84670890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustkimkureshi/blood-donation-sql-project/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807779/; classtype:trojan-activity;sid:84670879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mustkimkureshi/blood-donation-sql-project/raw/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; depth:114; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807781/; classtype:trojan-activity;sid:84670881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xlh/cccc.sh"; depth:12; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_28; reference:url, urlhaus.abuse.ch/url/3807041/; classtype:trojan-activity;sid:84670141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"90.224.208.161"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_28; reference:url, urlhaus.abuse.ch/url/3806913/; classtype:trojan-activity;sid:84670013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.220.132.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806637/; classtype:trojan-activity;sid:84669737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.220.132.248"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806627/; classtype:trojan-activity;sid:84669727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sa.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806307/; classtype:trojan-activity;sid:84669407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ph.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806305/; classtype:trojan-activity;sid:84669405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xx.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806306/; classtype:trojan-activity;sid:84669406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i.sh"; depth:5; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806302/; classtype:trojan-activity;sid:84669402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sc.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806303/; classtype:trojan-activity;sid:84669403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/re.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805847/; classtype:trojan-activity;sid:84668947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libsystem.so"; depth:13; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805839/; classtype:trojan-activity;sid:84668939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-amd64"; depth:11; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805840/; classtype:trojan-activity;sid:84668940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl-aarch64"; depth:13; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805841/; classtype:trojan-activity;sid:84668941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acb.sh"; depth:7; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805837/; classtype:trojan-activity;sid:84668937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mt.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805838/; classtype:trojan-activity;sid:84668938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.208.164.149"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805755/; classtype:trojan-activity;sid:84668855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imgedu093.png"; depth:14; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805660/; classtype:trojan-activity;sid:84668760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image099.png"; depth:13; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805656/; classtype:trojan-activity;sid:84668756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagecopy777.png"; depth:17; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805655/; classtype:trojan-activity;sid:84668755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.68"; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805559/; classtype:trojan-activity;sid:84668659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagetxt0074751.png"; depth:20; endswith; nocase; http.host; content:"solar-sanat.net"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_25; reference:url, urlhaus.abuse.ch/url/3804863/; classtype:trojan-activity;sid:84667963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armaan29-09-2005/ai-osint-security-analyzer/raw/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; depth:108; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803904/; classtype:trojan-activity;sid:84667004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armaan29-09-2005/ai-osint-security-analyzer/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803901/; classtype:trojan-activity;sid:84667001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modyd/kaggle-ai-agents-google-capstone/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; depth:120; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803891/; classtype:trojan-activity;sid:84666991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modyd/kaggle-ai-agents-google-capstone/raw/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; depth:124; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803892/; classtype:trojan-activity;sid:84666992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caidonw/caidonw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803855/; classtype:trojan-activity;sid:84666955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/raw/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; depth:112; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803847/; classtype:trojan-activity;sid:84666947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; depth:108; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803851/; classtype:trojan-activity;sid:84666951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; depth:199; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803838/; classtype:trojan-activity;sid:84666938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elmamlaka/shopify-traffic-filter-block-bots/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803839/; classtype:trojan-activity;sid:84666939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/raw/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; depth:203; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803842/; classtype:trojan-activity;sid:84666942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elmamlaka/shopify-traffic-filter-block-bots/raw/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; depth:117; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803843/; classtype:trojan-activity;sid:84666943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caidonw/caidonw/raw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803845/; classtype:trojan-activity;sid:84666945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsntizka/23/raw/refs/heads/main/in/23.txt"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803799/; classtype:trojan-activity;sid:84666899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0zrx/b0zrx.github.io/raw/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803804/; classtype:trojan-activity;sid:84666904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsntizka/23/refs/heads/main/in/23.txt"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803797/; classtype:trojan-activity;sid:84666897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowwkezer/shannon/raw/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; depth:109; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803774/; classtype:trojan-activity;sid:84666874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowwkezer/shannon/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; depth:105; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803776/; classtype:trojan-activity;sid:84666876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowwkezer/bunny/refs/heads/main/src/lib/utils/software-3.6.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803778/; classtype:trojan-activity;sid:84666878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyrustmods/github.io/refs/heads/master/assets/mobirise/github_io_1.4.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803779/; classtype:trojan-activity;sid:84666879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowwkezer/bunnytweak/raw/refs/heads/main/.github/software_v1.4-alpha.1.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803781/; classtype:trojan-activity;sid:84666881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/raw/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; depth:106; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803782/; classtype:trojan-activity;sid:84666882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyrustmods/github.io/raw/refs/heads/master/assets/mobirise/github_io_1.4.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803784/; classtype:trojan-activity;sid:84666884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyrustmods/openclaw-skill-safe/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803789/; classtype:trojan-activity;sid:84666889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowwkezer/bunny/raw/refs/heads/main/src/lib/utils/software-3.6.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803791/; classtype:trojan-activity;sid:84666891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyrustmods/openclaw-skill-safe/raw/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803794/; classtype:trojan-activity;sid:84666894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0zrx/rationtrack/raw/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803795/; classtype:trojan-activity;sid:84666895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0zrx/rationtrack/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803796/; classtype:trojan-activity;sid:84666896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b0zrx/b0zrx.github.io/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803761/; classtype:trojan-activity;sid:84666861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabinakhatun14588-ctrl/sabinakhatun14588-ctrl.github.io/raw/refs/heads/main/aigialosaurus/github-sabinakhatun-ctrl-io-v3.0.zip"; depth:127; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803766/; classtype:trojan-activity;sid:84666866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabinakhatun14588-ctrl/sabinakhatun14588-ctrl.github.io/refs/heads/main/aigialosaurus/github-sabinakhatun-ctrl-io-v3.0.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803767/; classtype:trojan-activity;sid:84666867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803768/; classtype:trojan-activity;sid:84666868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lowwkezer/bunnytweak/refs/heads/main/.github/software_v1.4-alpha.1.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803772/; classtype:trojan-activity;sid:84666872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eldenisek/syro-theme/refs/heads/main/images/syro_theme_v3.7.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803738/; classtype:trojan-activity;sid:84666838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nerfyjubay/phitto-phishing/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803739/; classtype:trojan-activity;sid:84666839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kankertje2/anti-shannon/raw/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803740/; classtype:trojan-activity;sid:84666840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eldenisek/anti-afk/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803741/; classtype:trojan-activity;sid:84666841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eldenisek/anti-afk/raw/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803742/; classtype:trojan-activity;sid:84666842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eldenisek/syro-theme/raw/refs/heads/main/images/syro_theme_v3.7.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803744/; classtype:trojan-activity;sid:84666844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krypton2355/rust-linuxgsm-watchdog/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803745/; classtype:trojan-activity;sid:84666845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nerfyjubay/phitto-phishing/raw/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803748/; classtype:trojan-activity;sid:84666848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saeeed123/1af-starwars-theoldrepublicff/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; depth:110; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803749/; classtype:trojan-activity;sid:84666849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaggyt0701/prompt-shield/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803750/; classtype:trojan-activity;sid:84666850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaggyt0701/prompt-shield/raw/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803754/; classtype:trojan-activity;sid:84666854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saeeed123/1af-starwars-theoldrepublicff/raw/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; depth:114; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803733/; classtype:trojan-activity;sid:84666833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kankertje2/anti-shannon/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803735/; classtype:trojan-activity;sid:84666835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krypton2355/rust-linuxgsm-watchdog/raw/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; depth:96; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803737/; classtype:trojan-activity;sid:84666837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1nashiw2/nioh3-trainer-2026/raw/refs/heads/main/src/trainer-nioh-v1.9.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803719/; classtype:trojan-activity;sid:84666819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apgmightking/security-audit-framework-shell/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803709/; classtype:trojan-activity;sid:84666809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apgmightking/security-audit-framework-shell/raw/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; depth:116; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803712/; classtype:trojan-activity;sid:84666812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1nashiw2/nioh3-trainer-2026/refs/heads/main/src/trainer-nioh-v1.9.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803715/; classtype:trojan-activity;sid:84666815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfuhuu/nvidiacapture/raw/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803705/; classtype:trojan-activity;sid:84666805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hfuhuu/nvidiacapture/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803706/; classtype:trojan-activity;sid:84666806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kmjs632/png/refs/heads/main/optimizedmsi.png"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_23; reference:url, urlhaus.abuse.ch/url/3803384/; classtype:trojan-activity;sid:84666484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3802108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charliefloud-bot/testrepository/refs/heads/main/cryptifyv2upload.txt"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3802108/; classtype:trojan-activity;sid:84665208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64el"; depth:15; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801985/; classtype:trojan-activity;sid:84665085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm6"; depth:11; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801986/; classtype:trojan-activity;sid:84665086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64"; depth:12; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801987/; classtype:trojan-activity;sid:84665087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_ppc64el"; depth:14; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801988/; classtype:trojan-activity;sid:84665088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm5"; depth:11; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801989/; classtype:trojan-activity;sid:84665089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips_softfloat"; depth:21; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801990/; classtype:trojan-activity;sid:84665090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips64"; depth:13; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801984/; classtype:trojan-activity;sid:84665084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_aarch64"; depth:14; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801982/; classtype:trojan-activity;sid:84665082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801983/; classtype:trojan-activity;sid:84665083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel_softfloat"; depth:23; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801978/; classtype:trojan-activity;sid:84665078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_386"; depth:10; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801979/; classtype:trojan-activity;sid:84665079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mipsel_hardfloat"; depth:23; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801980/; classtype:trojan-activity;sid:84665080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_mips_hardfloat"; depth:21; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801981/; classtype:trojan-activity;sid:84665081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_arm7"; depth:11; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801977/; classtype:trojan-activity;sid:84665077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cccc.sh"; depth:8; endswith; nocase; http.host; content:"libss.0x504.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801970/; classtype:trojan-activity;sid:84665070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savagegodfather/tma-llms-txt/raw/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801845/; classtype:trojan-activity;sid:84664945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eridanux/eridanux.github.io/raw/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; depth:93; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801846/; classtype:trojan-activity;sid:84664946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savagegodfather/savagegodfather.github.io/raw/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; depth:116; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801848/; classtype:trojan-activity;sid:84664948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eridanux/blades-of-fire-external-toolset/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801838/; classtype:trojan-activity;sid:84664938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savagegodfather/tma-llms-txt/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; depth:80; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801839/; classtype:trojan-activity;sid:84664939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eridanux/eridanux.github.io/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801840/; classtype:trojan-activity;sid:84664940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eridanux/blades-of-fire-external-toolset/raw/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; depth:116; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801841/; classtype:trojan-activity;sid:84664941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eridanux/cashu-skill/raw/refs/heads/main/cli/cashu-skill-v3.6.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801842/; classtype:trojan-activity;sid:84664942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/savagegodfather/savagegodfather.github.io/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801843/; classtype:trojan-activity;sid:84664943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eridanux/cashu-skill/refs/heads/main/cli/cashu-skill-v3.6.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801844/; classtype:trojan-activity;sid:84664944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sablive25/sablive25.github.io/raw/refs/heads/main/tumor/io-github-sablive-1.8.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800822/; classtype:trojan-activity;sid:84663922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sablive25/sablive25.github.io/refs/heads/main/tumor/io-github-sablive-1.8.zip"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800823/; classtype:trojan-activity;sid:84663923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/longtengsiha/arbitrum-dapp-skill/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; depth:95; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800813/; classtype:trojan-activity;sid:84663913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/longtengsiha/arbitrum-dapp-skill/raw/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; depth:99; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800815/; classtype:trojan-activity;sid:84663915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sablive25/iranpipfix/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800817/; classtype:trojan-activity;sid:84663917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sablive25/iranpipfix/raw/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800818/; classtype:trojan-activity;sid:84663918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2332245/2332245.github.io/refs/heads/main/endlichite/github_io_v3.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800802/; classtype:trojan-activity;sid:84663902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2332245/starspring/raw/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800803/; classtype:trojan-activity;sid:84663903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2332245/2332245.github.io/raw/refs/heads/main/endlichite/github_io_v3.5.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800804/; classtype:trojan-activity;sid:84663904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69ir/opensem/raw/refs/heads/main/configs/sem_open_v2.2.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800805/; classtype:trojan-activity;sid:84663905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69ir/opensem/refs/heads/main/configs/sem_open_v2.2.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800806/; classtype:trojan-activity;sid:84663906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69ir/69ir.github.io/refs/heads/main/outbring/io_github_ir_v3.3.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800807/; classtype:trojan-activity;sid:84663907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2332245/starspring/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800808/; classtype:trojan-activity;sid:84663908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/69ir/69ir.github.io/raw/refs/heads/main/outbring/io_github_ir_v3.3.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800811/; classtype:trojan-activity;sid:84663911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/assignment/refs/heads/main/pluricipital/software_v1.8.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800757/; classtype:trojan-activity;sid:84663857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/ecommerce_backend/raw/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800759/; classtype:trojan-activity;sid:84663859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/ecommerce_backend/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800760/; classtype:trojan-activity;sid:84663860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/players123/soenneker.gen.adapt/raw/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; depth:100; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800753/; classtype:trojan-activity;sid:84663853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/assignment/raw/refs/heads/main/pluricipital/software_v1.8.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800754/; classtype:trojan-activity;sid:84663854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/ecommerce_frontend/raw/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; depth:119; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800755/; classtype:trojan-activity;sid:84663855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/pwskills_assignment/raw/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800746/; classtype:trojan-activity;sid:84663846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/pwskills_assignment/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; depth:81; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800748/; classtype:trojan-activity;sid:84663848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arpan02/ecommerce_frontend/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; depth:115; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800749/; classtype:trojan-activity;sid:84663849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/players123/soenneker.gen.adapt/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800750/; classtype:trojan-activity;sid:84663850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/portfoilio/refs/heads/main/.vscode/software-1.9.zip"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800583/; classtype:trojan-activity;sid:84663683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/bo6-secretloadouts/raw/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800584/; classtype:trojan-activity;sid:84663684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/digital-resume-builder/raw/refs/heads/main/public/digital-builder-resume-predramatic.zip"; depth:102; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800579/; classtype:trojan-activity;sid:84663679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/portfoilio/raw/refs/heads/main/.vscode/software-1.9.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800580/; classtype:trojan-activity;sid:84663680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/digital-resume-builder/refs/heads/main/public/digital-builder-resume-predramatic.zip"; depth:98; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800581/; classtype:trojan-activity;sid:84663681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/bo6-secretloadouts/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800582/; classtype:trojan-activity;sid:84663682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/powersub-demo-1078/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800577/; classtype:trojan-activity;sid:84663677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mannkalariya/powersub-demo-1078/raw/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800578/; classtype:trojan-activity;sid:84663678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dellarwalter/throttleai/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800569/; classtype:trojan-activity;sid:84663669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charlieallen16/vibeshell/raw/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800567/; classtype:trojan-activity;sid:84663667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dellarwalter/throttleai/raw/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800568/; classtype:trojan-activity;sid:84663668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/charlieallen16/vibeshell/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800566/; classtype:trojan-activity;sid:84663666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/bookshelf-api-submission/raw/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; depth:105; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800558/; classtype:trojan-activity;sid:84663658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/bit-of-business-os/raw/refs/heads/master/images/os_bit_of_business_v2.9.zip"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800559/; classtype:trojan-activity;sid:84663659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/bookshelf-api-submission/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; depth:101; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800560/; classtype:trojan-activity;sid:84663660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/rest-api-app/raw/refs/heads/main/flaskr/rest_app_api_2.7.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800561/; classtype:trojan-activity;sid:84663661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/notes-app-back-end/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800562/; classtype:trojan-activity;sid:84663662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/rest-api-app/refs/heads/main/flaskr/rest_app_api_2.7.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800563/; classtype:trojan-activity;sid:84663663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kattimatti22/vibecode-playground/refs/heads/main/hooks/playground_vibecode_2.8.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800552/; classtype:trojan-activity;sid:84663652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/bit-of-business-os/refs/heads/master/images/os_bit_of_business_v2.9.zip"; depth:84; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800553/; classtype:trojan-activity;sid:84663653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kattimatti22/vibecode-playground/raw/refs/heads/main/hooks/playground_vibecode_2.8.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800554/; classtype:trojan-activity;sid:84663654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/010-020-022_datamining_polibatam/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; depth:104; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800555/; classtype:trojan-activity;sid:84663655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/010-020-022_datamining_polibatam/raw/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; depth:108; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800556/; classtype:trojan-activity;sid:84663656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/danieltulus/notes-app-back-end/raw/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800557/; classtype:trojan-activity;sid:84663657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anjdjwjf/fastuator/refs/heads/main/examples/software-1.5.zip"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800245/; classtype:trojan-activity;sid:84663345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anjdjwjf/fastuator/raw/refs/heads/main/examples/software-1.5.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800247/; classtype:trojan-activity;sid:84663347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okesing/neergz-web-app/refs/heads/main/canel/app-neergz-web-v2.9.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800239/; classtype:trojan-activity;sid:84663339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kasjan2137/azure-ml-pipeline/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; depth:82; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800240/; classtype:trojan-activity;sid:84663340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/okesing/neergz-web-app/raw/refs/heads/main/canel/app-neergz-web-v2.9.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800241/; classtype:trojan-activity;sid:84663341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kasjan2137/azure-ml-pipeline/raw/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800242/; classtype:trojan-activity;sid:84663342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pirateshadow/nan111de/raw/refs/heads/main/spiketop/na_de_presentably.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799901/; classtype:trojan-activity;sid:84663001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pirateshadow/nan111de/refs/heads/main/spiketop/na_de_presentably.zip"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799902/; classtype:trojan-activity;sid:84663002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fezarecool/mcp-claude-hackernews/raw/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; depth:93; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799874/; classtype:trojan-activity;sid:84662974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fezarecool/mcp-claude-hackernews/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799873/; classtype:trojan-activity;sid:84662973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leozin143/ai-terminal-x/raw/refs/heads/main/img/x-terminal-ai-v2.1.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799870/; classtype:trojan-activity;sid:84662970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leozin143/ai-terminal-x/refs/heads/main/img/x-terminal-ai-v2.1.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799868/; classtype:trojan-activity;sid:84662968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/infiniterunnergame/raw/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; depth:93; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799860/; classtype:trojan-activity;sid:84662960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/infiniterunnergame/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; depth:89; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799859/; classtype:trojan-activity;sid:84662959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/les-moders/raw/refs/heads/main/les-modern/les_moders_v2.2.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799856/; classtype:trojan-activity;sid:84662956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/pong/raw/refs/heads/master/pong_game/software-v2.0.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799857/; classtype:trojan-activity;sid:84662957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/homework/raw/refs/heads/master/heteroeciousness/software-1.8.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799858/; classtype:trojan-activity;sid:84662958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/pong/refs/heads/master/pong_game/software-v2.0.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799855/; classtype:trojan-activity;sid:84662955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/les-moders/refs/heads/main/les-modern/les_moders_v2.2.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799851/; classtype:trojan-activity;sid:84662951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/classwork-/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; depth:143; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799852/; classtype:trojan-activity;sid:84662952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/homework/refs/heads/master/heteroeciousness/software-1.8.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799853/; classtype:trojan-activity;sid:84662953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jarrenstyle/classwork-/raw/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; depth:147; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799854/; classtype:trojan-activity;sid:84662954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/wedding-invitation/raw/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; depth:104; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799339/; classtype:trojan-activity;sid:84662439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/tech-educa/raw/refs/heads/main/annoyment/tech-educa-wried.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799330/; classtype:trojan-activity;sid:84662430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/sistem-cis/raw/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799332/; classtype:trojan-activity;sid:84662432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/oh-my-openclaw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; depth:113; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799333/; classtype:trojan-activity;sid:84662433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/sistem-cis/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799335/; classtype:trojan-activity;sid:84662435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/wordpress/refs/heads/main/standard/software_v1.4.zip"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799336/; classtype:trojan-activity;sid:84662436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/test-pull/refs/heads/main/volucrine/test-pull-v2.3.zip"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799337/; classtype:trojan-activity;sid:84662437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/test-pull/raw/refs/heads/main/volucrine/test-pull-v2.3.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799338/; classtype:trojan-activity;sid:84662438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/supervpn-premium-unlocked-edition/raw/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; depth:127; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799323/; classtype:trojan-activity;sid:84662423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/php/raw/refs/heads/main/kerbstone/software_v1.4.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799324/; classtype:trojan-activity;sid:84662424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/php/refs/heads/main/kerbstone/software_v1.4.zip"; depth:63; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799325/; classtype:trojan-activity;sid:84662425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/tech-educa/refs/heads/main/annoyment/tech-educa-wried.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799326/; classtype:trojan-activity;sid:84662426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/oh-my-openclaw/raw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; depth:117; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799327/; classtype:trojan-activity;sid:84662427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/supervpn-premium-unlocked-edition/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; depth:123; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799328/; classtype:trojan-activity;sid:84662428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/wordpress/raw/refs/heads/main/standard/software_v1.4.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799329/; classtype:trojan-activity;sid:84662429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fathanghani864/wedding-invitation/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799320/; classtype:trojan-activity;sid:84662420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chester1900/rmisimplebanksystem/raw/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799207/; classtype:trojan-activity;sid:84662307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adammtn/wincam-no-trial/raw/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799186/; classtype:trojan-activity;sid:84662286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chester1900/txt-to-video-leech-uploader/raw/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; depth:107; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799187/; classtype:trojan-activity;sid:84662287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unresponsive-in384/temporal_reasoning_vision_system/raw/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; depth:126; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799190/; classtype:trojan-activity;sid:84662290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adammtn/wincam-no-trial/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799198/; classtype:trojan-activity;sid:84662298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chester1900/rmisimplebanksystem/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799199/; classtype:trojan-activity;sid:84662299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unresponsive-in384/temporal_reasoning_vision_system/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799200/; classtype:trojan-activity;sid:84662300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chester1900/txt-to-video-leech-uploader/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; depth:103; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799201/; classtype:trojan-activity;sid:84662301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sameer2135/offcam/refs/heads/main/opinable/cam_off_v2.2.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799177/; classtype:trojan-activity;sid:84662277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sameer2135/offcam/raw/refs/heads/main/opinable/cam_off_v2.2.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799178/; classtype:trojan-activity;sid:84662278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; depth:117; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799155/; classtype:trojan-activity;sid:84662255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/raw/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; depth:121; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799156/; classtype:trojan-activity;sid:84662256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/raw/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; depth:208; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799114/; classtype:trojan-activity;sid:84662214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; depth:204; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799113/; classtype:trojan-activity;sid:84662213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/raw/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; depth:192; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799108/; classtype:trojan-activity;sid:84662208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; depth:188; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799109/; classtype:trojan-activity;sid:84662209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelasdeb/kelasdeb.github.io/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799099/; classtype:trojan-activity;sid:84662199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelasdeb/kelasdeb.github.io/raw/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799098/; classtype:trojan-activity;sid:84662198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelasdeb/customnamesforgeysermc/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; depth:90; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799096/; classtype:trojan-activity;sid:84662196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kelasdeb/customnamesforgeysermc/raw/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799097/; classtype:trojan-activity;sid:84662197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/josemaq/5536/raw/refs/heads/main/26/85.txt"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799090/; classtype:trojan-activity;sid:84662190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/josemaq/5536/refs/heads/main/26/85.txt"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799089/; classtype:trojan-activity;sid:84662189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lolo10201/trial-project/refs/heads/main/login_page.txt"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798895/; classtype:trojan-activity;sid:84661995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lolo10201/trial-project/raw/refs/heads/main/login_page.txt"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798896/; classtype:trojan-activity;sid:84661996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/159zhx/pet-simulator-99/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798873/; classtype:trojan-activity;sid:84661973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/159zhx/pet-simulator-99/raw/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798874/; classtype:trojan-activity;sid:84661974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paul111-beep/roblox-murder-mystery/raw/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; depth:104; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798868/; classtype:trojan-activity;sid:84661968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paul111-beep/roblox-murder-mystery/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798867/; classtype:trojan-activity;sid:84661967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igmp24184/roblox-macro-v3.0.0/raw/refs/heads/main/language/roblo-macr-v2.1.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798845/; classtype:trojan-activity;sid:84661945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/igmp24184/roblox-macro-v3.0.0/refs/heads/main/language/roblo-macr-v2.1.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798844/; classtype:trojan-activity;sid:84661944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/gsc-project/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; depth:100; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798843/; classtype:trojan-activity;sid:84661943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/gsc-project/raw/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; depth:104; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798840/; classtype:trojan-activity;sid:84661940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/studentchecklist/raw/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; depth:116; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798841/; classtype:trojan-activity;sid:84661941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/example/raw/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798842/; classtype:trojan-activity;sid:84661942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/version8project/raw/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; depth:106; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798836/; classtype:trojan-activity;sid:84661936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/version8project/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798837/; classtype:trojan-activity;sid:84661937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/studentchecklist/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; depth:112; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798838/; classtype:trojan-activity;sid:84661938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/example/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; depth:85; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798839/; classtype:trojan-activity;sid:84661939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/roblox-executor/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; depth:122; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798833/; classtype:trojan-activity;sid:84661933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknown4522/roblox-executor/raw/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; depth:126; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798834/; classtype:trojan-activity;sid:84661934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naruto1233958/roblox-fisch-script/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798823/; classtype:trojan-activity;sid:84661923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naruto1233958/roblox-fisch-script/raw/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; depth:95; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798824/; classtype:trojan-activity;sid:84661924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/localdumbass2112/adoptmescript/raw/refs/heads/main/marshalman/software-v3.9.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798825/; classtype:trojan-activity;sid:84661925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvcj503/permission_studio/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798826/; classtype:trojan-activity;sid:84661926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvcj503/permission_studio/raw/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798827/; classtype:trojan-activity;sid:84661927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/localdumbass2112/adoptmescript/refs/heads/main/marshalman/software-v3.9.zip"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798828/; classtype:trojan-activity;sid:84661928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linapatel518/cv/raw/refs/heads/main/relayman/software-v3.3.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798813/; classtype:trojan-activity;sid:84661913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linapatel518/cv/refs/heads/main/relayman/software-v3.3.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798812/; classtype:trojan-activity;sid:84661912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linapatel518/drumkit/refs/heads/main/images/kit_drum_v2.7.zip"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798810/; classtype:trojan-activity;sid:84661910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linapatel518/drumkit/raw/refs/heads/main/images/kit_drum_v2.7.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798811/; classtype:trojan-activity;sid:84661911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linapatel518/rbxfpsunlocker/refs/heads/main/sheepwalker/software_v2.5.zip"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798808/; classtype:trojan-activity;sid:84661908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linapatel518/rbxfpsunlocker/raw/refs/heads/main/sheepwalker/software_v2.5.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798809/; classtype:trojan-activity;sid:84661909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qouzk/now.gg-roblox-in-browser/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798801/; classtype:trojan-activity;sid:84661901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qouzk/now.gg-roblox-in-browser/raw/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; depth:95; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798802/; classtype:trojan-activity;sid:84661902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ishu-276/adoptmescript/refs/heads/main/archduchy/software_v3.0.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798799/; classtype:trojan-activity;sid:84661899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ishu-276/adoptmescript/raw/refs/heads/main/archduchy/software_v3.0.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798800/; classtype:trojan-activity;sid:84661900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oceanremodeling/fischroblox/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798797/; classtype:trojan-activity;sid:84661897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oceanremodeling/fischroblox/raw/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798796/; classtype:trojan-activity;sid:84661896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibrahim832023/adoptme-script-download/raw/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; depth:103; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798795/; classtype:trojan-activity;sid:84661895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ibrahim832023/adoptme-script-download/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; depth:99; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798792/; classtype:trojan-activity;sid:84661892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/expect8iondev/towersim-hardcore-evolution/raw/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; depth:111; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798789/; classtype:trojan-activity;sid:84661889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/expect8iondev/towersim-hardcore-evolution/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; depth:107; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798790/; classtype:trojan-activity;sid:84661890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahmoudwagih1/ant-man-simulator-toolkit/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; depth:106; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798787/; classtype:trojan-activity;sid:84661887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mahmoudwagih1/ant-man-simulator-toolkit/raw/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; depth:110; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798788/; classtype:trojan-activity;sid:84661888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"174.105.154.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798745/; classtype:trojan-activity;sid:84661845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.87.112.128"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_17; reference:url, urlhaus.abuse.ch/url/3797992/; classtype:trojan-activity;sid:84661092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/imagecopy0956.png"; depth:18; endswith; nocase; http.host; content:"everycarebd.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_17; reference:url, urlhaus.abuse.ch/url/3797917/; classtype:trojan-activity;sid:84661017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"119.200.78.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_17; reference:url, urlhaus.abuse.ch/url/3797665/; classtype:trojan-activity;sid:84660765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3797083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"121.142.70.6"; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_16; reference:url, urlhaus.abuse.ch/url/3797083/; classtype:trojan-activity;sid:84660183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"174.105.154.212"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_15; reference:url, urlhaus.abuse.ch/url/3796886/; classtype:trojan-activity;sid:84659986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabssama12/gabssama12.github.io/raw/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796281/; classtype:trojan-activity;sid:84659381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabssama12/gabssama12.github.io/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; depth:93; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796278/; classtype:trojan-activity;sid:84659378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabssama12/plugin.video.netflix/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; depth:91; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796279/; classtype:trojan-activity;sid:84659379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabssama12/plugin.video.netflix/raw/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; depth:95; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796280/; classtype:trojan-activity;sid:84659380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabssama12/spoon-awesome-skill/raw/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; depth:125; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796277/; classtype:trojan-activity;sid:84659377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gabssama12/spoon-awesome-skill/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; depth:121; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796276/; classtype:trojan-activity;sid:84659376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tianlanyb/gemini-in-chrome/raw/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796266/; classtype:trojan-activity;sid:84659366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tianlanyb/gemini-in-chrome/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; depth:87; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796267/; classtype:trojan-activity;sid:84659367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhonatanait14/dictate.sh/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796264/; classtype:trojan-activity;sid:84659364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jhonatanait14/dictate.sh/raw/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796265/; classtype:trojan-activity;sid:84659365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samuelhaxk/41369/refs/heads/main/256/233.txt"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796092/; classtype:trojan-activity;sid:84659192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samuelhaxk/41369/raw/refs/heads/main/256/233.txt"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796087/; classtype:trojan-activity;sid:84659187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmips"; depth:11; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795849/; classtype:trojan-activity;sid:84658949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pm68k"; depth:11; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795847/; classtype:trojan-activity;sid:84658947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pmpsl"; depth:11; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795848/; classtype:trojan-activity;sid:84658948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pppc"; depth:10; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795843/; classtype:trojan-activity;sid:84658943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm5"; depth:11; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795837/; classtype:trojan-activity;sid:84658937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm6"; depth:11; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795838/; classtype:trojan-activity;sid:84658938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm"; depth:10; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795833/; classtype:trojan-activity;sid:84658933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/px86"; depth:10; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795834/; classtype:trojan-activity;sid:84658934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/pspc"; depth:10; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795826/; classtype:trojan-activity;sid:84658926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/psh4"; depth:10; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795823/; classtype:trojan-activity;sid:84658923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/parm7"; depth:11; endswith; nocase; http.host; content:"94.156.152.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795824/; classtype:trojan-activity;sid:84658924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pardufrigi_installer_1.0.p1.exe"; depth:32; endswith; nocase; http.host; content:"pardu.pages.dev"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795199/; classtype:trojan-activity;sid:84658299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1827897262/mh/inject3.ps1"; depth:26; endswith; nocase; http.host; content:"1827897262.v.123pan.cn"; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794604/; classtype:trojan-activity;sid:84657704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rustdesk-1.2.3-2-x86_64.exe"; depth:28; endswith; nocase; http.host; content:"www.150.co.il"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794598/; classtype:trojan-activity;sid:84657698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdf/pdf/screenconnect.clientsetup.msi"; depth:38; endswith; nocase; http.host; content:"preciosasjoyitas.com.mx"; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793659/; classtype:trojan-activity;sid:84656759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loader1.bin"; depth:12; endswith; nocase; http.host; content:"47.80.11.103"; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3793079/; classtype:trojan-activity;sid:84656179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/p"; depth:2; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792979/; classtype:trojan-activity;sid:84656079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox"; depth:8; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792980/; classtype:trojan-activity;sid:84656080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/for"; depth:4; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792977/; classtype:trojan-activity;sid:84656077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing"; depth:8; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792566/; classtype:trojan-activity;sid:84655666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kinsing_aarch64"; depth:16; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792567/; classtype:trojan-activity;sid:84655667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrget.exe"; depth:11; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792474/; classtype:trojan-activity;sid:84655574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umari4u2get-cmd/encoder/raw/refs/heads/main/include/encoder1.txt"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791876/; classtype:trojan-activity;sid:84654976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/umari4u2get-cmd/encoder/refs/heads/main/include/encoder1.txt"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791877/; classtype:trojan-activity;sid:84654977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/twizt.exe"; depth:10; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791680/; classtype:trojan-activity;sid:84654780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jquery.min-4.0.2.js"; depth:20; endswith; nocase; http.host; content:"union.macoms.la"; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791280/; classtype:trojan-activity;sid:84654380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuts/poop"; depth:10; endswith; nocase; http.host; content:"107.175.89.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790743/; classtype:trojan-activity;sid:84653843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuts/bolts"; depth:11; endswith; nocase; http.host; content:"107.175.89.136"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790733/; classtype:trojan-activity;sid:84653833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eugenia/eddy/gaylene/marji/sile/christean/carmon|3f|crista=kristine_rp"; depth:71; endswith; nocase; http.host; content:"un1rw11q4u.com"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790150/; classtype:trojan-activity;sid:84653250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hinda/arabelle/mirabella/dinah/staci|3f|theresa=benni_rp"; depth:57; endswith; nocase; http.host; content:"blankeyeo.com"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790144/; classtype:trojan-activity;sid:84653244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/3"; depth:2; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3790120/; classtype:trojan-activity;sid:84653220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/encrypt.ps1"; depth:16; endswith; nocase; http.host; content:"shahamanatme.com"; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789876/; classtype:trojan-activity;sid:84652976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ti/dajoke2.exe"; depth:15; endswith; nocase; http.host; content:"imagefiles-backup.oss-ap-southeast-7.aliyuncs.com"; depth:49; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789461/; classtype:trojan-activity;sid:84652561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/txmclygo.exe"; depth:19; endswith; nocase; http.host; content:"kokorostore.it"; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789027/; classtype:trojan-activity;sid:84652127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/components/com_media/m1vebzk/jt1wulk/wxhmvac/new/optimized_msi.png"; depth:67; endswith; nocase; http.host; content:"chungminhtaichinhsaigon.net"; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788389/; classtype:trojan-activity;sid:84651489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"coralasargetia.ro"; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788379/; classtype:trojan-activity;sid:84651479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"separadordecc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788376/; classtype:trojan-activity;sid:84651476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pg.sh"; depth:6; endswith; nocase; http.host; content:"78.153.140.16"; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788070/; classtype:trojan-activity;sid:84651170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|filename=xxwconvertedfile.txt"; depth:34; endswith; nocase; http.host; content:"bafybeidp7zdy2lu6yxvbgoev4b6xokuaa6jljr34vkflxzel2ya2gc3plm.ipfs.dweb.link"; depth:74; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787416/; classtype:trojan-activity;sid:84650516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"37.142.77.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787077/; classtype:trojan-activity;sid:84650177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.86.246.233"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787067/; classtype:trojan-activity;sid:84650167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maybedesxie7/cracked-webpage-annotator-extension/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; depth:130; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786721/; classtype:trojan-activity;sid:84649821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/maybedesxie7/cracked-webpage-annotator-extension/raw/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; depth:134; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786720/; classtype:trojan-activity;sid:84649820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sameeronwheels/cracked-save-to-milanote-extension/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; depth:118; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786712/; classtype:trojan-activity;sid:84649812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sameeronwheels/cracked-save-to-milanote-extension/raw/refs/heads/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; depth:133; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786713/; classtype:trojan-activity;sid:84649813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"115.190.250.28"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786364/; classtype:trojan-activity;sid:84649464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"37.142.77.163"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786353/; classtype:trojan-activity;sid:84649453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c/186def/%e7%bd%91%e6%98%93%e4%ba%91%e9%9f%b3%e4%b9%90.exe"; depth:59; endswith; nocase; http.host; content:"dubapkg.cmcmcdn.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786320/; classtype:trojan-activity;sid:84649420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"203.57.109.214"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786317/; classtype:trojan-activity;sid:84649417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soloobr/z-loops/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785810/; classtype:trojan-activity;sid:84648910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soloobr/z-loops/raw/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785811/; classtype:trojan-activity;sid:84648911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soloobr/z-loops/raw/refs/heads/master/breathseller/z-loops.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785788/; classtype:trojan-activity;sid:84648888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.3.45.42"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785492/; classtype:trojan-activity;sid:84648592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"47.152.112.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785486/; classtype:trojan-activity;sid:84648586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.166.91.145"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785484/; classtype:trojan-activity;sid:84648584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackwall0220/roblox-discord-status-bot/raw/refs/heads/master/pelodytes/status-roblox-discord-bot-v2.8.zip"; depth:107; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785421/; classtype:trojan-activity;sid:84648521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/satish-ss/roblox-matcha/raw/refs/heads/master/bacula/matcha-roblox-v3.9-beta.1.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785380/; classtype:trojan-activity;sid:84648480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16784059/p.zip"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784859/; classtype:trojan-activity;sid:84647959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16784059/p.zip"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784860/; classtype:trojan-activity;sid:84647960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/6/6/20180724185728_petk_uc_1.4.0.apk"; depth:39; endswith; nocase; http.host; content:"downali.game.uc.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783631/; classtype:trojan-activity;sid:84646731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e5%88%92%e5%ad%a6%e5%8f%b7v2--%e6%9e%81%e9%80%9f%e7%89%88.exe"; depth:63; endswith; nocase; http.host; content:"xn--h6qpop2cq9nl9c.pages.dev"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783627/; classtype:trojan-activity;sid:84646727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/approved%20document%23d53lu.msi"; depth:32; endswith; nocase; http.host; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783624/; classtype:trojan-activity;sid:84646724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/approved%20document%23402.vbs"; depth:30; endswith; nocase; http.host; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783597/; classtype:trojan-activity;sid:84646697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qbix01.exe"; depth:11; endswith; nocase; http.host; content:"sutterpoint.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783601/; classtype:trojan-activity;sid:84646701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"185.60.107.150"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783423/; classtype:trojan-activity;sid:84646523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"87.138.104.129"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783426/; classtype:trojan-activity;sid:84646526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"82.139.95.202"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783405/; classtype:trojan-activity;sid:84646505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"185.237.41.72"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783402/; classtype:trojan-activity;sid:84646502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"202.129.16.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783397/; classtype:trojan-activity;sid:84646497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"218.103.122.102"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783395/; classtype:trojan-activity;sid:84646495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"77.174.79.191"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783379/; classtype:trojan-activity;sid:84646479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"62.45.171.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783380/; classtype:trojan-activity;sid:84646480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"193.165.245.46"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783384/; classtype:trojan-activity;sid:84646484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"92.43.24.71"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783372/; classtype:trojan-activity;sid:84646472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"121.101.79.178"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783369/; classtype:trojan-activity;sid:84646469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"202.175.181.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783366/; classtype:trojan-activity;sid:84646466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"109.167.133.17"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783363/; classtype:trojan-activity;sid:84646463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"84.86.236.173"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783352/; classtype:trojan-activity;sid:84646452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"78.44.199.50"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783343/; classtype:trojan-activity;sid:84646443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"202.160.19.159"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783350/; classtype:trojan-activity;sid:84646450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"88.180.236.68"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783332/; classtype:trojan-activity;sid:84646432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"49.176.254.54"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783331/; classtype:trojan-activity;sid:84646431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"75.214.255.79"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783326/; classtype:trojan-activity;sid:84646426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"108.41.80.142"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783304/; classtype:trojan-activity;sid:84646404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"2.238.146.33"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783306/; classtype:trojan-activity;sid:84646406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"185.71.233.23"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783298/; classtype:trojan-activity;sid:84646398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"42.200.182.63"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783274/; classtype:trojan-activity;sid:84646374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"182.93.58.234"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783275/; classtype:trojan-activity;sid:84646375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"190.115.114.38"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783270/; classtype:trojan-activity;sid:84646370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"174.71.238.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783244/; classtype:trojan-activity;sid:84646344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"96.49.197.7"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783230/; classtype:trojan-activity;sid:84646330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"220.246.34.66"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783231/; classtype:trojan-activity;sid:84646331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"218.188.43.38"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783202/; classtype:trojan-activity;sid:84646302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"121.6.96.248"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783206/; classtype:trojan-activity;sid:84646306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"222.154.246.166"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783211/; classtype:trojan-activity;sid:84646311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"94.168.120.202"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783196/; classtype:trojan-activity;sid:84646296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"182.54.141.236"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783201/; classtype:trojan-activity;sid:84646301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"82.127.110.15"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783193/; classtype:trojan-activity;sid:84646293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"99.53.69.161"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783184/; classtype:trojan-activity;sid:84646284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"118.200.67.119"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783189/; classtype:trojan-activity;sid:84646289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"144.6.89.62"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781942/; classtype:trojan-activity;sid:84645042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h64.exe"; depth:8; endswith; nocase; http.host; content:"aaronart.com"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781617/; classtype:trojan-activity;sid:84644717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m64.exe"; depth:8; endswith; nocase; http.host; content:"creativevoltage.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781614/; classtype:trojan-activity;sid:84644714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.104.195.210"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781329/; classtype:trojan-activity;sid:84644429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"144.6.89.62"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781328/; classtype:trojan-activity;sid:84644428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.206.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781323/; classtype:trojan-activity;sid:84644423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"98.195.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780767/; classtype:trojan-activity;sid:84643867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.118.103.42"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780550/; classtype:trojan-activity;sid:84643650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view_archive.php|3f|archive=/35/items/201004011329/201004011329.iso|7c|26|7c|file=activation%20%26%20serial%20for%20windows%20xp%2frockxp4.exe"; depth:143; endswith; nocase; http.host; content:"ia802801.us.archive.org"; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780504/; classtype:trojan-activity;sid:84643604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.227.134"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780332/; classtype:trojan-activity;sid:84643432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.118.103.42"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780331/; classtype:trojan-activity;sid:84643431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.249.54.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780321/; classtype:trojan-activity;sid:84643421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.120.203.230"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780324/; classtype:trojan-activity;sid:84643424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.54.221.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780319/; classtype:trojan-activity;sid:84643419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ghost.bot.apk.v13.apk"; depth:22; endswith; nocase; http.host; content:"shadowbot-dih.pages.dev"; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780170/; classtype:trojan-activity;sid:84643270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shadow-bot-v11.apk"; depth:19; endswith; nocase; http.host; content:"shadowbot-dih.pages.dev"; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780164/; classtype:trojan-activity;sid:84643264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.83"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779939/; classtype:trojan-activity;sid:84643039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.90.206.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779935/; classtype:trojan-activity;sid:84643035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.93.200.20"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779937/; classtype:trojan-activity;sid:84643037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.246.82"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779755/; classtype:trojan-activity;sid:84642855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"101.200.193.211"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778871/; classtype:trojan-activity;sid:84641971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/15%ec%8b%ac%ed%94%8c%ec%8a%a4%ec%ba%94.exe"; depth:43; endswith; nocase; http.host; content:"m.jkoa.co.kr"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778746/; classtype:trojan-activity;sid:84641846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.255.245.170"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778483/; classtype:trojan-activity;sid:84641583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"210.245.90.206"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777925/; classtype:trojan-activity;sid:84641025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"118.139.167.36"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777918/; classtype:trojan-activity;sid:84641018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"172.96.189.153"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777919/; classtype:trojan-activity;sid:84641019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins/cloudflare/challenge/ishuman/id53728/"; depth:46; endswith; nocase; http.host; content:"widexenmexico.com.mx"; depth:20; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777916/; classtype:trojan-activity;sid:84641016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/old_backup/"; depth:12; endswith; nocase; http.host; content:"216.119.126.23"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777906/; classtype:trojan-activity;sid:84641006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"136.228.163.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777237/; classtype:trojan-activity;sid:84640337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"146.196.120.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777225/; classtype:trojan-activity;sid:84640325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.112.101.200"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777227/; classtype:trojan-activity;sid:84640327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.173.12.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777214/; classtype:trojan-activity;sid:84640314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.8.20.75"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777182/; classtype:trojan-activity;sid:84640282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fscan32.exe"; depth:12; endswith; nocase; http.host; content:"124.44.3.74"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777084/; classtype:trojan-activity;sid:84640184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beacon.exe"; depth:11; endswith; nocase; http.host; content:"124.44.3.74"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777069/; classtype:trojan-activity;sid:84640169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scr/omgo/approval3546.msi"; depth:26; endswith; nocase; http.host; content:"luizmatoso.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777049/; classtype:trojan-activity;sid:84640149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ref62535.msi"; depth:13; endswith; nocase; http.host; content:"vizyonuniversitesi.web.tr"; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777048/; classtype:trojan-activity;sid:84640148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftgyxe"; depth:7; endswith; nocase; http.host; content:"fukt.link"; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776660/; classtype:trojan-activity;sid:84639760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qarsws"; depth:7; endswith; nocase; http.host; content:"fukt.link"; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776659/; classtype:trojan-activity;sid:84639759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joh/encrypted.ps1"; depth:18; endswith; nocase; http.host; content:"refaccionesalma.com.mx"; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776653/; classtype:trojan-activity;sid:84639753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776347/; classtype:trojan-activity;sid:84639447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776288/; classtype:trojan-activity;sid:84639388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; depth:30; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776281/; classtype:trojan-activity;sid:84639381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776282/; classtype:trojan-activity;sid:84639382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; depth:30; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776283/; classtype:trojan-activity;sid:84639383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776287/; classtype:trojan-activity;sid:84639387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776275/; classtype:trojan-activity;sid:84639375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; depth:33; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776276/; classtype:trojan-activity;sid:84639376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776277/; classtype:trojan-activity;sid:84639377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; depth:33; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776278/; classtype:trojan-activity;sid:84639378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776274/; classtype:trojan-activity;sid:84639374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; depth:29; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776263/; classtype:trojan-activity;sid:84639363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"www.chanmiraicd1.duckdns.org"; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776264/; classtype:trojan-activity;sid:84639364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; depth:30; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776261/; classtype:trojan-activity;sid:84639361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; depth:33; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776258/; classtype:trojan-activity;sid:84639358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; depth:32; endswith; nocase; http.host; content:"chanmiraicd1.duckdns.org"; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776253/; classtype:trojan-activity;sid:84639353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watching"; depth:9; endswith; nocase; http.host; content:"46.8.78.15"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774774/; classtype:trojan-activity;sid:84637874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gs-netcat_linux-x86_64"; depth:23; endswith; nocase; http.host; content:"46.8.78.15"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774775/; classtype:trojan-activity;sid:84637875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ss"; depth:3; endswith; nocase; http.host; content:"46.8.78.15"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774739/; classtype:trojan-activity;sid:84637839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/busybox-armv7l"; depth:15; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774709/; classtype:trojan-activity;sid:84637809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.181.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774678/; classtype:trojan-activity;sid:84637778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"123.58.64.57"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774676/; classtype:trojan-activity;sid:84637776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"179.43.186.214"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774663/; classtype:trojan-activity;sid:84637763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.219.76.168"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774640/; classtype:trojan-activity;sid:84637740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.105.36.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774642/; classtype:trojan-activity;sid:84637742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"52.248.41.253"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774628/; classtype:trojan-activity;sid:84637728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"192.3.233.166"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774635/; classtype:trojan-activity;sid:84637735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mig"; depth:4; endswith; nocase; http.host; content:"46.8.78.15"; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774447/; classtype:trojan-activity;sid:84637547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.30.92.188"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774265/; classtype:trojan-activity;sid:84637365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/armv4l"; depth:18; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774076/; classtype:trojan-activity;sid:84637176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/mips"; depth:16; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774074/; classtype:trojan-activity;sid:84637174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/aarch64"; depth:19; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774075/; classtype:trojan-activity;sid:84637175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/mpsl"; depth:16; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774073/; classtype:trojan-activity;sid:84637173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/armv6l"; depth:18; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774071/; classtype:trojan-activity;sid:84637171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/x86"; depth:15; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774072/; classtype:trojan-activity;sid:84637172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/armv7l"; depth:18; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774070/; classtype:trojan-activity;sid:84637170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n2onsolana/armv5l"; depth:18; endswith; nocase; http.host; content:"156.246.93.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774069/; classtype:trojan-activity;sid:84637169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gif.gif"; depth:8; endswith; nocase; http.host; content:"pjsn.hi2.ro"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773540/; classtype:trojan-activity;sid:84636640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.229.20.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773435/; classtype:trojan-activity;sid:84636535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.88.234.44"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773437/; classtype:trojan-activity;sid:84636537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.50.222.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773429/; classtype:trojan-activity;sid:84636529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.55.251.93"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773292/; classtype:trojan-activity;sid:84636392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.112.101.200"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773270/; classtype:trojan-activity;sid:84636370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"45.173.12.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773268/; classtype:trojan-activity;sid:84636368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.166.218.154"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773263/; classtype:trojan-activity;sid:84636363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"138.219.58.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773257/; classtype:trojan-activity;sid:84636357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"83.218.189.41"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773251/; classtype:trojan-activity;sid:84636351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"62.99.58.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773225/; classtype:trojan-activity;sid:84636325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"146.196.120.21"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772766/; classtype:trojan-activity;sid:84635866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"50.43.160.231"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772764/; classtype:trojan-activity;sid:84635864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"112.124.33.87"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772607/; classtype:trojan-activity;sid:84635707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.216.46.94"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772575/; classtype:trojan-activity;sid:84635675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"196.39.143.113"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772572/; classtype:trojan-activity;sid:84635672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"213.5.194.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772548/; classtype:trojan-activity;sid:84635648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"136.228.163.150"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772546/; classtype:trojan-activity;sid:84635646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.46.170.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772543/; classtype:trojan-activity;sid:84635643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.6.203"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772534/; classtype:trojan-activity;sid:84635634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.220.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772536/; classtype:trojan-activity;sid:84635636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"184.185.30.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772528/; classtype:trojan-activity;sid:84635628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microsoftteamupdate.msi"; depth:24; endswith; nocase; http.host; content:"vrajras.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772510/; classtype:trojan-activity;sid:84635610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"114.215.193.12"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772458/; classtype:trojan-activity;sid:84635558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"128.127.102.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772359/; classtype:trojan-activity;sid:84635459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.40.178.238"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771747/; classtype:trojan-activity;sid:84634847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"95.62.202.150"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771741/; classtype:trojan-activity;sid:84634841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"70.45.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771659/; classtype:trojan-activity;sid:84634759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"70.45.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771648/; classtype:trojan-activity;sid:84634748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"203.121.236.145"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771493/; classtype:trojan-activity;sid:84634593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"47.201.14.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771458/; classtype:trojan-activity;sid:84634558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"203.212.222.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771442/; classtype:trojan-activity;sid:84634542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"47.201.14.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771420/; classtype:trojan-activity;sid:84634520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"203.212.222.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771416/; classtype:trojan-activity;sid:84634516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"98.195.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771410/; classtype:trojan-activity;sid:84634510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"98.195.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771405/; classtype:trojan-activity;sid:84634505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"47.201.14.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771394/; classtype:trojan-activity;sid:84634494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"98.195.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771393/; classtype:trojan-activity;sid:84634493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"47.201.14.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771357/; classtype:trojan-activity;sid:84634457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"203.212.222.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771346/; classtype:trojan-activity;sid:84634446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"203.121.236.145"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771336/; classtype:trojan-activity;sid:84634436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"47.201.14.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771319/; classtype:trojan-activity;sid:84634419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"98.195.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771292/; classtype:trojan-activity;sid:84634392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"203.212.222.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771258/; classtype:trojan-activity;sid:84634358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"47.201.14.128"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771234/; classtype:trojan-activity;sid:84634334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"203.212.222.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771237/; classtype:trojan-activity;sid:84634337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"203.212.222.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771218/; classtype:trojan-activity;sid:84634318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"203.212.222.22"; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771220/; classtype:trojan-activity;sid:84634320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"98.195.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771206/; classtype:trojan-activity;sid:84634306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"98.195.187.75"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771190/; classtype:trojan-activity;sid:84634290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/31%2012%202025/info.zip"; depth:37; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771061/; classtype:trojan-activity;sid:84634161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/08%2008%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771062/; classtype:trojan-activity;sid:84634162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/24%2010%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771063/; classtype:trojan-activity;sid:84634163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/11%2011%202025/info.zip"; depth:37; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771060/; classtype:trojan-activity;sid:84634160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/10%2012%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771059/; classtype:trojan-activity;sid:84634159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/07%2010%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771056/; classtype:trojan-activity;sid:84634156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/27%2007%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771057/; classtype:trojan-activity;sid:84634157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/30%2009%202025/info.zip"; depth:37; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771058/; classtype:trojan-activity;sid:84634158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/10%2001%202026/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771054/; classtype:trojan-activity;sid:84634154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/20%2012%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771055/; classtype:trojan-activity;sid:84634155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/20%2009%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771050/; classtype:trojan-activity;sid:84634150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/24%2012%202025/info.zip"; depth:37; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771051/; classtype:trojan-activity;sid:84634151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/15%2010%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771052/; classtype:trojan-activity;sid:84634152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/16%2001%202026/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771053/; classtype:trojan-activity;sid:84634153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/20%2007%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771048/; classtype:trojan-activity;sid:84634148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/12%2012%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771045/; classtype:trojan-activity;sid:84634145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ser%20costa%20luz/02%2012%202025/info.zip"; depth:42; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771039/; classtype:trojan-activity;sid:84634139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bitrix/cache/js/s1/universe_s1/kernel_main/kernel_main_v1.js"; depth:61; endswith; nocase; http.host; content:"alternativas.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771036/; classtype:trojan-activity;sid:84634136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3770100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/64.exe"; depth:7; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3770100/; classtype:trojan-activity;sid:84633200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"62.99.58.93"; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767197/; classtype:trojan-activity;sid:84630297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bhekinko/test/main/notepad2.dll"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767101/; classtype:trojan-activity;sid:84630201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty3"; depth:5; endswith; nocase; http.host; content:"69.46.43.35"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766628/; classtype:trojan-activity;sid:84629728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty1"; depth:5; endswith; nocase; http.host; content:"69.46.43.35"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766629/; classtype:trojan-activity;sid:84629729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty4"; depth:5; endswith; nocase; http.host; content:"69.46.43.35"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766630/; classtype:trojan-activity;sid:84629730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty5"; depth:5; endswith; nocase; http.host; content:"69.46.43.35"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766631/; classtype:trojan-activity;sid:84629731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pty10"; depth:6; endswith; nocase; http.host; content:"69.46.43.35"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766632/; classtype:trojan-activity;sid:84629732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.5.194.56"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766587/; classtype:trojan-activity;sid:84629687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.216.46.91"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766565/; classtype:trojan-activity;sid:84629665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/get/cl.msi"; depth:11; endswith; nocase; http.host; content:"corporacioncrf.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766226/; classtype:trojan-activity;sid:84629326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/filejantn.txt"; depth:14; endswith; nocase; http.host; content:"bafybeiffpkay6l7heq55epccneb563p5chjzclxnso3vkozyorphlz6ana.ipfs.w3s.link"; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766219/; classtype:trojan-activity;sid:84629319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/optimized_msi.png"; depth:18; endswith; nocase; http.host; content:"separadordecc.com"; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766053/; classtype:trojan-activity;sid:84629153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1/z1/optimized_msi.png"; depth:24; endswith; nocase; http.host; content:"dialkwik.in"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766045/; classtype:trojan-activity;sid:84629145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.96.228.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765537/; classtype:trojan-activity;sid:84628637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"27.96.228.235"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765534/; classtype:trojan-activity;sid:84628634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/order2390.msi"; depth:25; endswith; nocase; http.host; content:"audicontadores.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764383/; classtype:trojan-activity;sid:84627483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.96.96.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_25; reference:url, urlhaus.abuse.ch/url/3763665/; classtype:trojan-activity;sid:84626765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"116.72.2.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_25; reference:url, urlhaus.abuse.ch/url/3763381/; classtype:trojan-activity;sid:84626481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins-dist/safehtml/lang/font/cr.sh"; depth:38; endswith; nocase; http.host; content:"34.70.205.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763338/; classtype:trojan-activity;sid:84626438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins-dist/safehtml/lang/font/javae"; depth:38; endswith; nocase; http.host; content:"34.70.205.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763336/; classtype:trojan-activity;sid:84626436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins-dist/safehtml/lang/font/pnscan-1.14.1.tar.gz"; depth:53; endswith; nocase; http.host; content:"34.70.205.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763333/; classtype:trojan-activity;sid:84626433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/plugins-dist/safehtml/lang/font/1.0.5.tar.gz"; depth:45; endswith; nocase; http.host; content:"34.70.205.211"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763334/; classtype:trojan-activity;sid:84626434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.205.117"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763137/; classtype:trojan-activity;sid:84626237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.120.32.72"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762681/; classtype:trojan-activity;sid:84625781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.23.89.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762674/; classtype:trojan-activity;sid:84625774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.155.243.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762403/; classtype:trojan-activity;sid:84625503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"95.155.243.196"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762391/; classtype:trojan-activity;sid:84625491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip"; depth:96; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762176/; classtype:trojan-activity;sid:84625276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.23.89.5"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762083/; classtype:trojan-activity;sid:84625183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"106.54.220.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762054/; classtype:trojan-activity;sid:84625154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"106.54.220.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762049/; classtype:trojan-activity;sid:84625149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"106.54.220.107"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762050/; classtype:trojan-activity;sid:84625150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caio-arc/links/raw/refs/heads/main/application.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761843/; classtype:trojan-activity;sid:84624943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keyur-m/hometask/raw/refs/heads/main/application.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761841/; classtype:trojan-activity;sid:84624941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip"; depth:102; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761822/; classtype:trojan-activity;sid:84624922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761813/; classtype:trojan-activity;sid:84624913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip"; depth:114; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761807/; classtype:trojan-activity;sid:84624907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crandd1/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761795/; classtype:trojan-activity;sid:84624895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lounger678/lapce/releases/download/1.0.0/lapce-windows.msi"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760838/; classtype:trojan-activity;sid:84623938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom.xml"; depth:9; endswith; nocase; http.host; content:"www.backupallfresh2030.com"; depth:26; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760734/; classtype:trojan-activity;sid:84623834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.178.246"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759759/; classtype:trojan-activity;sid:84622859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.139.50.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759757/; classtype:trojan-activity;sid:84622857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/receiveharsh/changebusiness"; depth:28; endswith; nocase; http.host; content:"co-emas.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759320/; classtype:trojan-activity;sid:84622420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x/s"; depth:4; endswith; nocase; http.host; content:"co-emas.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759319/; classtype:trojan-activity;sid:84622419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/laizi_wzzdh.apk"; depth:21; endswith; nocase; http.host; content:"n.vs108.com"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758943/; classtype:trojan-activity;sid:84622043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbs/upload/1000/2017/03/16/202395_1101210.apk"; depth:46; endswith; nocase; http.host; content:"jlwz.cn"; depth:7; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758942/; classtype:trojan-activity;sid:84622042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/j1/encrypted.ps1"; depth:17; endswith; nocase; http.host; content:"dialkwik.in"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_15; reference:url, urlhaus.abuse.ch/url/3758380/; classtype:trojan-activity;sid:84621480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.95.137.155"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757989/; classtype:trojan-activity;sid:84621089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmp/imgs.exe"; depth:13; endswith; nocase; http.host; content:"wittenhorst.eu"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757953/; classtype:trojan-activity;sid:84621053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syrins/chatgpt-app/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/inat%20tv.apk"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757907/; classtype:trojan-activity;sid:84621007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/info.zip"; depth:14; endswith; nocase; http.host; content:"182.163.114.232"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757800/; classtype:trojan-activity;sid:84620900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/05%2008%202025/info.zip"; depth:37; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757797/; classtype:trojan-activity;sid:84620897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/05%2009%202025/info.zip"; depth:37; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757792/; classtype:trojan-activity;sid:84620892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"62.197.62.195"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757377/; classtype:trojan-activity;sid:84620477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netsyst81.dll"; depth:14; endswith; nocase; http.host; content:"steam66.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757074/; classtype:trojan-activity;sid:84620174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"70.45.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756255/; classtype:trojan-activity;sid:84619355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"70.45.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756023/; classtype:trojan-activity;sid:84619123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"70.45.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756018/; classtype:trojan-activity;sid:84619118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/t36"; depth:4; endswith; nocase; http.host; content:"42.192.39.152"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755992/; classtype:trojan-activity;sid:84619092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"115.190.237.175"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755558/; classtype:trojan-activity;sid:84618658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"70.45.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755119/; classtype:trojan-activity;sid:84618219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"70.45.151.28"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755067/; classtype:trojan-activity;sid:84618167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"181.193.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754767/; classtype:trojan-activity;sid:84617867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"79.175.42.18"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754752/; classtype:trojan-activity;sid:84617852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"186.121.239.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754756/; classtype:trojan-activity;sid:84617856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"82.114.200.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754762/; classtype:trojan-activity;sid:84617862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/reynold/video.scr"; depth:23; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754742/; classtype:trojan-activity;sid:84617842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/reynold/photo.scr"; depth:23; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754743/; classtype:trojan-activity;sid:84617843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/%24recycle.bin/photo.scr"; depth:30; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754744/; classtype:trojan-activity;sid:84617844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/reynold/av.scr"; depth:20; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754745/; classtype:trojan-activity;sid:84617845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/%24recycle.bin/s-1-5-21-513737667-1919666884-561045330-1001/%24rs1r5lt.scr"; depth:80; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754741/; classtype:trojan-activity;sid:84617841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"110.93.196.173"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754740/; classtype:trojan-activity;sid:84617840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"128.127.102.134"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754708/; classtype:trojan-activity;sid:84617808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"172.85.143.74"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754701/; classtype:trojan-activity;sid:84617801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"195.158.88.156"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754690/; classtype:trojan-activity;sid:84617790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoldownload/"; depth:13; endswith; nocase; http.host; content:"down10d.zol.com.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754685/; classtype:trojan-activity;sid:84617785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"89.231.14.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754684/; classtype:trojan-activity;sid:84617784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"83.218.189.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754656/; classtype:trojan-activity;sid:84617756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"200.54.221.234"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754662/; classtype:trojan-activity;sid:84617762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"181.193.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754665/; classtype:trojan-activity;sid:84617765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"89.101.123.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754592/; classtype:trojan-activity;sid:84617692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754573/; classtype:trojan-activity;sid:84617673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpnxp.exe"; depth:27; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754555/; classtype:trojan-activity;sid:84617655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"178.77.228.166"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754547/; classtype:trojan-activity;sid:84617647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"216.155.92.203"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754541/; classtype:trojan-activity;sid:84617641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpn7.exe"; depth:26; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754542/; classtype:trojan-activity;sid:84617642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpnx2.exe"; depth:27; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754543/; classtype:trojan-activity;sid:84617643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"212.107.232.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754534/; classtype:trojan-activity;sid:84617634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"217.75.193.34"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754530/; classtype:trojan-activity;sid:84617630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"190.128.195.138"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754520/; classtype:trojan-activity;sid:84617620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"190.12.99.194"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754521/; classtype:trojan-activity;sid:84617621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"87.119.108.21"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754517/; classtype:trojan-activity;sid:84617617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"37.252.69.10"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754511/; classtype:trojan-activity;sid:84617611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"81.16.249.96"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754443/; classtype:trojan-activity;sid:84617543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"178.220.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754444/; classtype:trojan-activity;sid:84617544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"94.244.113.217"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754438/; classtype:trojan-activity;sid:84617538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"181.129.182.138"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754425/; classtype:trojan-activity;sid:84617525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754384/; classtype:trojan-activity;sid:84617484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"116.72.2.83"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754375/; classtype:trojan-activity;sid:84617475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754377/; classtype:trojan-activity;sid:84617477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"83.166.197.212"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754378/; classtype:trojan-activity;sid:84617478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptography_module/base_library.zip"; depth:37; endswith; nocase; http.host; content:"122.170.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754379/; classtype:trojan-activity;sid:84617479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"115.240.70.185"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754373/; classtype:trojan-activity;sid:84617473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpnx2.zip"; depth:27; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754359/; classtype:trojan-activity;sid:84617459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754347/; classtype:trojan-activity;sid:84617447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/namuvpn32.exe"; depth:22; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754340/; classtype:trojan-activity;sid:84617440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pc/pdfconvert/"; depth:15; endswith; nocase; http.host; content:"download.pdf00.com"; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754331/; classtype:trojan-activity;sid:84617431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/namu864.exe"; depth:20; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754327/; classtype:trojan-activity;sid:84617427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpn32.zip"; depth:27; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754328/; classtype:trojan-activity;sid:84617428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"37.9.25.206"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754324/; classtype:trojan-activity;sid:84617424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpnx2/namuvpnx2.exe"; depth:37; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754325/; classtype:trojan-activity;sid:84617425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"46.151.56.42"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754299/; classtype:trojan-activity;sid:84617399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/namuxp.zip"; depth:19; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754282/; classtype:trojan-activity;sid:84617382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/namuvpn7.exe"; depth:21; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754274/; classtype:trojan-activity;sid:84617374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debugview%2b%2b.exe"; depth:20; endswith; nocase; http.host; content:"119.91.58.97"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754265/; classtype:trojan-activity;sid:84617365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpn7.zip"; depth:26; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754262/; classtype:trojan-activity;sid:84617362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"43.249.54.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754244/; classtype:trojan-activity;sid:84617344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpn7/namuvpn7.exe"; depth:35; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754238/; classtype:trojan-activity;sid:84617338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/back/namuvpn32.exe"; depth:27; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754218/; classtype:trojan-activity;sid:84617318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptodata/archive_to_send_decr.zip"; depth:36; endswith; nocase; http.host; content:"122.170.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754194/; classtype:trojan-activity;sid:84617294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debugview%2b%2b.exe"; depth:20; endswith; nocase; http.host; content:"114.132.86.182"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754176/; classtype:trojan-activity;sid:84617276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"115.127.68.162"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754170/; classtype:trojan-activity;sid:84617270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"120.50.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754174/; classtype:trojan-activity;sid:84617274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"141.149.36.27"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754165/; classtype:trojan-activity;sid:84617265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3753765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/big/img001.exe"; depth:15; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3753765/; classtype:trojan-activity;sid:84616865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"meetvideogoogle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752359/; classtype:trojan-activity;sid:84615459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"videomeetgoogle.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752363/; classtype:trojan-activity;sid:84615463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"194.67.127.229"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752358/; classtype:trojan-activity;sid:84615458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.255.210.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752305/; classtype:trojan-activity;sid:84615405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3751589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.229.60.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_06; reference:url, urlhaus.abuse.ch/url/3751589/; classtype:trojan-activity;sid:84614689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/security/wizvera/delfino-g3/delfino-g3.exe"; depth:43; endswith; nocase; http.host; content:"download.kbcard.com"; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750631/; classtype:trojan-activity;sid:84613731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"45.144.233.192"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_04; reference:url, urlhaus.abuse.ch/url/3750258/; classtype:trojan-activity;sid:84613358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.42.177.12"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_04; reference:url, urlhaus.abuse.ch/url/3750145/; classtype:trojan-activity;sid:84613245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buding/dbghelp.dll"; depth:19; endswith; nocase; http.host; content:"59.56.110.227"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749775/; classtype:trojan-activity;sid:84612875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/buding/dbghelp.dll"; depth:19; endswith; nocase; http.host; content:"45.125.44.137"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749771/; classtype:trojan-activity;sid:84612871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.225.179.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749598/; classtype:trojan-activity;sid:84612698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.134.8.43"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749167/; classtype:trojan-activity;sid:84612267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.136.145.238"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749159/; classtype:trojan-activity;sid:84612259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.255.210.242"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3748887/; classtype:trojan-activity;sid:84611987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.229.60.159"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3748863/; classtype:trojan-activity;sid:84611963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.225.179.114"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748352/; classtype:trojan-activity;sid:84611452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"162.215.130.152"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748326/; classtype:trojan-activity;sid:84611426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"104.199.248.167"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748285/; classtype:trojan-activity;sid:84611385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"199.168.184.115"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748279/; classtype:trojan-activity;sid:84611379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"167.99.0.131"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748274/; classtype:trojan-activity;sid:84611374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"167.99.0.131"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748259/; classtype:trojan-activity;sid:84611359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"199.168.184.115"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748253/; classtype:trojan-activity;sid:84611353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"69.48.143.20"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748255/; classtype:trojan-activity;sid:84611355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"3.18.128.17"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748247/; classtype:trojan-activity;sid:84611347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"118.139.167.36"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748243/; classtype:trojan-activity;sid:84611343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"18.176.47.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748235/; classtype:trojan-activity;sid:84611335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"5.35.124.133"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748204/; classtype:trojan-activity;sid:84611304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"94.130.229.174"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748205/; classtype:trojan-activity;sid:84611305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"54.197.245.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748192/; classtype:trojan-activity;sid:84611292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"98.70.13.131"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748194/; classtype:trojan-activity;sid:84611294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"54.197.245.249"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748187/; classtype:trojan-activity;sid:84611287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"5.63.157.201"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748189/; classtype:trojan-activity;sid:84611289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"185.80.0.36"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748180/; classtype:trojan-activity;sid:84611280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"125.253.125.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748175/; classtype:trojan-activity;sid:84611275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"125.253.125.72"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748170/; classtype:trojan-activity;sid:84611270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"209.250.2.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748152/; classtype:trojan-activity;sid:84611252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"116.118.47.149"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748163/; classtype:trojan-activity;sid:84611263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"201.182.25.51"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748165/; classtype:trojan-activity;sid:84611265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"52.16.112.136"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748144/; classtype:trojan-activity;sid:84611244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"209.250.2.244"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748137/; classtype:trojan-activity;sid:84611237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"150.95.27.35"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748127/; classtype:trojan-activity;sid:84611227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"173.231.196.249"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748131/; classtype:trojan-activity;sid:84611231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"162.215.130.152"; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748133/; classtype:trojan-activity;sid:84611233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"18.176.47.246"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748104/; classtype:trojan-activity;sid:84611204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"3.141.75.29"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748106/; classtype:trojan-activity;sid:84611206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"44.208.147.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748110/; classtype:trojan-activity;sid:84611210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"95.154.194.17"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748112/; classtype:trojan-activity;sid:84611212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"192.155.93.247"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748115/; classtype:trojan-activity;sid:84611215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"35.75.68.158"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748118/; classtype:trojan-activity;sid:84611218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"35.226.92.8"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748119/; classtype:trojan-activity;sid:84611219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"164.160.41.10"; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748096/; classtype:trojan-activity;sid:84611196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"185.4.64.128"; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748066/; classtype:trojan-activity;sid:84611166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"74.50.99.45"; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748074/; classtype:trojan-activity;sid:84611174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"148.113.205.94"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748092/; classtype:trojan-activity;sid:84611192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/video.lnk"; depth:15; endswith; nocase; http.host; content:"58.182.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747725/; classtype:trojan-activity;sid:84610825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/photo.scr"; depth:15; endswith; nocase; http.host; content:"58.182.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747694/; classtype:trojan-activity;sid:84610794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/av.lnk"; depth:12; endswith; nocase; http.host; content:"58.182.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747690/; classtype:trojan-activity;sid:84610790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/video.scr"; depth:15; endswith; nocase; http.host; content:"58.182.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747685/; classtype:trojan-activity;sid:84610785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/av.scr"; depth:12; endswith; nocase; http.host; content:"58.182.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747686/; classtype:trojan-activity;sid:84610786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/photo.lnk"; depth:15; endswith; nocase; http.host; content:"58.182.146.104"; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747684/; classtype:trojan-activity;sid:84610784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; depth:42; endswith; nocase; http.host; content:"ob.youstarsbuilding.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746316/; classtype:trojan-activity;sid:84609416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; depth:42; endswith; nocase; http.host; content:"euob.youstarsbuilding.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746314/; classtype:trojan-activity;sid:84609414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"61.240.239.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745195/; classtype:trojan-activity;sid:84608295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"124.230.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745196/; classtype:trojan-activity;sid:84608296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"124.230.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745197/; classtype:trojan-activity;sid:84608297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210408/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745192/; classtype:trojan-activity;sid:84608292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210408/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745193/; classtype:trojan-activity;sid:84608293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"50.217.49.93"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743475/; classtype:trojan-activity;sid:84606575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c"; depth:2; endswith; nocase; http.host; content:"152.89.247.153"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743457/; classtype:trojan-activity;sid:84606557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; depth:42; endswith; nocase; http.host; content:"euob.youstarsbuilding.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743405/; classtype:trojan-activity;sid:84606505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/plugins/sess1594985553/sessiontools/uvsodsae.msi"; depth:55; endswith; nocase; http.host; content:"royalindiancurryclub.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743323/; classtype:trojan-activity;sid:84606423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"61.240.239.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743272/; classtype:trojan-activity;sid:84606372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"61.240.239.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743271/; classtype:trojan-activity;sid:84606371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"183.83.186.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742020/; classtype:trojan-activity;sid:84605120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"183.83.186.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742013/; classtype:trojan-activity;sid:84605113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"183.83.186.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742007/; classtype:trojan-activity;sid:84605107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"183.83.186.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742005/; classtype:trojan-activity;sid:84605105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"183.83.186.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741991/; classtype:trojan-activity;sid:84605091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"183.83.186.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741975/; classtype:trojan-activity;sid:84605075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"183.83.186.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741976/; classtype:trojan-activity;sid:84605076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250101/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741974/; classtype:trojan-activity;sid:84605074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250101/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741972/; classtype:trojan-activity;sid:84605072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250101/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741971/; classtype:trojan-activity;sid:84605071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"106.54.220.107"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741968/; classtype:trojan-activity;sid:84605068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250811/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741966/; classtype:trojan-activity;sid:84605066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250809/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741967/; classtype:trojan-activity;sid:84605067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210408/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741965/; classtype:trojan-activity;sid:84605065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210408/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741962/; classtype:trojan-activity;sid:84605062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250101/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741963/; classtype:trojan-activity;sid:84605063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"61.240.239.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741947/; classtype:trojan-activity;sid:84605047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"61.240.239.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741948/; classtype:trojan-activity;sid:84605048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"61.240.239.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741949/; classtype:trojan-activity;sid:84605049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"61.240.239.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741940/; classtype:trojan-activity;sid:84605040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"85.187.54.142"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741523/; classtype:trojan-activity;sid:84604623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"85.187.54.142"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741524/; classtype:trojan-activity;sid:84604624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/auhavkiq.msi"; depth:19; endswith; nocase; http.host; content:"royalindiancurryclub.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741336/; classtype:trojan-activity;sid:84604436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"152.230.111.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741193/; classtype:trojan-activity;sid:84604293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"152.230.111.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741153/; classtype:trojan-activity;sid:84604253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"124.230.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741109/; classtype:trojan-activity;sid:84604209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"124.230.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741086/; classtype:trojan-activity;sid:84604186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"152.230.111.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741068/; classtype:trojan-activity;sid:84604168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"124.230.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741049/; classtype:trojan-activity;sid:84604149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"182.163.114.232"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741029/; classtype:trojan-activity;sid:84604129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"152.230.111.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741026/; classtype:trojan-activity;sid:84604126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"124.230.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741024/; classtype:trojan-activity;sid:84604124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"124.230.216.19"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741009/; classtype:trojan-activity;sid:84604109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"152.230.111.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740979/; classtype:trojan-activity;sid:84604079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"152.230.111.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740945/; classtype:trojan-activity;sid:84604045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/4thepool_miner.sh"; depth:26; endswith; nocase; http.host; content:"31.57.109.131"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_21; reference:url, urlhaus.abuse.ch/url/3739558/; classtype:trojan-activity;sid:84602658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.55.81.169"; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738164/; classtype:trojan-activity;sid:84601264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom.xml"; depth:9; endswith; nocase; http.host; content:"hotelsep.blogspot.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736211/; classtype:trojan-activity;sid:84599311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nimper.pdf"; depth:11; endswith; nocase; http.host; content:"www.backupallfresh2030.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736212/; classtype:trojan-activity;sid:84599312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"2.187.6.236"; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3735974/; classtype:trojan-activity;sid:84599074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"183.30.204.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735070/; classtype:trojan-activity;sid:84598170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"183.30.204.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735054/; classtype:trojan-activity;sid:84598154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"183.30.204.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735048/; classtype:trojan-activity;sid:84598148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.204.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735049/; classtype:trojan-activity;sid:84598149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"183.30.204.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735042/; classtype:trojan-activity;sid:84598142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"183.30.204.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735040/; classtype:trojan-activity;sid:84598140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"183.30.204.215"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735041/; classtype:trojan-activity;sid:84598141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.109.198.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734705/; classtype:trojan-activity;sid:84597805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.196.230"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734700/; classtype:trojan-activity;sid:84597800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/usr/uploads/file/202002/20200210195059_78353.rar"; depth:49; endswith; nocase; http.host; content:"zhigao5191.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733913/; classtype:trojan-activity;sid:84597013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/editor%e6%b1%89%e5%8c%96%e7%89%88.rar"; depth:38; endswith; nocase; http.host; content:"zycdjz.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733907/; classtype:trojan-activity;sid:84597007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/liljaber/am/raw/refs/heads/main/shellhost.exe"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733819/; classtype:trojan-activity;sid:84596919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.95.77.138"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_14; reference:url, urlhaus.abuse.ch/url/3733494/; classtype:trojan-activity;sid:84596594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"129.0.120.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3733042/; classtype:trojan-activity;sid:84596142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"217.75.193.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732386/; classtype:trojan-activity;sid:84595486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"93.39.215.44"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732378/; classtype:trojan-activity;sid:84595478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eathena/tools/bymyzter/eabackup.rar"; depth:36; endswith; nocase; http.host; content:"paradox924x.pages.dev"; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732133/; classtype:trojan-activity;sid:84595233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eathena/tools/bybakausagi/spr_conview_v0.11.zip"; depth:48; endswith; nocase; http.host; content:"paradox924x.pages.dev"; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732129/; classtype:trojan-activity;sid:84595229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modelo/cr.exe"; depth:14; endswith; nocase; http.host; content:"joyeriatauro.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731630/; classtype:trojan-activity;sid:84594730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modelo/v1d.exe"; depth:15; endswith; nocase; http.host; content:"joyeriatauro.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731351/; classtype:trojan-activity;sid:84594451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/modelo/c1i.exe"; depth:15; endswith; nocase; http.host; content:"joyeriatauro.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731347/; classtype:trojan-activity;sid:84594447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nalleysh/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731286/; classtype:trojan-activity;sid:84594386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/el1nns/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731287/; classtype:trojan-activity;sid:84594387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d3xxth/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731283/; classtype:trojan-activity;sid:84594383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/creyty1h/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731275/; classtype:trojan-activity;sid:84594375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v1llenth/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731271/; classtype:trojan-activity;sid:84594371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rayn1e/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731257/; classtype:trojan-activity;sid:84594357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/colleshake/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731244/; classtype:trojan-activity;sid:84594344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arcellys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731243/; classtype:trojan-activity;sid:84594343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n1elcery/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731242/; classtype:trojan-activity;sid:84594342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recctan1o/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731239/; classtype:trojan-activity;sid:84594339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kesslyy27/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731238/; classtype:trojan-activity;sid:84594338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssten1/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731232/; classtype:trojan-activity;sid:84594332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"203.187.227.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730787/; classtype:trojan-activity;sid:84593887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"203.187.227.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730785/; classtype:trojan-activity;sid:84593885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"203.187.227.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730754/; classtype:trojan-activity;sid:84593854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"203.187.227.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730727/; classtype:trojan-activity;sid:84593827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"203.187.227.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730681/; classtype:trojan-activity;sid:84593781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"203.187.227.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730669/; classtype:trojan-activity;sid:84593769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"203.187.227.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730651/; classtype:trojan-activity;sid:84593751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.182.138"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_09; reference:url, urlhaus.abuse.ch/url/3729846/; classtype:trojan-activity;sid:84592946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/panel/uploads/optimized_msi.png"; depth:35; endswith; nocase; http.host; content:"bvaco.com"; depth:9; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729416/; classtype:trojan-activity;sid:84592516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/clean/clean.apk"; depth:23; endswith; nocase; http.host; content:"static.youdm.cn"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729248/; classtype:trojan-activity;sid:84592348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.89.95.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729188/; classtype:trojan-activity;sid:84592288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3727342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01.exe"; depth:7; endswith; nocase; http.host; content:"152.32.169.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3727342/; classtype:trojan-activity;sid:84590442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test"; depth:5; endswith; nocase; http.host; content:"141.11.240.103"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3726789/; classtype:trojan-activity;sid:84589889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/receipt_11_26_2025.msi"; depth:23; endswith; nocase; http.host; content:"alineeleuterio.com.br"; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_05; reference:url, urlhaus.abuse.ch/url/3726005/; classtype:trojan-activity;sid:84589105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rd.exe"; depth:7; endswith; nocase; http.host; content:"193.37.69.43"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725511/; classtype:trojan-activity;sid:84588611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"182.73.129.30"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725395/; classtype:trojan-activity;sid:84588495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/redmi%20ax3000/%e8%b7%af%e7%94%b1%e5%99%a8%e4%bf%ae%e5%a4%8d%e5%b7%a5%e5%85%b7/miwifirepairtool.x86.zip"; depth:109; endswith; nocase; http.host; content:"hzxcaq-github-io.pages.dev"; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725201/; classtype:trojan-activity;sid:84588301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.137.149.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725126/; classtype:trojan-activity;sid:84588226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gretech/promotion_sw/gomplayer/fastping_silent_v4.exe"; depth:54; endswith; nocase; http.host; content:"cdn.gomlab.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724888/; classtype:trojan-activity;sid:84587988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/linux/linux.tar.gz"; depth:23; endswith; nocase; http.host; content:"miner.pages.dev"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724884/; classtype:trojan-activity;sid:84587984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/win/miner.zip"; depth:18; endswith; nocase; http.host; content:"miner.pages.dev"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724883/; classtype:trojan-activity;sid:84587983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fecund.lpk"; depth:11; endswith; nocase; http.host; content:"www.mobimpex.ro"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724235/; classtype:trojan-activity;sid:84587335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hrcxpywfcshe8.bin"; depth:18; endswith; nocase; http.host; content:"www.mobimpex.ro"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724236/; classtype:trojan-activity;sid:84587336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/res/keditor/2019_11/3c7a829a_893c_4f02_a407_6b0918c321c2.rar"; depth:61; endswith; nocase; http.host; content:"en.taichuan.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724034/; classtype:trojan-activity;sid:84587134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krnl.lua.script.injector.v1.3.4.zip"; depth:36; endswith; nocase; http.host; content:"injectroblox.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724008/; classtype:trojan-activity;sid:84587108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3723880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microsoftbs.exe"; depth:16; endswith; nocase; http.host; content:"120.48.115.29"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3723880/; classtype:trojan-activity;sid:84586980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fent.mips"; depth:10; endswith; nocase; http.host; content:"23.95.248.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722913/; classtype:trojan-activity;sid:84586013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fent.mpsl"; depth:10; endswith; nocase; http.host; content:"23.95.248.41"; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722915/; classtype:trojan-activity;sid:84586015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.219.58.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722385/; classtype:trojan-activity;sid:84585485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/top8bet.apk"; depth:16; endswith; nocase; http.host; content:"top8onlinegame.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722069/; classtype:trojan-activity;sid:84585169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"72.201.150.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721465/; classtype:trojan-activity;sid:84584565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/%e5%a5%87%e5%a6%99%e5%8a%a0%e9%80%9f%e5%99%a8_2_10004379.exe/%c3%a5%c2%a5%c2%87%c3%a5%c2%a6%c2%99%c3%a5%c2%8a%c2%a0%c3%a9%c2%80%c2%9f%c3%a5%c2%99%c2%a8_2_10004379.exe/%c3%83%c2%a5%c3%82%c2%a5%c3%82%c2%87%c3%83%c2%a5%c3%82%c2%a6%c3%82%c2%99%c3%83%25...~311~...%ef%bf%bd%c3%82%c2%a8_2_10004379.exe"; depth:305; endswith; nocase; http.host; content:"pvsa.gxfugy.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721052/; classtype:trojan-activity;sid:84584152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"5.235.210.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3720850/; classtype:trojan-activity;sid:84583950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"5.235.210.223"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3720848/; classtype:trojan-activity;sid:84583948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/payment_receipt_11_28_2025.msi"; depth:31; endswith; nocase; http.host; content:"vizyonuniversitesi.com.tr"; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720416/; classtype:trojan-activity;sid:84583516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gmssetupx86.exe"; depth:16; endswith; nocase; http.host; content:"185-55-196-13.cprapid.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720403/; classtype:trojan-activity;sid:84583503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/av.lnk"; depth:16; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720339/; classtype:trojan-activity;sid:84583439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/photo.lnk"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720337/; classtype:trojan-activity;sid:84583437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/av.lnk"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720336/; classtype:trojan-activity;sid:84583436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/av.scr"; depth:16; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720335/; classtype:trojan-activity;sid:84583435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/video.scr"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720330/; classtype:trojan-activity;sid:84583430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/av.scr"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720331/; classtype:trojan-activity;sid:84583431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/video.scr"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720332/; classtype:trojan-activity;sid:84583432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/photo.scr"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720333/; classtype:trojan-activity;sid:84583433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/photo.scr"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720334/; classtype:trojan-activity;sid:84583434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/photo.lnk"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720329/; classtype:trojan-activity;sid:84583429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/video.lnk"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720327/; classtype:trojan-activity;sid:84583427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/video.lnk"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720328/; classtype:trojan-activity;sid:84583428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"31.0.222.123"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720042/; classtype:trojan-activity;sid:84583142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"31.0.222.123"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720037/; classtype:trojan-activity;sid:84583137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3719973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"31.0.222.123"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3719973/; classtype:trojan-activity;sid:84583073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.66.224.73"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718843/; classtype:trojan-activity;sid:84581943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"47.86.33.195"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3718114/; classtype:trojan-activity;sid:84581214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newwfs/support/customfont.apk"; depth:30; endswith; nocase; http.host; content:"upaicdn.xinmei365.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717880/; classtype:trojan-activity;sid:84580980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/adan/utils/mudtime.zip"; depth:32; endswith; nocase; http.host; content:"paccbet.pages.dev"; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717867/; classtype:trojan-activity;sid:84580967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"111.185.171.111"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3717290/; classtype:trojan-activity;sid:84580390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/krzysztofadamczewski/nanocore-rat/raw/refs/heads/master/nanocore_portable.exe"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716961/; classtype:trojan-activity;sid:84580061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pafh99/nanocore-rat-2/raw/refs/heads/master/nanocore_portable.exe"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716962/; classtype:trojan-activity;sid:84580062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/clientbin/dowonline.installer.exe"; depth:34; endswith; nocase; http.host; content:"dowonline.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716299/; classtype:trojan-activity;sid:84579399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baixar/suporte%20winxp-7-8.zip"; depth:31; endswith; nocase; http.host; content:"compuserviceonline.com.br"; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716290/; classtype:trojan-activity;sid:84579390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/37/cqsj/official/37cqsj.exe"; depth:28; endswith; nocase; http.host; content:"d.wanyouxi7.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715638/; classtype:trojan-activity;sid:84578738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elc/filesave/setupfile/edmslaunchersetup.exe"; depth:45; endswith; nocase; http.host; content:"lcportal.kbinsure.co.kr"; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715587/; classtype:trojan-activity;sid:84578687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dropfix"; depth:8; endswith; nocase; http.host; content:"cdn.novoline.top"; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715579/; classtype:trojan-activity;sid:84578679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fo-wsftp605.exe"; depth:16; endswith; nocase; http.host; content:"landonirwin.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715175/; classtype:trojan-activity;sid:84578275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/linux.bin"; depth:14; endswith; nocase; http.host; content:"prepstarcenter.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714635/; classtype:trojan-activity;sid:84577735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/k1_351.apk"; depth:11; endswith; nocase; http.host; content:"app.appzcvb.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714095/; classtype:trojan-activity;sid:84577195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cleaner"; depth:8; endswith; nocase; http.host; content:"gutando.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3713850/; classtype:trojan-activity;sid:84576950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.190.74.159"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713493/; classtype:trojan-activity;sid:84576593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stage1.ps1"; depth:11; endswith; nocase; http.host; content:"fb6390d5.infinityindians.pages.dev"; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713469/; classtype:trojan-activity;sid:84576569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amsibypass.ps1"; depth:15; endswith; nocase; http.host; content:"fb6390d5.infinityindians.pages.dev"; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713470/; classtype:trojan-activity;sid:84576570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/bexitor%20installer.exe"; depth:30; endswith; nocase; http.host; content:"matthewsigmondv5.pages.dev"; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713467/; classtype:trojan-activity;sid:84576567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.156.63.124"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712904/; classtype:trojan-activity;sid:84576004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"syn-096-011-145-107.biz.spectrum.com"; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712862/; classtype:trojan-activity;sid:84575962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspnet_client/info.zip"; depth:23; endswith; nocase; http.host; content:"syn-096-011-145-107.biz.spectrum.com"; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712861/; classtype:trojan-activity;sid:84575961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/av.lnk"; depth:16; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712796/; classtype:trojan-activity;sid:84575896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/photo.scr"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712795/; classtype:trojan-activity;sid:84575895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/video.scr"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712793/; classtype:trojan-activity;sid:84575893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/video.scr"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712794/; classtype:trojan-activity;sid:84575894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/photo.scr"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712791/; classtype:trojan-activity;sid:84575891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/av.scr"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712792/; classtype:trojan-activity;sid:84575892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/av.scr"; depth:16; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712790/; classtype:trojan-activity;sid:84575890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/av.lnk"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712787/; classtype:trojan-activity;sid:84575887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/video.lnk"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712788/; classtype:trojan-activity;sid:84575888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/photo.lnk"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712789/; classtype:trojan-activity;sid:84575889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/mom/photo.lnk"; depth:19; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712785/; classtype:trojan-activity;sid:84575885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/rachel/video.lnk"; depth:22; endswith; nocase; http.host; content:"27.125.169.235"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712786/; classtype:trojan-activity;sid:84575886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/gof.com.my/gz2v8w/y0qt8nphhv1v"; depth:33; endswith; nocase; http.host; content:"smartermail.host"; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712393/; classtype:trojan-activity;sid:84575493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/bpn52c44w672z75551snx/bose.g5.art.mg.xzhs.jpg|3f|rlkey=bivegryt225ie7djseqvf8ppr|7c|26|7c|st=ncdkqlmw|7c|26|7c|dl=1"; depth:123; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3712062/; classtype:trojan-activity;sid:84575162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/horioninjector.exe"; depth:23; endswith; nocase; http.host; content:"horion-static.pages.dev"; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3712017/; classtype:trojan-activity;sid:84575117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bog.apk"; depth:8; endswith; nocase; http.host; content:"bombayonline.in"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3711792/; classtype:trojan-activity;sid:84574892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.236.149.142"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711282/; classtype:trojan-activity;sid:84574382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"47.121.137.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711278/; classtype:trojan-activity;sid:84574378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sfyhmsqlexrtjetiqydog74.bin"; depth:28; endswith; nocase; http.host; content:"dexios.co.za"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710993/; classtype:trojan-activity;sid:84574093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brkopsluth.emz"; depth:15; endswith; nocase; http.host; content:"dexios.co.za"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710988/; classtype:trojan-activity;sid:84574088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auo1.exe"; depth:9; endswith; nocase; http.host; content:"a-gwo.pages.dev"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710498/; classtype:trojan-activity;sid:84573598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin/screenconnect.clientsetup.msi"; depth:34; endswith; nocase; http.host; content:"rheddh.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710456/; classtype:trojan-activity;sid:84573556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-19/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710416/; classtype:trojan-activity;sid:84573516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-29/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710404/; classtype:trojan-activity;sid:84573504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-23/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710394/; classtype:trojan-activity;sid:84573494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-03/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710388/; classtype:trojan-activity;sid:84573488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-04-23/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710390/; classtype:trojan-activity;sid:84573490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-10-11/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710385/; classtype:trojan-activity;sid:84573485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-20/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710383/; classtype:trojan-activity;sid:84573483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-21/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710380/; classtype:trojan-activity;sid:84573480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-02-26/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710370/; classtype:trojan-activity;sid:84573470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-27/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710371/; classtype:trojan-activity;sid:84573471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-28/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710374/; classtype:trojan-activity;sid:84573474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-25/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710362/; classtype:trojan-activity;sid:84573462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-06-22/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710351/; classtype:trojan-activity;sid:84573451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-07-05/info.zip"; depth:69; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710353/; classtype:trojan-activity;sid:84573453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-02-01/info.zip"; depth:69; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710340/; classtype:trojan-activity;sid:84573440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-07-05/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710341/; classtype:trojan-activity;sid:84573441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-27/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710343/; classtype:trojan-activity;sid:84573443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-06/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710334/; classtype:trojan-activity;sid:84573434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-11/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710323/; classtype:trojan-activity;sid:84573423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-22/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710327/; classtype:trojan-activity;sid:84573427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-28/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710316/; classtype:trojan-activity;sid:84573416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-12-23/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710318/; classtype:trojan-activity;sid:84573418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-05-02/info.zip"; depth:69; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710311/; classtype:trojan-activity;sid:84573411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-12-14/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710313/; classtype:trojan-activity;sid:84573413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; depth:69; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710306/; classtype:trojan-activity;sid:84573406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-26/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710293/; classtype:trojan-activity;sid:84573393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-10-06/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710285/; classtype:trojan-activity;sid:84573385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-21/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710287/; classtype:trojan-activity;sid:84573387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-18/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710288/; classtype:trojan-activity;sid:84573388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-22/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710289/; classtype:trojan-activity;sid:84573389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-04-12/info.zip"; depth:69; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710290/; classtype:trojan-activity;sid:84573390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2021-05-20/info.zip"; depth:69; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710291/; classtype:trojan-activity;sid:84573391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-20/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710284/; classtype:trojan-activity;sid:84573384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/offlinepackv4.exe"; depth:18; endswith; nocase; http.host; content:"dl.360safe.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710207/; classtype:trojan-activity;sid:84573307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soulclientwtf/lnk/raw/refs/heads/main/execute"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710011/; classtype:trojan-activity;sid:84573111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soulclientwtf/lnk/refs/heads/main/execute"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710010/; classtype:trojan-activity;sid:84573110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-03/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709309/; classtype:trojan-activity;sid:84572409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709306/; classtype:trojan-activity;sid:84572406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-16/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709292/; classtype:trojan-activity;sid:84572392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709293/; classtype:trojan-activity;sid:84572393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709294/; classtype:trojan-activity;sid:84572394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-08/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709295/; classtype:trojan-activity;sid:84572395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709296/; classtype:trojan-activity;sid:84572396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-23/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709298/; classtype:trojan-activity;sid:84572398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709299/; classtype:trojan-activity;sid:84572399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-03/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709300/; classtype:trojan-activity;sid:84572400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-13/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709301/; classtype:trojan-activity;sid:84572401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-10-20/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709302/; classtype:trojan-activity;sid:84572402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-30/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709303/; classtype:trojan-activity;sid:84572403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-05-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709304/; classtype:trojan-activity;sid:84572404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-24/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709305/; classtype:trojan-activity;sid:84572405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709288/; classtype:trojan-activity;sid:84572388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-23/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709290/; classtype:trojan-activity;sid:84572390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-26/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709291/; classtype:trojan-activity;sid:84572391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709272/; classtype:trojan-activity;sid:84572372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709273/; classtype:trojan-activity;sid:84572373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709274/; classtype:trojan-activity;sid:84572374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-04-09/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709275/; classtype:trojan-activity;sid:84572375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-18/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709276/; classtype:trojan-activity;sid:84572376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-20/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709277/; classtype:trojan-activity;sid:84572377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-14/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709278/; classtype:trojan-activity;sid:84572378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-06-29/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709280/; classtype:trojan-activity;sid:84572380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-30/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709281/; classtype:trojan-activity;sid:84572381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-16/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709284/; classtype:trojan-activity;sid:84572384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709285/; classtype:trojan-activity;sid:84572385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709286/; classtype:trojan-activity;sid:84572386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-08/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709287/; classtype:trojan-activity;sid:84572387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-29/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709270/; classtype:trojan-activity;sid:84572370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-10/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709271/; classtype:trojan-activity;sid:84572371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-22/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709267/; classtype:trojan-activity;sid:84572367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-01-29/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709255/; classtype:trojan-activity;sid:84572355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-24/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709256/; classtype:trojan-activity;sid:84572356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709257/; classtype:trojan-activity;sid:84572357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-23/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709258/; classtype:trojan-activity;sid:84572358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-16/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709259/; classtype:trojan-activity;sid:84572359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-20/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709261/; classtype:trojan-activity;sid:84572361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-02/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709262/; classtype:trojan-activity;sid:84572362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-08-31/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709263/; classtype:trojan-activity;sid:84572363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-11/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709264/; classtype:trojan-activity;sid:84572364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-03/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709248/; classtype:trojan-activity;sid:84572348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-24/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709249/; classtype:trojan-activity;sid:84572349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-11/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709250/; classtype:trojan-activity;sid:84572350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-01/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709251/; classtype:trojan-activity;sid:84572351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-12/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709252/; classtype:trojan-activity;sid:84572352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-17/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709253/; classtype:trojan-activity;sid:84572353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-12/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709254/; classtype:trojan-activity;sid:84572354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709244/; classtype:trojan-activity;sid:84572344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-10/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709245/; classtype:trojan-activity;sid:84572345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-09-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709246/; classtype:trojan-activity;sid:84572346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-01-04/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709247/; classtype:trojan-activity;sid:84572347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-05/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709241/; classtype:trojan-activity;sid:84572341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709242/; classtype:trojan-activity;sid:84572342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-09/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709239/; classtype:trojan-activity;sid:84572339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709234/; classtype:trojan-activity;sid:84572334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709235/; classtype:trojan-activity;sid:84572335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-19/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709236/; classtype:trojan-activity;sid:84572336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-22/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709237/; classtype:trojan-activity;sid:84572337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709238/; classtype:trojan-activity;sid:84572338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-01-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709228/; classtype:trojan-activity;sid:84572328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709229/; classtype:trojan-activity;sid:84572329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-07-22/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709230/; classtype:trojan-activity;sid:84572330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-13/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709231/; classtype:trojan-activity;sid:84572331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709232/; classtype:trojan-activity;sid:84572332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-16/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709233/; classtype:trojan-activity;sid:84572333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-07-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709220/; classtype:trojan-activity;sid:84572320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-03-16/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709221/; classtype:trojan-activity;sid:84572321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709222/; classtype:trojan-activity;sid:84572322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-03/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709223/; classtype:trojan-activity;sid:84572323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-26/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709224/; classtype:trojan-activity;sid:84572324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709225/; classtype:trojan-activity;sid:84572325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-25/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709227/; classtype:trojan-activity;sid:84572327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709218/; classtype:trojan-activity;sid:84572318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709219/; classtype:trojan-activity;sid:84572319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-08/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709217/; classtype:trojan-activity;sid:84572317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-13/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709213/; classtype:trojan-activity;sid:84572313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-01-14/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709214/; classtype:trojan-activity;sid:84572314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709209/; classtype:trojan-activity;sid:84572309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-18/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709210/; classtype:trojan-activity;sid:84572310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709211/; classtype:trojan-activity;sid:84572311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-06-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709212/; classtype:trojan-activity;sid:84572312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-06/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709201/; classtype:trojan-activity;sid:84572301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-10/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709202/; classtype:trojan-activity;sid:84572302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-25/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709203/; classtype:trojan-activity;sid:84572303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-12/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709204/; classtype:trojan-activity;sid:84572304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709205/; classtype:trojan-activity;sid:84572305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-02/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709206/; classtype:trojan-activity;sid:84572306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709207/; classtype:trojan-activity;sid:84572307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-04-04/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709193/; classtype:trojan-activity;sid:84572293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-03/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709194/; classtype:trojan-activity;sid:84572294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-01/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709195/; classtype:trojan-activity;sid:84572295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709196/; classtype:trojan-activity;sid:84572296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-11/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709199/; classtype:trojan-activity;sid:84572299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-15/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709200/; classtype:trojan-activity;sid:84572300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-07-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709192/; classtype:trojan-activity;sid:84572292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709190/; classtype:trojan-activity;sid:84572290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-28/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709191/; classtype:trojan-activity;sid:84572291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-23/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709186/; classtype:trojan-activity;sid:84572286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-10-06/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709187/; classtype:trojan-activity;sid:84572287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-19/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709188/; classtype:trojan-activity;sid:84572288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2025-01-13/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709175/; classtype:trojan-activity;sid:84572275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-02/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709176/; classtype:trojan-activity;sid:84572276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-06/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709177/; classtype:trojan-activity;sid:84572277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-09-18/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709178/; classtype:trojan-activity;sid:84572278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-10/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709179/; classtype:trojan-activity;sid:84572279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-09-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709180/; classtype:trojan-activity;sid:84572280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-20/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709181/; classtype:trojan-activity;sid:84572281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709182/; classtype:trojan-activity;sid:84572282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709184/; classtype:trojan-activity;sid:84572284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-27/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709185/; classtype:trojan-activity;sid:84572285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-17/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709165/; classtype:trojan-activity;sid:84572265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-04/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709166/; classtype:trojan-activity;sid:84572266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2024-01-22/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709167/; classtype:trojan-activity;sid:84572267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-27/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709168/; classtype:trojan-activity;sid:84572268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-13/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709169/; classtype:trojan-activity;sid:84572269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-02/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709170/; classtype:trojan-activity;sid:84572270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709171/; classtype:trojan-activity;sid:84572271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-15/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709172/; classtype:trojan-activity;sid:84572272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-08/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709173/; classtype:trojan-activity;sid:84572273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-02/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709163/; classtype:trojan-activity;sid:84572263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709161/; classtype:trojan-activity;sid:84572261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-18/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709162/; classtype:trojan-activity;sid:84572262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-29/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709159/; classtype:trojan-activity;sid:84572259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-06/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709158/; classtype:trojan-activity;sid:84572258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000758/2022-03-02/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709152/; classtype:trojan-activity;sid:84572252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-17/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709153/; classtype:trojan-activity;sid:84572253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-24/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709154/; classtype:trojan-activity;sid:84572254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709155/; classtype:trojan-activity;sid:84572255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-13/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709156/; classtype:trojan-activity;sid:84572256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-08-16/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709157/; classtype:trojan-activity;sid:84572257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-05-27/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709143/; classtype:trojan-activity;sid:84572243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-12/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709144/; classtype:trojan-activity;sid:84572244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-20/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709145/; classtype:trojan-activity;sid:84572245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-02/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709147/; classtype:trojan-activity;sid:84572247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-19/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709148/; classtype:trojan-activity;sid:84572248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-27/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709149/; classtype:trojan-activity;sid:84572249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709150/; classtype:trojan-activity;sid:84572250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-05-01/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709151/; classtype:trojan-activity;sid:84572251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709140/; classtype:trojan-activity;sid:84572240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709141/; classtype:trojan-activity;sid:84572241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-09/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709139/; classtype:trojan-activity;sid:84572239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709138/; classtype:trojan-activity;sid:84572238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-11-24/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709129/; classtype:trojan-activity;sid:84572229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709130/; classtype:trojan-activity;sid:84572230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709131/; classtype:trojan-activity;sid:84572231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-05-31/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709132/; classtype:trojan-activity;sid:84572232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-25/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709133/; classtype:trojan-activity;sid:84572233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-27/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709135/; classtype:trojan-activity;sid:84572235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-12/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709136/; classtype:trojan-activity;sid:84572236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709128/; classtype:trojan-activity;sid:84572228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-08/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709112/; classtype:trojan-activity;sid:84572212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709113/; classtype:trojan-activity;sid:84572213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-01/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709114/; classtype:trojan-activity;sid:84572214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-27/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709115/; classtype:trojan-activity;sid:84572215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-17/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709116/; classtype:trojan-activity;sid:84572216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-19/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709117/; classtype:trojan-activity;sid:84572217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-25/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709118/; classtype:trojan-activity;sid:84572218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-31/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709119/; classtype:trojan-activity;sid:84572219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709120/; classtype:trojan-activity;sid:84572220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-08-16/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709121/; classtype:trojan-activity;sid:84572221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-01/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709123/; classtype:trojan-activity;sid:84572223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-30/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709124/; classtype:trojan-activity;sid:84572224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-16/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709126/; classtype:trojan-activity;sid:84572226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-09/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709109/; classtype:trojan-activity;sid:84572209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-06-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709111/; classtype:trojan-activity;sid:84572211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709104/; classtype:trojan-activity;sid:84572204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-30/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709105/; classtype:trojan-activity;sid:84572205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709107/; classtype:trojan-activity;sid:84572207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709108/; classtype:trojan-activity;sid:84572208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-09-08/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709103/; classtype:trojan-activity;sid:84572203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-18/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709096/; classtype:trojan-activity;sid:84572196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709097/; classtype:trojan-activity;sid:84572197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-31/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709098/; classtype:trojan-activity;sid:84572198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-30/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709099/; classtype:trojan-activity;sid:84572199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709100/; classtype:trojan-activity;sid:84572200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000324/2024-01-02/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709101/; classtype:trojan-activity;sid:84572201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-24/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709088/; classtype:trojan-activity;sid:84572188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-24/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709089/; classtype:trojan-activity;sid:84572189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709090/; classtype:trojan-activity;sid:84572190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-08/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709091/; classtype:trojan-activity;sid:84572191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-03/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709092/; classtype:trojan-activity;sid:84572192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2022-10-27/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709093/; classtype:trojan-activity;sid:84572193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-03-20/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709078/; classtype:trojan-activity;sid:84572178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-09-27/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709079/; classtype:trojan-activity;sid:84572179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-09-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709080/; classtype:trojan-activity;sid:84572180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-09-20/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709081/; classtype:trojan-activity;sid:84572181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-20/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709083/; classtype:trojan-activity;sid:84572183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-17/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709084/; classtype:trojan-activity;sid:84572184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-02/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709085/; classtype:trojan-activity;sid:84572185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-12/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709086/; classtype:trojan-activity;sid:84572186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-23/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709087/; classtype:trojan-activity;sid:84572187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709075/; classtype:trojan-activity;sid:84572175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-14/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709076/; classtype:trojan-activity;sid:84572176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-30/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709077/; classtype:trojan-activity;sid:84572177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-06-24/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709054/; classtype:trojan-activity;sid:84572154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709055/; classtype:trojan-activity;sid:84572155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-09-26/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709056/; classtype:trojan-activity;sid:84572156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-06-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709057/; classtype:trojan-activity;sid:84572157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-28/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709058/; classtype:trojan-activity;sid:84572158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709059/; classtype:trojan-activity;sid:84572159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-20/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709060/; classtype:trojan-activity;sid:84572160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-02-19/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709061/; classtype:trojan-activity;sid:84572161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-17/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709062/; classtype:trojan-activity;sid:84572162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-15/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709063/; classtype:trojan-activity;sid:84572163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-05/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709064/; classtype:trojan-activity;sid:84572164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-01/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709065/; classtype:trojan-activity;sid:84572165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-02/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709066/; classtype:trojan-activity;sid:84572166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-18/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709067/; classtype:trojan-activity;sid:84572167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-03-03/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709068/; classtype:trojan-activity;sid:84572168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-23/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709069/; classtype:trojan-activity;sid:84572169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-07-14/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709070/; classtype:trojan-activity;sid:84572170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-09-29/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709072/; classtype:trojan-activity;sid:84572172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-18/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709042/; classtype:trojan-activity;sid:84572142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-09-08/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709043/; classtype:trojan-activity;sid:84572143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-17/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709044/; classtype:trojan-activity;sid:84572144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-28/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709045/; classtype:trojan-activity;sid:84572145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-20/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709046/; classtype:trojan-activity;sid:84572146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-16/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709047/; classtype:trojan-activity;sid:84572147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-24/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709048/; classtype:trojan-activity;sid:84572148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-31/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709049/; classtype:trojan-activity;sid:84572149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709050/; classtype:trojan-activity;sid:84572150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-17/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709051/; classtype:trojan-activity;sid:84572151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-06/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709052/; classtype:trojan-activity;sid:84572152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-04-05/info.zip"; depth:77; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709053/; classtype:trojan-activity;sid:84572153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.143.158.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708476/; classtype:trojan-activity;sid:84571576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ourzz.wav"; depth:10; endswith; nocase; http.host; content:"clubdetiroelpicarcho.com"; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708402/; classtype:trojan-activity;sid:84571502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2019/04/pieletjf.exe"; depth:40; endswith; nocase; http.host; content:"theoremaoliveoil.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707697/; classtype:trojan-activity;sid:84570797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2019/04/pieletjf_vm.exe"; depth:43; endswith; nocase; http.host; content:"theoremaoliveoil.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707699/; classtype:trojan-activity;sid:84570799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.247.101.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704600/; classtype:trojan-activity;sid:84567700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.216.139.127"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704602/; classtype:trojan-activity;sid:84567702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.208.202.85"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704561/; classtype:trojan-activity;sid:84567661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.247.101.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704523/; classtype:trojan-activity;sid:84567623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leinchchanceleinch/jik/raw/refs/heads/main/dev.msi"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704158/; classtype:trojan-activity;sid:84567258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220623/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703801/; classtype:trojan-activity;sid:84566901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20180102/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703764/; classtype:trojan-activity;sid:84566864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20140730/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703731/; classtype:trojan-activity;sid:84566831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dersnotlari/02/sora.jpg"; depth:24; endswith; nocase; http.host; content:"www.notbak.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702746/; classtype:trojan-activity;sid:84565846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230517/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702204/; classtype:trojan-activity;sid:84565304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250210/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702202/; classtype:trojan-activity;sid:84565302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250309/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702201/; classtype:trojan-activity;sid:84565301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230517/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702199/; classtype:trojan-activity;sid:84565299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240113/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702178/; classtype:trojan-activity;sid:84565278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240113/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702166/; classtype:trojan-activity;sid:84565266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20140730/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702161/; classtype:trojan-activity;sid:84565261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250416/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702156/; classtype:trojan-activity;sid:84565256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230517/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702157/; classtype:trojan-activity;sid:84565257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250309/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702158/; classtype:trojan-activity;sid:84565258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250309/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702152/; classtype:trojan-activity;sid:84565252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230517/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702147/; classtype:trojan-activity;sid:84565247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250309/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702142/; classtype:trojan-activity;sid:84565242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250210/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702143/; classtype:trojan-activity;sid:84565243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250416/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702134/; classtype:trojan-activity;sid:84565234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230517/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702135/; classtype:trojan-activity;sid:84565235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220623/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702136/; classtype:trojan-activity;sid:84565236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220623/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702130/; classtype:trojan-activity;sid:84565230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250416/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702131/; classtype:trojan-activity;sid:84565231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220623/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702132/; classtype:trojan-activity;sid:84565232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20180102/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702127/; classtype:trojan-activity;sid:84565227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240113/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702128/; classtype:trojan-activity;sid:84565228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220623/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702122/; classtype:trojan-activity;sid:84565222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240113/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702123/; classtype:trojan-activity;sid:84565223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20180102/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702121/; classtype:trojan-activity;sid:84565221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250210/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702119/; classtype:trojan-activity;sid:84565219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20140730/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702115/; classtype:trojan-activity;sid:84565215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250210/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702105/; classtype:trojan-activity;sid:84565205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240113/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702102/; classtype:trojan-activity;sid:84565202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220623/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702103/; classtype:trojan-activity;sid:84565203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20180102/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701934/; classtype:trojan-activity;sid:84565034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20140730/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701924/; classtype:trojan-activity;sid:84565024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20180102/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701905/; classtype:trojan-activity;sid:84565005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20180102/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701906/; classtype:trojan-activity;sid:84565006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"144.2.111.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701320/; classtype:trojan-activity;sid:84564420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scoto.jpb"; depth:10; endswith; nocase; http.host; content:"www.jozefinskiatelje.si"; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701203/; classtype:trojan-activity;sid:84564303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"139.196.111.118"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700663/; classtype:trojan-activity;sid:84563763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"190.196.38.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700329/; classtype:trojan-activity;sid:84563429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"163.53.178.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700276/; classtype:trojan-activity;sid:84563376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"36.158.34.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700268/; classtype:trojan-activity;sid:84563368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"190.196.38.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700199/; classtype:trojan-activity;sid:84563299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"36.158.34.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700187/; classtype:trojan-activity;sid:84563287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"190.196.38.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700112/; classtype:trojan-activity;sid:84563212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"163.53.178.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700015/; classtype:trojan-activity;sid:84563115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"163.53.178.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699997/; classtype:trojan-activity;sid:84563097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"119.91.141.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699967/; classtype:trojan-activity;sid:84563067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"190.196.38.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699839/; classtype:trojan-activity;sid:84562939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"163.53.178.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699812/; classtype:trojan-activity;sid:84562912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"190.196.38.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699768/; classtype:trojan-activity;sid:84562868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tinh_cuoc_xe/2025/thanh%20ti%c3%aan/info.zip"; depth:45; endswith; nocase; http.host; content:"103.226.249.227"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699681/; classtype:trojan-activity;sid:84562781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"190.196.38.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699651/; classtype:trojan-activity;sid:84562751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"190.196.38.77"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699578/; classtype:trojan-activity;sid:84562678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"163.53.178.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699459/; classtype:trojan-activity;sid:84562559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"163.53.178.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699462/; classtype:trojan-activity;sid:84562562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"163.53.178.8"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699428/; classtype:trojan-activity;sid:84562528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reprofo.mso"; depth:12; endswith; nocase; http.host; content:"www.jozefinskiatelje.si"; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698699/; classtype:trojan-activity;sid:84561799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"83.229.126.183"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698418/; classtype:trojan-activity;sid:84561518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.250.173"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698400/; classtype:trojan-activity;sid:84561500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.241.74.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698365/; classtype:trojan-activity;sid:84561465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250309/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698078/; classtype:trojan-activity;sid:84561178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20140730/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698077/; classtype:trojan-activity;sid:84561177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230517/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698067/; classtype:trojan-activity;sid:84561167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250210/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698070/; classtype:trojan-activity;sid:84561170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250210/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698062/; classtype:trojan-activity;sid:84561162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20140730/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698059/; classtype:trojan-activity;sid:84561159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250309/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698057/; classtype:trojan-activity;sid:84561157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20240113/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698058/; classtype:trojan-activity;sid:84561158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zddtxxyxb.zip"; depth:14; endswith; nocase; http.host; content:"101.35.56.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697910/; classtype:trojan-activity;sid:84561010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i24.bin"; depth:8; endswith; nocase; http.host; content:"101.35.56.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697909/; classtype:trojan-activity;sid:84561009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/husk.zip"; depth:9; endswith; nocase; http.host; content:"101.35.56.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697908/; classtype:trojan-activity;sid:84561008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eznoted2b1405e.zip"; depth:19; endswith; nocase; http.host; content:"101.35.56.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697907/; classtype:trojan-activity;sid:84561007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/without_hook.zip"; depth:17; endswith; nocase; http.host; content:"101.35.56.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697906/; classtype:trojan-activity;sid:84561006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/husk.py"; depth:8; endswith; nocase; http.host; content:"101.35.56.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697870/; classtype:trojan-activity;sid:84560970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"94.76.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697816/; classtype:trojan-activity;sid:84560916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"36.158.34.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697809/; classtype:trojan-activity;sid:84560909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tran.dsp"; depth:9; endswith; nocase; http.host; content:"www.jozefinskiatelje.si"; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697791/; classtype:trojan-activity;sid:84560891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aibkp63.bin"; depth:12; endswith; nocase; http.host; content:"www.jozefinskiatelje.si"; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697789/; classtype:trojan-activity;sid:84560889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a1l4m/2e771fb306028fabfc8e098427181f78/raw/37f3db6b29d64f1045fb60967d6297f525ddf443/iamthedanger.txt"; depth:101; endswith; nocase; http.host; content:"gist.githubusercontent.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696992/; classtype:trojan-activity;sid:84560092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"80.147.155.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696132/; classtype:trojan-activity;sid:84559232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"80.147.155.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696133/; classtype:trojan-activity;sid:84559233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"80.147.155.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696129/; classtype:trojan-activity;sid:84559229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"166.143.253.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696114/; classtype:trojan-activity;sid:84559214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"166.143.253.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696096/; classtype:trojan-activity;sid:84559196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"166.143.253.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696086/; classtype:trojan-activity;sid:84559186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"94.76.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696082/; classtype:trojan-activity;sid:84559182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"63.47.210.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696066/; classtype:trojan-activity;sid:84559166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"144.2.111.169"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696043/; classtype:trojan-activity;sid:84559143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"63.47.210.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696026/; classtype:trojan-activity;sid:84559126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"166.143.253.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696003/; classtype:trojan-activity;sid:84559103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"63.47.210.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696004/; classtype:trojan-activity;sid:84559104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"76.94.199.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695955/; classtype:trojan-activity;sid:84559055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"166.143.253.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695952/; classtype:trojan-activity;sid:84559052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"166.143.253.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695948/; classtype:trojan-activity;sid:84559048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"166.143.253.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695937/; classtype:trojan-activity;sid:84559037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"63.47.210.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695923/; classtype:trojan-activity;sid:84559023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"76.94.199.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695920/; classtype:trojan-activity;sid:84559020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"80.147.155.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695898/; classtype:trojan-activity;sid:84558998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"76.94.199.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695884/; classtype:trojan-activity;sid:84558984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"63.47.210.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695869/; classtype:trojan-activity;sid:84558969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"76.94.199.139"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695875/; classtype:trojan-activity;sid:84558975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"94.76.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695854/; classtype:trojan-activity;sid:84558954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"63.47.210.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695827/; classtype:trojan-activity;sid:84558927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"63.47.210.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695830/; classtype:trojan-activity;sid:84558930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.242.9"; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695119/; classtype:trojan-activity;sid:84558219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.227.134"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695114/; classtype:trojan-activity;sid:84558214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.86.246.233"; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695080/; classtype:trojan-activity;sid:84558180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.137.149.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691444/; classtype:trojan-activity;sid:84554544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"179.43.186.214"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691440/; classtype:trojan-activity;sid:84554540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.179.144.202"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690708/; classtype:trojan-activity;sid:84553808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"8.137.149.67"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689713/; classtype:trojan-activity;sid:84552813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"62.197.62.195"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689700/; classtype:trojan-activity;sid:84552800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmr.exe"; depth:8; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688692/; classtype:trojan-activity;sid:84551792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newtpp.exe"; depth:11; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688690/; classtype:trojan-activity;sid:84551790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1"; depth:2; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688658/; classtype:trojan-activity;sid:84551758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/32.exe"; depth:7; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688659/; classtype:trojan-activity;sid:84551759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2"; depth:2; endswith; nocase; http.host; content:"178.16.54.109"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688660/; classtype:trojan-activity;sid:84551760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scl/fi/qjzjw3jh5hmethgwglz2e/c1.txt|3f|rlkey=w1barqtenrmhag3tgorzh3hpq|7c|26|7c|st=uinlpwhr|7c|26|7c|dl=1"; depth:106; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688105/; classtype:trojan-activity;sid:84551205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/y6m2uw0dgi.js"; depth:14; endswith; nocase; http.host; content:"filerit.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687916/; classtype:trojan-activity;sid:84551016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/4aa9fqc792.ps1"; depth:15; endswith; nocase; http.host; content:"pub-bfc34934a91a4893817098f73415917a.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687914/; classtype:trojan-activity;sid:84551014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zibll001/ffff/refs/heads/main/web.sh"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687753/; classtype:trojan-activity;sid:84550853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/var/albums/etkinlikler/toplanti/2013/soran.jpg.jpeg"; depth:52; endswith; nocase; http.host; content:"galeri3.arkitera.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685141/; classtype:trojan-activity;sid:84548241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoom/windows/download.php"; depth:26; endswith; nocase; http.host; content:"khoancatbetong89.vn"; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684806/; classtype:trojan-activity;sid:84547906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/photo.scr"; depth:15; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684352/; classtype:trojan-activity;sid:84547452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/upg/video.lnk"; depth:19; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684353/; classtype:trojan-activity;sid:84547453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/upg/av.lnk"; depth:16; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684354/; classtype:trojan-activity;sid:84547454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/upg/video.scr"; depth:19; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684347/; classtype:trojan-activity;sid:84547447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/av.scr"; depth:12; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684348/; classtype:trojan-activity;sid:84547448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/upg/av.scr"; depth:16; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684349/; classtype:trojan-activity;sid:84547449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/video.scr"; depth:15; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684350/; classtype:trojan-activity;sid:84547450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/upg/photo.scr"; depth:19; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684351/; classtype:trojan-activity;sid:84547451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sda1/upg/photo.lnk"; depth:19; endswith; nocase; http.host; content:"218.212.2.95"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684345/; classtype:trojan-activity;sid:84547445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.175.42.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683975/; classtype:trojan-activity;sid:84547075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; depth:89; endswith; nocase; http.host; content:"107.173.101.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; depth:89; endswith; nocase; http.host; content:"107.173.101.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/swt"; depth:4; endswith; nocase; http.host; content:"107.173.101.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheatw.pfm"; depth:11; endswith; nocase; http.host; content:"tehnomag.rs"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wheatw.pfm"; depth:11; endswith; nocase; http.host; content:"tehnomag.rs"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"116.198.233.179"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681051/; classtype:trojan-activity;sid:84544151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/x64-setup.exe"; depth:18; endswith; nocase; http.host; content:"tapestryoftruth.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prefiction.mp4"; depth:15; endswith; nocase; http.host; content:"www.sgeseducation.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"50.43.160.231"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678923/; classtype:trojan-activity;sid:84542023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.211.15.11"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678013/; classtype:trojan-activity;sid:84541113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"103.153.93.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678006/; classtype:trojan-activity;sid:84541106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.25.123.70"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677999/; classtype:trojan-activity;sid:84541099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/info.zip"; depth:19; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677521/; classtype:trojan-activity;sid:84540621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/wp-content/build.exe"; depth:31; endswith; nocase; http.host; content:"serasoo.direct.quickconnect.to"; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669896/; classtype:trojan-activity;sid:84532996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-windows-x64.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668647/; classtype:trojan-activity;sid:84531747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"apn-87-251-249-41.static.gprs.plus.pl"; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668586/; classtype:trojan-activity;sid:84531686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/video.scr"; depth:23; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667591/; classtype:trojan-activity;sid:84530691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667589/; classtype:trojan-activity;sid:84530689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/av.scr"; depth:20; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667586/; classtype:trojan-activity;sid:84530686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667587/; classtype:trojan-activity;sid:84530687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667588/; classtype:trojan-activity;sid:84530688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/photo.scr"; depth:23; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667585/; classtype:trojan-activity;sid:84530685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667584/; classtype:trojan-activity;sid:84530684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667582/; classtype:trojan-activity;sid:84530682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"132.red-81-42-249.staticip.rima-tde.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667583/; classtype:trojan-activity;sid:84530683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666095/; classtype:trojan-activity;sid:84529195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666091/; classtype:trojan-activity;sid:84529191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"87.227.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665807/; classtype:trojan-activity;sid:84528907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"87.227.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665805/; classtype:trojan-activity;sid:84528905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"120.79.192.88"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665801/; classtype:trojan-activity;sid:84528901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"94.76.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665802/; classtype:trojan-activity;sid:84528902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"94.76.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665803/; classtype:trojan-activity;sid:84528903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"130.185.193.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665799/; classtype:trojan-activity;sid:84528899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"75.144.208.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665796/; classtype:trojan-activity;sid:84528896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"75.144.208.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665788/; classtype:trojan-activity;sid:84528888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"75.144.208.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665779/; classtype:trojan-activity;sid:84528879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"87.227.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665767/; classtype:trojan-activity;sid:84528867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"210.91.88.90"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665760/; classtype:trojan-activity;sid:84528860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"102.53.15.17"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665747/; classtype:trojan-activity;sid:84528847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"195.103.203.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665742/; classtype:trojan-activity;sid:84528842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"5.26.174.234"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665733/; classtype:trojan-activity;sid:84528833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"126.23.203.236"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665715/; classtype:trojan-activity;sid:84528815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"130.185.193.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665712/; classtype:trojan-activity;sid:84528812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"130.185.193.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665699/; classtype:trojan-activity;sid:84528799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"155.2.213.252"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665692/; classtype:trojan-activity;sid:84528792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"155.2.213.252"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665674/; classtype:trojan-activity;sid:84528774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"61.160.215.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665671/; classtype:trojan-activity;sid:84528771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"87.227.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665669/; classtype:trojan-activity;sid:84528769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"80.147.155.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665664/; classtype:trojan-activity;sid:84528764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"130.185.193.208"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665656/; classtype:trojan-activity;sid:84528756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"87.227.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665611/; classtype:trojan-activity;sid:84528711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"80.147.155.189"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665612/; classtype:trojan-activity;sid:84528712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"120.79.192.88"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664885/; classtype:trojan-activity;sid:84527985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250302/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250708/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250408/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660690/; classtype:trojan-activity;sid:84523790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250724/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20221020/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660680/; classtype:trojan-activity;sid:84523780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250408/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250302/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250408/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19000101/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250721/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250302/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250724/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660671/; classtype:trojan-activity;sid:84523771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660668/; classtype:trojan-activity;sid:84523768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250721/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250621/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210118/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660666/; classtype:trojan-activity;sid:84523766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250726/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250703/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660664/; classtype:trojan-activity;sid:84523764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250708/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250713/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250621/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660658/; classtype:trojan-activity;sid:84523758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250726/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250713/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660654/; classtype:trojan-activity;sid:84523754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220801/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660652/; classtype:trojan-activity;sid:84523752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250708/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250302/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250726/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250621/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/av.scr"; depth:20; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/photo.scr"; depth:23; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220801/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660641/; classtype:trojan-activity;sid:84523741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250703/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660640/; classtype:trojan-activity;sid:84523740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220801/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220801/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660637/; classtype:trojan-activity;sid:84523737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220801/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250722/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250703/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660634/; classtype:trojan-activity;sid:84523734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250615/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250708/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250615/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250302/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230507/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660627/; classtype:trojan-activity;sid:84523727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230507/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660626/; classtype:trojan-activity;sid:84523726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210118/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250724/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660624/; classtype:trojan-activity;sid:84523724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230507/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250722/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250703/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250721/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250615/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660619/; classtype:trojan-activity;sid:84523719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250408/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250621/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660615/; classtype:trojan-activity;sid:84523715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250724/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250713/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660614/; classtype:trojan-activity;sid:84523714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250721/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660612/; classtype:trojan-activity;sid:84523712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250722/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250725/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20221020/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250725/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250708/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660605/; classtype:trojan-activity;sid:84523705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660603/; classtype:trojan-activity;sid:84523703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250725/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250302/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20220801/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660598/; classtype:trojan-activity;sid:84523698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250615/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210118/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210118/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250621/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250726/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20221020/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660590/; classtype:trojan-activity;sid:84523690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230507/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250703/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660587/; classtype:trojan-activity;sid:84523687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250615/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250408/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250713/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660585/; classtype:trojan-activity;sid:84523685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250725/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660583/; classtype:trojan-activity;sid:84523683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250726/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660584/; classtype:trojan-activity;sid:84523684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250726/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660581/; classtype:trojan-activity;sid:84523681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20221020/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r-02-radiole/video.scr"; depth:23; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660579/; classtype:trojan-activity;sid:84523679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20221020/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660580/; classtype:trojan-activity;sid:84523680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210118/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660577/; classtype:trojan-activity;sid:84523677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250703/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20210118/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250724/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660573/; classtype:trojan-activity;sid:84523673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250724/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250615/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250725/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250621/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660570/; classtype:trojan-activity;sid:84523670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250725/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230507/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660563/; classtype:trojan-activity;sid:84523663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250721/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660564/; classtype:trojan-activity;sid:84523664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20221020/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250713/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250721/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250708/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20230507/photo.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660558/; classtype:trojan-activity;sid:84523658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250722/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250722/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250713/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250722/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20250408/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pathdata/info.zip"; depth:18; endswith; nocase; http.host; content:"113.57.8.243"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660536/; classtype:trojan-activity;sid:84523636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user/info.zip"; depth:14; endswith; nocase; http.host; content:"113.57.8.243"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660538/; classtype:trojan-activity;sid:84523638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.67.25.26"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660470/; classtype:trojan-activity;sid:84523570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660332/; classtype:trojan-activity;sid:84523432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660330/; classtype:trojan-activity;sid:84523430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660328/; classtype:trojan-activity;sid:84523428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"81.42.249.132"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660327/; classtype:trojan-activity;sid:84523427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"46.77.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"46.77.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"46.77.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"93.82.169.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"93.82.169.218"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"46.77.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"46.77.52.190"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"217.115.212.126"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"217.115.212.126"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"217.115.212.126"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"217.115.212.126"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"47.104.96.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656725/; classtype:trojan-activity;sid:84519825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"92.150.82.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"103.240.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"94.226.135.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.240.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"103.206.139.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"180.148.33.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656710/; classtype:trojan-activity;sid:84519810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.206.139.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"179.214.0.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"103.240.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"212.27.26.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656701/; classtype:trojan-activity;sid:84519801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"90.8.145.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"179.214.0.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"103.206.139.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"217.115.212.126"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"180.148.33.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656677/; classtype:trojan-activity;sid:84519777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"68.224.70.241"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656671/; classtype:trojan-activity;sid:84519771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"5.149.184.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"179.214.0.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656674/; classtype:trojan-activity;sid:84519774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"180.76.153.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656666/; classtype:trojan-activity;sid:84519766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"90.8.145.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"103.206.139.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656665/; classtype:trojan-activity;sid:84519765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"92.150.82.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"94.226.135.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"179.214.0.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656660/; classtype:trojan-activity;sid:84519760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"103.240.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"94.226.135.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"179.214.0.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"180.148.33.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656654/; classtype:trojan-activity;sid:84519754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"94.226.135.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"94.226.135.252"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"212.27.26.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656638/; classtype:trojan-activity;sid:84519738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"122.170.8.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"103.206.139.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"122.170.8.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"122.170.8.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"68.224.70.241"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"179.214.0.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"180.148.33.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656630/; classtype:trojan-activity;sid:84519730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"122.170.8.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"90.8.145.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"180.148.33.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656621/; classtype:trojan-activity;sid:84519721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"90.8.145.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656611/; classtype:trojan-activity;sid:84519711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"103.206.139.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"90.8.145.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"212.27.26.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656609/; classtype:trojan-activity;sid:84519709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"103.206.139.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"90.8.145.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"180.148.33.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656592/; classtype:trojan-activity;sid:84519692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"180.148.33.24"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656594/; classtype:trojan-activity;sid:84519694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"122.170.8.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"122.170.8.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"122.170.8.40"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"179.214.0.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"76.130.209.104"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"212.27.26.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656572/; classtype:trojan-activity;sid:84519672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"103.240.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"188.118.38.161"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656566/; classtype:trojan-activity;sid:84519666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"90.8.145.102"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"103.240.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"103.240.211.121"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656398/; classtype:trojan-activity;sid:84519498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"45.118.32.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/christian%20cg17042021%20xpanel.c3prj/info.zip"; depth:47; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656140/; classtype:trojan-activity;sid:84519240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"111.235.143.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656057/; classtype:trojan-activity;sid:84519157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656051/; classtype:trojan-activity;sid:84519151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"141.155.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"187.247.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656047/; classtype:trojan-activity;sid:84519147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656038/; classtype:trojan-activity;sid:84519138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656030/; classtype:trojan-activity;sid:84519130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656021/; classtype:trojan-activity;sid:84519121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"157.10.63.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"77.172.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"185.43.45.171"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"27.72.159.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"160.202.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"157.10.63.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"103.8.164.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655889/; classtype:trojan-activity;sid:84518989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655887/; classtype:trojan-activity;sid:84518987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-23/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655881/; classtype:trojan-activity;sid:84518981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"70.95.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655866/; classtype:trojan-activity;sid:84518966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"138.36.2.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"93.55.251.246"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655839/; classtype:trojan-activity;sid:84518939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"37.34.230.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655834/; classtype:trojan-activity;sid:84518934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655829/; classtype:trojan-activity;sid:84518929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"87.249.142.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655825/; classtype:trojan-activity;sid:84518925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655797/; classtype:trojan-activity;sid:84518897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"138.36.2.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655791/; classtype:trojan-activity;sid:84518891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655784/; classtype:trojan-activity;sid:84518884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"37.34.230.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"76.154.249.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"32.219.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655768/; classtype:trojan-activity;sid:84518868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655763/; classtype:trojan-activity;sid:84518863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655761/; classtype:trojan-activity;sid:84518861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"77.172.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655753/; classtype:trojan-activity;sid:84518853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"77.172.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"188.82.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"73.51.224.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"67.177.204.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"93.55.251.246"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"157.10.63.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655714/; classtype:trojan-activity;sid:84518814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"72.132.64.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"73.51.224.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"92.150.82.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"5.89.102.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"157.10.63.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"71.198.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"178.198.246.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"103.209.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"138.36.2.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"222.252.31.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"103.59.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"103.59.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"70.95.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-03-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655556/; classtype:trojan-activity;sid:84518656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"93.43.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"37.34.230.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"103.36.80.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"76.154.249.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"77.211.28.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655518/; classtype:trojan-activity;sid:84518618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"138.36.2.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"103.8.164.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655495/; classtype:trojan-activity;sid:84518595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-17/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655490/; classtype:trojan-activity;sid:84518590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"160.202.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655476/; classtype:trojan-activity;sid:84518576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"222.252.31.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"70.190.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"93.55.251.246"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"76.136.85.221"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"73.51.224.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"92.150.82.148"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"138.36.2.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"186.235.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"124.123.123.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655436/; classtype:trojan-activity;sid:84518536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-12/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655421/; classtype:trojan-activity;sid:84518521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"77.211.28.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655423/; classtype:trojan-activity;sid:84518523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"93.43.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655411/; classtype:trojan-activity;sid:84518511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"141.155.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"186.235.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"103.209.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655387/; classtype:trojan-activity;sid:84518487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"178.198.246.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"103.209.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655368/; classtype:trojan-activity;sid:84518468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"160.202.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"203.192.211.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"103.209.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"72.132.64.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"109.193.105.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655330/; classtype:trojan-activity;sid:84518430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"32.219.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"103.8.164.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"94.203.254.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"187.247.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655317/; classtype:trojan-activity;sid:84518417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"70.95.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"186.235.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655306/; classtype:trojan-activity;sid:84518406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655300/; classtype:trojan-activity;sid:84518400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"141.155.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"72.132.64.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"138.36.2.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"93.55.251.246"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"188.82.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"103.8.164.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"45.179.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655262/; classtype:trojan-activity;sid:84518362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"188.82.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; depth:55; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"76.136.85.221"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655222/; classtype:trojan-activity;sid:84518322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655220/; classtype:trojan-activity;sid:84518320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"49.204.232.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"43.230.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655203/; classtype:trojan-activity;sid:84518303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"32.219.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"45.179.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655197/; classtype:trojan-activity;sid:84518297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"187.247.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655191/; classtype:trojan-activity;sid:84518291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; depth:81; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"43.230.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655169/; classtype:trojan-activity;sid:84518269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"185.8.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655163/; classtype:trojan-activity;sid:84518263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"124.123.123.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655160/; classtype:trojan-activity;sid:84518260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"111.235.143.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655143/; classtype:trojan-activity;sid:84518243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"222.252.31.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"76.154.249.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655115/; classtype:trojan-activity;sid:84518215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"93.43.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"88.28.218.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"109.193.105.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2025-01-02/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655085/; classtype:trojan-activity;sid:84518185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"37.34.230.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"124.123.123.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655081/; classtype:trojan-activity;sid:84518181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"122.165.240.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655077/; classtype:trojan-activity;sid:84518177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"71.198.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"49.205.173.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655065/; classtype:trojan-activity;sid:84518165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"109.193.105.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"122.165.240.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655057/; classtype:trojan-activity;sid:84518157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"186.235.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655049/; classtype:trojan-activity;sid:84518149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"111.235.143.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655046/; classtype:trojan-activity;sid:84518146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655044/; classtype:trojan-activity;sid:84518144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"132.247.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"93.43.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655028/; classtype:trojan-activity;sid:84518128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655025/; classtype:trojan-activity;sid:84518125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"27.72.159.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"109.193.105.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"103.8.164.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"49.204.232.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"93.55.251.246"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655001/; classtype:trojan-activity;sid:84518101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"188.82.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"203.192.211.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654981/; classtype:trojan-activity;sid:84518081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"76.154.249.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"87.249.142.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654972/; classtype:trojan-activity;sid:84518072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"189.61.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654970/; classtype:trojan-activity;sid:84518070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"141.155.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654967/; classtype:trojan-activity;sid:84518067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"103.36.80.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"109.193.105.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654953/; classtype:trojan-activity;sid:84518053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"203.192.211.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654942/; classtype:trojan-activity;sid:84518042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-13/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654940/; classtype:trojan-activity;sid:84518040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"67.177.204.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"68.148.10.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654927/; classtype:trojan-activity;sid:84518027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"73.51.224.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654923/; classtype:trojan-activity;sid:84518023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"70.95.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654902/; classtype:trojan-activity;sid:84518002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"71.198.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654904/; classtype:trojan-activity;sid:84518004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"160.202.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"178.198.246.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"45.179.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654884/; classtype:trojan-activity;sid:84517984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654882/; classtype:trojan-activity;sid:84517982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"189.61.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654880/; classtype:trojan-activity;sid:84517980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"141.155.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654859/; classtype:trojan-activity;sid:84517959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-14/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654860/; classtype:trojan-activity;sid:84517960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"27.72.159.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654853/; classtype:trojan-activity;sid:84517953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"103.36.80.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"132.247.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"156.200.99.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654814/; classtype:trojan-activity;sid:84517914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"5.89.102.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"45.179.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654808/; classtype:trojan-activity;sid:84517908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"72.132.64.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"103.209.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"32.219.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"94.203.254.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; depth:55; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"203.192.211.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"132.247.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"43.230.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654746/; classtype:trojan-activity;sid:84517846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"76.154.249.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654735/; classtype:trojan-activity;sid:84517835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-08/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654727/; classtype:trojan-activity;sid:84517827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"178.198.246.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"37.34.230.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"189.61.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654709/; classtype:trojan-activity;sid:84517809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-02-28/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654687/; classtype:trojan-activity;sid:84517787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-08-12/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654677/; classtype:trojan-activity;sid:84517777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"222.252.31.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-10-23/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654672/; classtype:trojan-activity;sid:84517772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654668/; classtype:trojan-activity;sid:84517768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"27.72.159.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"122.165.240.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654659/; classtype:trojan-activity;sid:84517759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"71.198.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"93.43.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"43.230.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654654/; classtype:trojan-activity;sid:84517754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"70.190.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"73.51.224.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"49.205.173.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"124.123.123.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654625/; classtype:trojan-activity;sid:84517725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"72.132.64.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654585/; classtype:trojan-activity;sid:84517685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"122.165.240.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654555/; classtype:trojan-activity;sid:84517655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"45.179.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654551/; classtype:trojan-activity;sid:84517651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654546/; classtype:trojan-activity;sid:84517646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654542/; classtype:trojan-activity;sid:84517642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"72.132.64.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"109.193.105.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"222.252.31.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"103.36.80.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"93.43.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"77.172.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"49.204.232.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"103.59.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"157.10.63.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654484/; classtype:trojan-activity;sid:84517584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"76.136.85.221"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"141.155.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"157.10.63.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"160.202.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"187.247.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654445/; classtype:trojan-activity;sid:84517545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"186.235.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"103.209.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654391/; classtype:trojan-activity;sid:84517491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"5.89.102.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"75.42.36.186"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"76.154.249.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"203.192.211.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"49.204.232.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"76.136.85.221"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654336/; classtype:trojan-activity;sid:84517436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"222.252.31.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"188.82.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"103.59.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"111.235.143.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654312/; classtype:trojan-activity;sid:84517412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"187.247.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654303/; classtype:trojan-activity;sid:84517403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654292/; classtype:trojan-activity;sid:84517392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"103.59.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"49.204.232.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"67.177.204.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654284/; classtype:trojan-activity;sid:84517384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"27.72.159.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"189.61.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654273/; classtype:trojan-activity;sid:84517373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"43.230.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654258/; classtype:trojan-activity;sid:84517358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"178.198.246.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"70.95.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"107.128.101.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654209/; classtype:trojan-activity;sid:84517309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"103.8.164.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654204/; classtype:trojan-activity;sid:84517304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654202/; classtype:trojan-activity;sid:84517302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"5.89.102.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654195/; classtype:trojan-activity;sid:84517295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"178.198.246.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"157.10.63.251"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"45.179.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654185/; classtype:trojan-activity;sid:84517285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"111.235.143.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654173/; classtype:trojan-activity;sid:84517273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"203.192.211.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654163/; classtype:trojan-activity;sid:84517263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"37.34.230.9"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"76.154.249.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"49.204.232.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"132.247.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"49.205.173.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"27.72.159.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"122.165.240.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654078/; classtype:trojan-activity;sid:84517178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"49.205.173.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"70.190.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"124.123.123.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654044/; classtype:trojan-activity;sid:84517144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654033/; classtype:trojan-activity;sid:84517133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"70.95.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"94.203.254.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654023/; classtype:trojan-activity;sid:84517123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"76.136.85.221"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"49.205.173.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654017/; classtype:trojan-activity;sid:84517117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"103.36.80.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654003/; classtype:trojan-activity;sid:84517103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"5.89.102.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"67.177.204.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653985/; classtype:trojan-activity;sid:84517085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"70.190.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653972/; classtype:trojan-activity;sid:84517072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"124.123.123.15"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653964/; classtype:trojan-activity;sid:84517064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"186.235.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653960/; classtype:trojan-activity;sid:84517060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653947/; classtype:trojan-activity;sid:84517047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"156.200.99.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653930/; classtype:trojan-activity;sid:84517030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"49.205.173.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653917/; classtype:trojan-activity;sid:84517017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"160.202.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"93.55.251.246"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653910/; classtype:trojan-activity;sid:84517010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"94.203.254.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653892/; classtype:trojan-activity;sid:84516992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"203.192.211.119"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653888/; classtype:trojan-activity;sid:84516988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"32.219.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"45.118.32.122"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653874/; classtype:trojan-activity;sid:84516974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"178.198.246.24"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"94.203.254.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"77.172.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"76.136.85.221"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653852/; classtype:trojan-activity;sid:84516952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"132.247.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653848/; classtype:trojan-activity;sid:84516948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"32.219.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-04-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653831/; classtype:trojan-activity;sid:84516931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"5.89.102.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653828/; classtype:trojan-activity;sid:84516928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"43.230.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653827/; classtype:trojan-activity;sid:84516927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653826/; classtype:trojan-activity;sid:84516926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"70.190.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"156.200.99.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"156.200.99.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653785/; classtype:trojan-activity;sid:84516885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; depth:92; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"49.205.173.192"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"73.51.224.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"103.36.80.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-04-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653761/; classtype:trojan-activity;sid:84516861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"212.27.26.206"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653756/; classtype:trojan-activity;sid:84516856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"103.59.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"186.235.86.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; depth:59; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653722/; classtype:trojan-activity;sid:84516822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"32.219.189.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"76.136.85.221"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653713/; classtype:trojan-activity;sid:84516813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"168.121.168.84"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"73.51.224.25"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653702/; classtype:trojan-activity;sid:84516802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"71.198.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"111.235.143.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653691/; classtype:trojan-activity;sid:84516791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"43.230.44.36"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653672/; classtype:trojan-activity;sid:84516772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653671/; classtype:trojan-activity;sid:84516771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"67.177.204.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-17/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653665/; classtype:trojan-activity;sid:84516765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"70.190.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653666/; classtype:trojan-activity;sid:84516766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"188.82.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653663/; classtype:trojan-activity;sid:84516763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-04-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653650/; classtype:trojan-activity;sid:84516750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"189.61.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653651/; classtype:trojan-activity;sid:84516751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"71.198.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"49.204.232.47"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-10-20/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653636/; classtype:trojan-activity;sid:84516736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653633/; classtype:trojan-activity;sid:84516733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653634/; classtype:trojan-activity;sid:84516734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"93.55.251.246"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"188.82.127.68"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"156.200.99.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"156.200.99.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.lnk"; depth:10; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653622/; classtype:trojan-activity;sid:84516722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.lnk"; depth:7; endswith; nocase; http.host; content:"94.203.254.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"80.11.25.16"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653607/; classtype:trojan-activity;sid:84516707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653526/; classtype:trojan-activity;sid:84516626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653518/; classtype:trojan-activity;sid:84516618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-12-11/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653508/; classtype:trojan-activity;sid:84516608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653502/; classtype:trojan-activity;sid:84516602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-05/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653500/; classtype:trojan-activity;sid:84516600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653492/; classtype:trojan-activity;sid:84516592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653489/; classtype:trojan-activity;sid:84516589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; depth:73; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653427/; classtype:trojan-activity;sid:84516527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653384/; classtype:trojan-activity;sid:84516484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653380/; classtype:trojan-activity;sid:84516480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-07-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653374/; classtype:trojan-activity;sid:84516474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653303/; classtype:trojan-activity;sid:84516403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653297/; classtype:trojan-activity;sid:84516397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653289/; classtype:trojan-activity;sid:84516389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653288/; classtype:trojan-activity;sid:84516388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653279/; classtype:trojan-activity;sid:84516379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653271/; classtype:trojan-activity;sid:84516371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653244/; classtype:trojan-activity;sid:84516344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-04-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653177/; classtype:trojan-activity;sid:84516277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653171/; classtype:trojan-activity;sid:84516271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653159/; classtype:trojan-activity;sid:84516259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-10/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653143/; classtype:trojan-activity;sid:84516243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-14/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653121/; classtype:trojan-activity;sid:84516221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653104/; classtype:trojan-activity;sid:84516204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653079/; classtype:trojan-activity;sid:84516179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653073/; classtype:trojan-activity;sid:84516173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653042/; classtype:trojan-activity;sid:84516142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653021/; classtype:trojan-activity;sid:84516121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652989/; classtype:trojan-activity;sid:84516089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-12-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652980/; classtype:trojan-activity;sid:84516080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652976/; classtype:trojan-activity;sid:84516076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652970/; classtype:trojan-activity;sid:84516070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652935/; classtype:trojan-activity;sid:84516035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652926/; classtype:trojan-activity;sid:84516026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652846/; classtype:trojan-activity;sid:84515946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652820/; classtype:trojan-activity;sid:84515920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652821/; classtype:trojan-activity;sid:84515921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652788/; classtype:trojan-activity;sid:84515888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652720/; classtype:trojan-activity;sid:84515820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652716/; classtype:trojan-activity;sid:84515816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652696/; classtype:trojan-activity;sid:84515796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652593/; classtype:trojan-activity;sid:84515693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652486/; classtype:trojan-activity;sid:84515586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652483/; classtype:trojan-activity;sid:84515583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652484/; classtype:trojan-activity;sid:84515584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; depth:73; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; depth:55; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652480/; classtype:trojan-activity;sid:84515580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652476/; classtype:trojan-activity;sid:84515576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652472/; classtype:trojan-activity;sid:84515572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-05-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652467/; classtype:trojan-activity;sid:84515567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652464/; classtype:trojan-activity;sid:84515564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652462/; classtype:trojan-activity;sid:84515562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652461/; classtype:trojan-activity;sid:84515561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-23/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652458/; classtype:trojan-activity;sid:84515558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652456/; classtype:trojan-activity;sid:84515556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652455/; classtype:trojan-activity;sid:84515555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652449/; classtype:trojan-activity;sid:84515549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652446/; classtype:trojan-activity;sid:84515546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652448/; classtype:trojan-activity;sid:84515548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652438/; classtype:trojan-activity;sid:84515538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652436/; classtype:trojan-activity;sid:84515536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652435/; classtype:trojan-activity;sid:84515535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652432/; classtype:trojan-activity;sid:84515532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652430/; classtype:trojan-activity;sid:84515530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652417/; classtype:trojan-activity;sid:84515517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652418/; classtype:trojan-activity;sid:84515518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652415/; classtype:trojan-activity;sid:84515515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; depth:81; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; depth:73; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652390/; classtype:trojan-activity;sid:84515490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652386/; classtype:trojan-activity;sid:84515486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652380/; classtype:trojan-activity;sid:84515480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652378/; classtype:trojan-activity;sid:84515478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652372/; classtype:trojan-activity;sid:84515472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652371/; classtype:trojan-activity;sid:84515471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-02-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652367/; classtype:trojan-activity;sid:84515467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-11/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652365/; classtype:trojan-activity;sid:84515465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-09-09/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652358/; classtype:trojan-activity;sid:84515458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-13/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652353/; classtype:trojan-activity;sid:84515453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; depth:76; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652347/; classtype:trojan-activity;sid:84515447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652348/; classtype:trojan-activity;sid:84515448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652345/; classtype:trojan-activity;sid:84515445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652335/; classtype:trojan-activity;sid:84515435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652325/; classtype:trojan-activity;sid:84515425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652322/; classtype:trojan-activity;sid:84515422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652320/; classtype:trojan-activity;sid:84515420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652317/; classtype:trojan-activity;sid:84515417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652314/; classtype:trojan-activity;sid:84515414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; depth:92; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652310/; classtype:trojan-activity;sid:84515410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652304/; classtype:trojan-activity;sid:84515404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652300/; classtype:trojan-activity;sid:84515400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-28/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652301/; classtype:trojan-activity;sid:84515401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652298/; classtype:trojan-activity;sid:84515398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652296/; classtype:trojan-activity;sid:84515396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652294/; classtype:trojan-activity;sid:84515394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652292/; classtype:trojan-activity;sid:84515392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; depth:81; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652286/; classtype:trojan-activity;sid:84515386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652285/; classtype:trojan-activity;sid:84515385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-13/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652280/; classtype:trojan-activity;sid:84515380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652273/; classtype:trojan-activity;sid:84515373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652272)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652272/; classtype:trojan-activity;sid:84515372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652261/; classtype:trojan-activity;sid:84515361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-20/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652259/; classtype:trojan-activity;sid:84515359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652247/; classtype:trojan-activity;sid:84515347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652248/; classtype:trojan-activity;sid:84515348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652249/; classtype:trojan-activity;sid:84515349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652244/; classtype:trojan-activity;sid:84515344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-10/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652239/; classtype:trojan-activity;sid:84515339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652219/; classtype:trojan-activity;sid:84515319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652218/; classtype:trojan-activity;sid:84515318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652211/; classtype:trojan-activity;sid:84515311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652210/; classtype:trojan-activity;sid:84515310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-02-22/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652209/; classtype:trojan-activity;sid:84515309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652207/; classtype:trojan-activity;sid:84515307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652204/; classtype:trojan-activity;sid:84515304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-29/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652198/; classtype:trojan-activity;sid:84515298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; depth:81; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652192/; classtype:trojan-activity;sid:84515292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; depth:73; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652171/; classtype:trojan-activity;sid:84515271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652170/; classtype:trojan-activity;sid:84515270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652161/; classtype:trojan-activity;sid:84515261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652154/; classtype:trojan-activity;sid:84515254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652153/; classtype:trojan-activity;sid:84515253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652148/; classtype:trojan-activity;sid:84515248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652146/; classtype:trojan-activity;sid:84515246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652143/; classtype:trojan-activity;sid:84515243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652133/; classtype:trojan-activity;sid:84515233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652134/; classtype:trojan-activity;sid:84515234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652131/; classtype:trojan-activity;sid:84515231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652126/; classtype:trojan-activity;sid:84515226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652120/; classtype:trojan-activity;sid:84515220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652116/; classtype:trojan-activity;sid:84515216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652106/; classtype:trojan-activity;sid:84515206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652102/; classtype:trojan-activity;sid:84515202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652104/; classtype:trojan-activity;sid:84515204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652101/; classtype:trojan-activity;sid:84515201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652099/; classtype:trojan-activity;sid:84515199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652098/; classtype:trojan-activity;sid:84515198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652081/; classtype:trojan-activity;sid:84515181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652070/; classtype:trojan-activity;sid:84515170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652068/; classtype:trojan-activity;sid:84515168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652053/; classtype:trojan-activity;sid:84515153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652043/; classtype:trojan-activity;sid:84515143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652036/; classtype:trojan-activity;sid:84515136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652025/; classtype:trojan-activity;sid:84515125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; depth:76; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652028/; classtype:trojan-activity;sid:84515128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652016/; classtype:trojan-activity;sid:84515116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652017/; classtype:trojan-activity;sid:84515117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-04-22/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652009/; classtype:trojan-activity;sid:84515109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652011/; classtype:trojan-activity;sid:84515111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652000/; classtype:trojan-activity;sid:84515100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651995/; classtype:trojan-activity;sid:84515095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; depth:76; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-09/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651987/; classtype:trojan-activity;sid:84515087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651988/; classtype:trojan-activity;sid:84515088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651970/; classtype:trojan-activity;sid:84515070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651972/; classtype:trojan-activity;sid:84515072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651965/; classtype:trojan-activity;sid:84515065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651966/; classtype:trojan-activity;sid:84515066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651959/; classtype:trojan-activity;sid:84515059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651960/; classtype:trojan-activity;sid:84515060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651956/; classtype:trojan-activity;sid:84515056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651951/; classtype:trojan-activity;sid:84515051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651950/; classtype:trojan-activity;sid:84515050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-27/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651947/; classtype:trojan-activity;sid:84515047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651943/; classtype:trojan-activity;sid:84515043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651941/; classtype:trojan-activity;sid:84515041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651931/; classtype:trojan-activity;sid:84515031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; depth:92; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; depth:55; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651922/; classtype:trojan-activity;sid:84515022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-05-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651916/; classtype:trojan-activity;sid:84515016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651917/; classtype:trojan-activity;sid:84515017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651914/; classtype:trojan-activity;sid:84515014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651905/; classtype:trojan-activity;sid:84515005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651906/; classtype:trojan-activity;sid:84515006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651901/; classtype:trojan-activity;sid:84515001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651903/; classtype:trojan-activity;sid:84515003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651900/; classtype:trojan-activity;sid:84515000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651894/; classtype:trojan-activity;sid:84514994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651890/; classtype:trojan-activity;sid:84514990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651887/; classtype:trojan-activity;sid:84514987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651883/; classtype:trojan-activity;sid:84514983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651882/; classtype:trojan-activity;sid:84514982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-13/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651879/; classtype:trojan-activity;sid:84514979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-10-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651875/; classtype:trojan-activity;sid:84514975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651868/; classtype:trojan-activity;sid:84514968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651869/; classtype:trojan-activity;sid:84514969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651872/; classtype:trojan-activity;sid:84514972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651873/; classtype:trojan-activity;sid:84514973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-27/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651866/; classtype:trojan-activity;sid:84514966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651865/; classtype:trojan-activity;sid:84514965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651861/; classtype:trojan-activity;sid:84514961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651863/; classtype:trojan-activity;sid:84514963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651864/; classtype:trojan-activity;sid:84514964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651857/; classtype:trojan-activity;sid:84514957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651855/; classtype:trojan-activity;sid:84514955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651850/; classtype:trojan-activity;sid:84514950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651847/; classtype:trojan-activity;sid:84514947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651845/; classtype:trojan-activity;sid:84514945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; depth:92; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651843/; classtype:trojan-activity;sid:84514943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-03/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651838/; classtype:trojan-activity;sid:84514938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-01/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651829/; classtype:trojan-activity;sid:84514929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651822/; classtype:trojan-activity;sid:84514922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651823/; classtype:trojan-activity;sid:84514923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651820/; classtype:trojan-activity;sid:84514920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651815/; classtype:trojan-activity;sid:84514915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651816/; classtype:trojan-activity;sid:84514916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651810/; classtype:trojan-activity;sid:84514910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-10-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651807/; classtype:trojan-activity;sid:84514907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651804/; classtype:trojan-activity;sid:84514904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-03/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651805/; classtype:trojan-activity;sid:84514905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-01-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651798/; classtype:trojan-activity;sid:84514898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651790/; classtype:trojan-activity;sid:84514890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168897/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; depth:73; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651782/; classtype:trojan-activity;sid:84514882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; depth:81; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651780/; classtype:trojan-activity;sid:84514880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651773/; classtype:trojan-activity;sid:84514873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651766/; classtype:trojan-activity;sid:84514866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-27/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651764/; classtype:trojan-activity;sid:84514864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651765/; classtype:trojan-activity;sid:84514865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-02-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651760/; classtype:trojan-activity;sid:84514860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651753/; classtype:trojan-activity;sid:84514853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651752/; classtype:trojan-activity;sid:84514852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; depth:59; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-19/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651742/; classtype:trojan-activity;sid:84514842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651744/; classtype:trojan-activity;sid:84514844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; depth:95; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651737/; classtype:trojan-activity;sid:84514837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/info.zip"; depth:76; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651738/; classtype:trojan-activity;sid:84514838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651731/; classtype:trojan-activity;sid:84514831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-01-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651727/; classtype:trojan-activity;sid:84514827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-27/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651723/; classtype:trojan-activity;sid:84514823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651714/; classtype:trojan-activity;sid:84514814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651707/; classtype:trojan-activity;sid:84514807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; depth:73; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651703/; classtype:trojan-activity;sid:84514803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651696/; classtype:trojan-activity;sid:84514796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651694/; classtype:trojan-activity;sid:84514794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651686/; classtype:trojan-activity;sid:84514786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651688/; classtype:trojan-activity;sid:84514788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651690/; classtype:trojan-activity;sid:84514790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651685/; classtype:trojan-activity;sid:84514785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651682/; classtype:trojan-activity;sid:84514782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-14/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651678/; classtype:trojan-activity;sid:84514778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651675/; classtype:trojan-activity;sid:84514775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651676/; classtype:trojan-activity;sid:84514776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; depth:73; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651670/; classtype:trojan-activity;sid:84514770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/info.zip"; depth:59; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651664/; classtype:trojan-activity;sid:84514764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-13/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651655/; classtype:trojan-activity;sid:84514755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/info.zip"; depth:59; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651639/; classtype:trojan-activity;sid:84514739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-05-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651644/; classtype:trojan-activity;sid:84514744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-09-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651632/; classtype:trojan-activity;sid:84514732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-19/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651635/; classtype:trojan-activity;sid:84514735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-05-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651636/; classtype:trojan-activity;sid:84514736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; depth:59; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651638/; classtype:trojan-activity;sid:84514738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651629/; classtype:trojan-activity;sid:84514729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-12/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651623/; classtype:trojan-activity;sid:84514723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-14/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651627/; classtype:trojan-activity;sid:84514727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-06/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651620/; classtype:trojan-activity;sid:84514720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651608/; classtype:trojan-activity;sid:84514708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-29/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651609/; classtype:trojan-activity;sid:84514709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-05-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651599/; classtype:trojan-activity;sid:84514699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651600/; classtype:trojan-activity;sid:84514700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651592/; classtype:trojan-activity;sid:84514692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-02-04/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651597/; classtype:trojan-activity;sid:84514697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; depth:92; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651583/; classtype:trojan-activity;sid:84514683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-22/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651586/; classtype:trojan-activity;sid:84514686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-12/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651577/; classtype:trojan-activity;sid:84514677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651573/; classtype:trojan-activity;sid:84514673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651570/; classtype:trojan-activity;sid:84514670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651563/; classtype:trojan-activity;sid:84514663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651559/; classtype:trojan-activity;sid:84514659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651554/; classtype:trojan-activity;sid:84514654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651548/; classtype:trojan-activity;sid:84514648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-04/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651549/; classtype:trojan-activity;sid:84514649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170596/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651550/; classtype:trojan-activity;sid:84514650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651545/; classtype:trojan-activity;sid:84514645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-24/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651531/; classtype:trojan-activity;sid:84514631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-18/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651527/; classtype:trojan-activity;sid:84514627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; depth:87; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; depth:55; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-01/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651517/; classtype:trojan-activity;sid:84514617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-27/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651513/; classtype:trojan-activity;sid:84514613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651509/; classtype:trojan-activity;sid:84514609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651507/; classtype:trojan-activity;sid:84514607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651504/; classtype:trojan-activity;sid:84514604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-05-06/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651503/; classtype:trojan-activity;sid:84514603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"107.128.101.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651494/; classtype:trojan-activity;sid:84514594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"67.177.204.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"220.89.164.81"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651480/; classtype:trojan-activity;sid:84514580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"132.247.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651477/; classtype:trojan-activity;sid:84514577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"77.172.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"82.67.39.194"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/info.zip"; depth:18; endswith; nocase; http.host; content:"47.104.31.7"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.59.134.98"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566431/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000225745/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000585574/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567168/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171472/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170010/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-08-25/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651160/; classtype:trojan-activity;sid:84514260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165772/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651151/; classtype:trojan-activity;sid:84514251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651149/; classtype:trojan-activity;sid:84514249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170922/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000603094/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171064/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651136/; classtype:trojan-activity;sid:84514236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000603095/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651099/; classtype:trojan-activity;sid:84514199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171016/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000253230/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171252/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651088/; classtype:trojan-activity;sid:84514188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"132.247.103.239"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000189793/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"77.172.14.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.36.80.114"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604320/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000232289/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651022/; classtype:trojan-activity;sid:84514122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/mdf-e/info.zip"; depth:22; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000186186/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164262/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169167/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000683762/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168339/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168881/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650998/; classtype:trojan-activity;sid:84514098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000602407/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000626337/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000565438/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650986/; classtype:trojan-activity;sid:84514086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspnet_client/info.zip"; depth:23; endswith; nocase; http.host; content:"96.11.145.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650970/; classtype:trojan-activity;sid:84514070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000619269/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169465/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160983/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000179610/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165004/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000600294/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000589083/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169469/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167445/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000608221/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168559/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000767154/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169966/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/info.zip"; depth:28; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000625892/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/app_error/info.zip"; depth:26; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160599/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166747/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171986/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000555504/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000765366/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650881/; classtype:trojan-activity;sid:84513981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604319/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650870/; classtype:trojan-activity;sid:84513970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171330/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-11-13/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650859/; classtype:trojan-activity;sid:84513959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000621738/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165010/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"94.203.254.14"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168303/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"68.148.10.182"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000391039/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"82.67.39.194"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000574637/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"189.61.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650811/; classtype:trojan-activity;sid:84513911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000601712/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164804/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000591478/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165246/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000631756/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167557/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000232287/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000607873/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166887/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000162883/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000680913/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000625326/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167443/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"67.177.204.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650708/; classtype:trojan-activity;sid:84513808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566429/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"77.211.28.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650698/; classtype:trojan-activity;sid:84513798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166105/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171466/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164836/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165072/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000457040/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.8.164.18"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000218874/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171556/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000224647/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165656/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000603149/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650650/; classtype:trojan-activity;sid:84513750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171224/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"220.89.164.81"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650643/; classtype:trojan-activity;sid:84513743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000187451/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170836/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-04/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650631/; classtype:trojan-activity;sid:84513731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171296/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"88.28.218.163"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; depth:65; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604318/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650609/; classtype:trojan-activity;sid:84513709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000426238/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650594/; classtype:trojan-activity;sid:84513694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650591/; classtype:trojan-activity;sid:84513691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"156.200.99.139"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172470/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168287/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000585436/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171288/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"14.224.205.246"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000176793/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000213545/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167279/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650565/; classtype:trojan-activity;sid:84513665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167437/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000606633/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167071/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650550/; classtype:trojan-activity;sid:84513650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172576/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/info.zip"; depth:32; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171304/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650519/; classtype:trojan-activity;sid:84513619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-11-19/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650513/; classtype:trojan-activity;sid:84513613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166971/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164808/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170482/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165644/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000264706/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000562134/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650494/; classtype:trojan-activity;sid:84513594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000680914/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169171/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"72.132.64.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650492/; classtype:trojan-activity;sid:84513592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165020/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650483/; classtype:trojan-activity;sid:84513583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171284/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650480/; classtype:trojan-activity;sid:84513580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"45.179.225.75"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650473/; classtype:trojan-activity;sid:84513573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604651/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166079/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000601171/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000159804/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566428/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168305/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650441/; classtype:trojan-activity;sid:84513541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"185.8.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650442/; classtype:trojan-activity;sid:84513542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170516/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000163666/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000601753/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000629919/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000263120/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000237372/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000555505/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169865/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172466/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171312/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650381/; classtype:trojan-activity;sid:84513481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169769/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000573133/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000606636/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000546234/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000586306/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170378/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"71.198.110.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160995/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"93.43.53.67"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168278/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170774/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000633210/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000224648/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165504/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604442/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"138.36.2.110"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"5.89.102.77"; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"109.193.105.79"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166309/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000553612/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169947/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165200/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; depth:57; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"107.128.101.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-16/info.zip"; depth:58; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650259/; classtype:trojan-activity;sid:84513359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168295/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000585560/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604650/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604662/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168293/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000162637/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000600441/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000584368/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165935/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650201/; classtype:trojan-activity;sid:84513301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.209.67.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000179593/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650181/; classtype:trojan-activity;sid:84513281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000222522/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166869/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650162/; classtype:trojan-activity;sid:84513262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566150/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000546495/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164138/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170520/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171256/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172428/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000553463/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165900/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566395/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171314/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567163/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171298/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168275/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166259/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650079/; classtype:trojan-activity;sid:84513179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165824/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/info.zip"; depth:16; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000600293/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567166/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"70.95.233.160"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650061/; classtype:trojan-activity;sid:84513161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567145/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"111.235.143.155"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650044/; classtype:trojan-activity;sid:84513144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167243/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169473/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171454/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170532/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000543689/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000633209/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000546233/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000173466/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000585575/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171194/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172163/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"160.202.15.212"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000586961/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000609592/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"27.72.159.162"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649975/; classtype:trojan-activity;sid:84513075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"107.128.101.219"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172788/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000237371/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000552709/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649952/; classtype:trojan-activity;sid:84513052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168509/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000683761/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567164/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171888/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165116/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000208170/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000264645/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649919/; classtype:trojan-activity;sid:84513019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171458/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000617432/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000624762/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000265247/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165014/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165090/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168749/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172574/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167339/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000212326/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000603747/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000746890/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160628/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171452/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649869/; classtype:trojan-activity;sid:84512969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"75.42.36.186"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164253/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000426237/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649858/; classtype:trojan-activity;sid:84512958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649840/; classtype:trojan-activity;sid:84512940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170894/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"70.190.199.152"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171742/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171248/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000465109/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172568/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000226537/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166135/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000583935/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171246/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165999/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000557542/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167115/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168301/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171474/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167423/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"87.249.142.126"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649685/; classtype:trojan-activity;sid:84512785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"222.252.31.94"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171702/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171468/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"96.11.145.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649676/; classtype:trojan-activity;sid:84512776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000230418/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166739/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649672/; classtype:trojan-activity;sid:84512772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000552326/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169927/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000543908/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172094/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000542543/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000162506/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171302/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166801/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160981/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000551812/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168299/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167451/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160619/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171294/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171316/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-08-27/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649570/; classtype:trojan-activity;sid:84512670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000223168/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168281/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171358/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167601/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000600310/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspnet_client/system_web/info.zip"; depth:34; endswith; nocase; http.host; content:"96.11.145.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649546/; classtype:trojan-activity;sid:84512646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166323/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649533/; classtype:trojan-activity;sid:84512633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000732234/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000223167/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000584370/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000583934/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165844/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165184/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; depth:55; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168365/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649489/; classtype:trojan-activity;sid:84512589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000209999/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164122/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649468/; classtype:trojan-activity;sid:84512568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567165/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171854/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604321/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160615/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171250/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165250/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171286/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169527/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171402/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171478/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168553/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649389/; classtype:trojan-activity;sid:84512489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-08-22/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649391/; classtype:trojan-activity;sid:84512491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171462/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/1/info.zip"; depth:23; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649382/; classtype:trojan-activity;sid:84512482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000606635/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000238203/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171242/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/info.zip"; depth:21; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649370/; classtype:trojan-activity;sid:84512470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171464/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649365/; classtype:trojan-activity;sid:84512465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171332/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166237/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165850/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000213544/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000265246/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blog/info.zip"; depth:14; endswith; nocase; http.host; content:"96.11.145.107"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649341/; classtype:trojan-activity;sid:84512441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649338/; classtype:trojan-activity;sid:84512438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649335)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000587212/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649335/; classtype:trojan-activity;sid:84512435; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172165/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165794/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000173022/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; depth:44; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649321/; classtype:trojan-activity;sid:84512421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566420/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567141/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000215215/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000562903/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000567162/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168063/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000558592/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171090/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000600544/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165480/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000564863/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000162652/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166657/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000625429/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000600309/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000556239/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000765367/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000625325/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/1/9929/info.zip"; depth:28; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649135/; classtype:trojan-activity;sid:84512235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171244/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; depth:52; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168297/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168387/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000606634/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000551813/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164394/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166665/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000224583/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170506/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000591279/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165248/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000225746/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-10-09/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649068/; classtype:trojan-activity;sid:84512168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166183/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000616852/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649056/; classtype:trojan-activity;sid:84512156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; depth:53; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000170776/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160612/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; depth:80; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171306/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160718/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604673/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164236/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171640/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000586305/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166851/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; depth:80; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000553613/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172670/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000164510/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167219/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648960/; classtype:trojan-activity;sid:84512060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171308/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000556238/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648956/; classtype:trojan-activity;sid:84512056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171858/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; depth:91; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160742/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000629918/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; depth:80; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; depth:55; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566149/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168121/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165244/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000226538/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000201084/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168527/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2024-06-07/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648893/; classtype:trojan-activity;sid:84511993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167509/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171476/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648889/; classtype:trojan-activity;sid:84511989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168551/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648884/; classtype:trojan-activity;sid:84511984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165820/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648885/; classtype:trojan-activity;sid:84511985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000603104/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648886/; classtype:trojan-activity;sid:84511986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166085/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648872/; classtype:trojan-activity;sid:84511972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171292/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648877/; classtype:trojan-activity;sid:84511977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165486/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648868/; classtype:trojan-activity;sid:84511968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000169013/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648858/; classtype:trojan-activity;sid:84511958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160982/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648854/; classtype:trojan-activity;sid:84511954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000618093/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648852/; classtype:trojan-activity;sid:84511952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000165826/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648849/; classtype:trojan-activity;sid:84511949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000591547/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648832/; classtype:trojan-activity;sid:84511932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000595438/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648828/; classtype:trojan-activity;sid:84511928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000621599/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648824/; classtype:trojan-activity;sid:84511924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171450/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648825/; classtype:trojan-activity;sid:84511925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166307/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648819/; classtype:trojan-activity;sid:84511919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648820/; classtype:trojan-activity;sid:84511920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171228/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648811/; classtype:trojan-activity;sid:84511911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171470/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648805/; classtype:trojan-activity;sid:84511905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172170/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648802/; classtype:trojan-activity;sid:84511902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000595439/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648798/; classtype:trojan-activity;sid:84511898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/info.zip"; depth:21; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648791/; classtype:trojan-activity;sid:84511891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000625549/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648788/; classtype:trojan-activity;sid:84511888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648785/; classtype:trojan-activity;sid:84511885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168291/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648781/; classtype:trojan-activity;sid:84511881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171318/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648771/; classtype:trojan-activity;sid:84511871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648765/; classtype:trojan-activity;sid:84511865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-08/info.zip"; depth:49; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648759/; classtype:trojan-activity;sid:84511859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000602408/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648758/; classtype:trojan-activity;sid:84511858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648753/; classtype:trojan-activity;sid:84511853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000553198/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648755/; classtype:trojan-activity;sid:84511855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172872/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648750/; classtype:trojan-activity;sid:84511850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160984/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648746/; classtype:trojan-activity;sid:84511846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648736/; classtype:trojan-activity;sid:84511836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160478/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648737/; classtype:trojan-activity;sid:84511837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000166243/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648725/; classtype:trojan-activity;sid:84511825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000585561/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648722/; classtype:trojan-activity;sid:84511822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-06-04/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648712/; classtype:trojan-activity;sid:84511812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172746/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648710/; classtype:trojan-activity;sid:84511810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648707/; classtype:trojan-activity;sid:84511807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648706/; classtype:trojan-activity;sid:84511806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171310/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648700/; classtype:trojan-activity;sid:84511800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648702/; classtype:trojan-activity;sid:84511802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172292/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648698/; classtype:trojan-activity;sid:84511798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000542542/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648693/; classtype:trojan-activity;sid:84511793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000160618/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648692/; classtype:trojan-activity;sid:84511792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000624761/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648689/; classtype:trojan-activity;sid:84511789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648690/; classtype:trojan-activity;sid:84511790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168329/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648686/; classtype:trojan-activity;sid:84511786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000167041/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648682/; classtype:trojan-activity;sid:84511782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000624984/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648670/; classtype:trojan-activity;sid:84511770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000566430/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648672/; classtype:trojan-activity;sid:84511772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604501/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648669/; classtype:trojan-activity;sid:84511769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171438/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648655/; classtype:trojan-activity;sid:84511755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000230417/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648657/; classtype:trojan-activity;sid:84511757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000604491/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648637/; classtype:trojan-activity;sid:84511737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000585614/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648630/; classtype:trojan-activity;sid:84511730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/mdf-e/01/info.zip"; depth:25; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648623/; classtype:trojan-activity;sid:84511723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; depth:62; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648625/; classtype:trojan-activity;sid:84511725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648604/; classtype:trojan-activity;sid:84511704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648606/; classtype:trojan-activity;sid:84511706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; depth:43; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648600/; classtype:trojan-activity;sid:84511700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000168289/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648592/; classtype:trojan-activity;sid:84511692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171240/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648590/; classtype:trojan-activity;sid:84511690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000600290/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648568/; classtype:trojan-activity;sid:84511668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000172690/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648571/; classtype:trojan-activity;sid:84511671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000624763/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648558/; classtype:trojan-activity;sid:84511658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2019-08-24/info.zip"; depth:74; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648561/; classtype:trojan-activity;sid:84511661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/td00000000000000171726/info.zip"; depth:39; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648562/; classtype:trojan-activity;sid:84511662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/info.zip"; depth:142; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648527/; classtype:trojan-activity;sid:84511627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/info.zip"; depth:168; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648357/; classtype:trojan-activity;sid:84511457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/unused%20desktop%20shortcuts/info.zip"; depth:161; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648354/; classtype:trojan-activity;sid:84511454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/downloads/info.zip"; depth:138; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648213/; classtype:trojan-activity;sid:84511313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/history/info.zip"; depth:176; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648112/; classtype:trojan-activity;sid:84511212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/raj%20sir/info.zip"; depth:138; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647826/; classtype:trojan-activity;sid:84510926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/info.zip"; depth:132; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647813/; classtype:trojan-activity;sid:84510913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/sail%20performa%20jan11/info.zip"; depth:156; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647655/; classtype:trojan-activity;sid:84510755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/sail%20empanelment/info.zip"; depth:86; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647583/; classtype:trojan-activity;sid:84510683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.220.234.5"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647513/; classtype:trojan-activity;sid:84510613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/recipes/staging/a-89fb7017-7780-4b72-950d-c2db1146a34a.exe"; depth:59; endswith; nocase; http.host; content:"best10cdn.blob.core.windows.net"; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647457/; classtype:trojan-activity;sid:84510557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; depth:52; endswith; nocase; http.host; content:"ybgctdtbzvgpdxjivafy.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646414/; classtype:trojan-activity;sid:84509514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/nano_duso/image.jpg"; depth:45; endswith; nocase; http.host; content:"frygzjyhtiunvhvnacif.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646420/; classtype:trojan-activity;sid:84509520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343h"; depth:53; endswith; nocase; http.host; content:"ihmmkvkaiwnilneauhfn.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646403/; classtype:trojan-activity;sid:84509503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/jqqvlru0vaih3z.exe"; depth:25; endswith; nocase; http.host; content:"toolshare.com.tr"; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646408/; classtype:trojan-activity;sid:84509508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"www.intelligradeeducation.vicentecisnerospub.com"; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645950/; classtype:trojan-activity;sid:84509050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/neha%20imagecopy/info.zip"; depth:159; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645889/; classtype:trojan-activity;sid:84508989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"66.185.26.66"; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645874/; classtype:trojan-activity;sid:84508974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/wallpaper/info.zip"; depth:138; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645854/; classtype:trojan-activity;sid:84508954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20music/info.zip"; depth:139; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645847/; classtype:trojan-activity;sid:84508947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20scans/info.zip"; depth:139; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645832/; classtype:trojan-activity;sid:84508932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/info.zip"; depth:150; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645827/; classtype:trojan-activity;sid:84508927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/various%20files/info.zip"; depth:137; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645760/; classtype:trojan-activity;sid:84508860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/charter%20party/info.zip"; depth:144; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645751/; classtype:trojan-activity;sid:84508851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/bhushan/info.zip"; depth:129; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645677/; classtype:trojan-activity;sid:84508777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microsoft/windows/powershell/info.zip"; depth:38; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645600/; classtype:trojan-activity;sid:84508700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/info.zip"; depth:113; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645569/; classtype:trojan-activity;sid:84508669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/tai%20ping%20shan-phaethon-cp/info.zip"; depth:105; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645322/; classtype:trojan-activity;sid:84508422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/cp%20transchart/info.zip"; depth:121; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645234/; classtype:trojan-activity;sid:84508334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/info.zip"; depth:128; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645139/; classtype:trojan-activity;sid:84508239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/info.zip"; depth:121; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644784/; classtype:trojan-activity;sid:84507884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/info.zip"; depth:54; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644564/; classtype:trojan-activity;sid:84507664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/info.zip"; depth:105; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644339/; classtype:trojan-activity;sid:84507439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/info.zip"; depth:49; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644169/; classtype:trojan-activity;sid:84507269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/rcf/info.zip"; depth:71; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644134/; classtype:trojan-activity;sid:84507234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/backgrounds/precious%20charm/info.zip"; depth:71; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643969/; classtype:trojan-activity;sid:84507069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/deepak/daily%20report/info.zip"; depth:64; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643828/; classtype:trojan-activity;sid:84506928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/for%20xp%20sp2/info.zip"; depth:120; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643147/; classtype:trojan-activity;sid:84506247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/info.zip"; depth:67; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643118/; classtype:trojan-activity;sid:84506218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/big/microsoft.sql.server.2012.enterprise.edition.with.service.pack.1-kopie/info.zip"; depth:84; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642788/; classtype:trojan-activity;sid:84505888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inicis_dll/key/info.zip"; depth:24; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642779/; classtype:trojan-activity;sid:84505879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incis/info.zip"; depth:15; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642775/; classtype:trojan-activity;sid:84505875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incis/key/inipaytest/info.zip"; depth:30; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642717/; classtype:trojan-activity;sid:84505817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/info.zip"; depth:42; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642711/; classtype:trojan-activity;sid:84505811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slnammicafe/info.zip"; depth:21; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642700/; classtype:trojan-activity;sid:84505800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/microsoft/windows/info.zip"; depth:27; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642692/; classtype:trojan-activity;sid:84505792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/incis/key/info.zip"; depth:19; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642677/; classtype:trojan-activity;sid:84505777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inicis_dll/log/info.zip"; depth:24; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642643/; classtype:trojan-activity;sid:84505743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slnammicafe/ammicafefile/info.zip"; depth:34; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642634/; classtype:trojan-activity;sid:84505734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slnammicafe/ammicafefile/ammicafesetup/info.zip"; depth:48; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642522/; classtype:trojan-activity;sid:84505622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642518/; classtype:trojan-activity;sid:84505618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slnammicafe2/info.zip"; depth:22; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642484/; classtype:trojan-activity;sid:84505584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"121.184.128.134"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642438/; classtype:trojan-activity;sid:84505538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02/info.zip"; depth:12; endswith; nocase; http.host; content:"121.184.128.134"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642422/; classtype:trojan-activity;sid:84505522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slnammicafe2/ammicafe2file/info.zip"; depth:36; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642417/; classtype:trojan-activity;sid:84505517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slnammicafe2/ammicafe2file/ammicafe2setup/info.zip"; depth:51; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642406/; classtype:trojan-activity;sid:84505506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/big/html/info.zip"; depth:18; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642382/; classtype:trojan-activity;sid:84505482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/big/sql%20server%202014/info.zip"; depth:33; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642346/; classtype:trojan-activity;sid:84505446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/info.zip"; depth:16; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642349/; classtype:trojan-activity;sid:84505449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/01/info.zip"; depth:12; endswith; nocase; http.host; content:"121.184.128.134"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642324/; classtype:trojan-activity;sid:84505424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/info.zip"; depth:25; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642297/; classtype:trojan-activity;sid:84505397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inicis_dll/key/inipaytest/info.zip"; depth:35; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642294/; classtype:trojan-activity;sid:84505394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/aryacorp%20delhi/bhushan/info.zip"; depth:50; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642274/; classtype:trojan-activity;sid:84505374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inicis_dll/info.zip"; depth:20; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642245/; classtype:trojan-activity;sid:84505345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/big/info.zip"; depth:13; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642246/; classtype:trojan-activity;sid:84505346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uploads/uploads/app/info.zip"; depth:29; endswith; nocase; http.host; content:"103.20.213.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642229/; classtype:trojan-activity;sid:84505329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inicis_dll/key/jungminsof/info.zip"; depth:35; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642226/; classtype:trojan-activity;sid:84505326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/art/info.zip"; depth:20; endswith; nocase; http.host; content:"5.149.184.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641834/; classtype:trojan-activity;sid:84504934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=15_5vja6ls72gnqbjqkrme1i7bmit0fe4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639311/; classtype:trojan-activity;sid:84502411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haozip.100021.exe"; depth:18; endswith; nocase; http.host; content:"download.haozip.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637224/; classtype:trojan-activity;sid:84500324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/bot.jpg"; depth:15; endswith; nocase; http.host; content:"atasapka.com.tr"; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637210/; classtype:trojan-activity;sid:84500310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/23082024105108/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637189/; classtype:trojan-activity;sid:84500289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/26072024113244/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637188/; classtype:trojan-activity;sid:84500288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/19092024115007/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637186/; classtype:trojan-activity;sid:84500286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024081607/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637187/; classtype:trojan-activity;sid:84500287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/12062024095414/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637185/; classtype:trojan-activity;sid:84500285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/27082024072850/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637184/; classtype:trojan-activity;sid:84500284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/12082024064105/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637183/; classtype:trojan-activity;sid:84500283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/16082024070308/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637182/; classtype:trojan-activity;sid:84500282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/13092024072525/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637181/; classtype:trojan-activity;sid:84500281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024115252/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637180/; classtype:trojan-activity;sid:84500280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/21072024112418/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637179/; classtype:trojan-activity;sid:84500279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/16082024104510/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637178/; classtype:trojan-activity;sid:84500278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110540/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637177/; classtype:trojan-activity;sid:84500277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024104005/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637176/; classtype:trojan-activity;sid:84500276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8343/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637175/; classtype:trojan-activity;sid:84500275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024173844/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637174/; classtype:trojan-activity;sid:84500274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024180426/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637173/; classtype:trojan-activity;sid:84500273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024101008/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637172/; classtype:trojan-activity;sid:84500272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112350/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637171/; classtype:trojan-activity;sid:84500271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024074431/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637170/; classtype:trojan-activity;sid:84500270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024171022/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637168/; classtype:trojan-activity;sid:84500268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/11072024080039/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637169/; classtype:trojan-activity;sid:84500269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/12092024113946/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637167/; classtype:trojan-activity;sid:84500267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115637/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637166/; classtype:trojan-activity;sid:84500266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024104931/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637165/; classtype:trojan-activity;sid:84500265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/12072024075828/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637164/; classtype:trojan-activity;sid:84500264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/11092024115504/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637163/; classtype:trojan-activity;sid:84500263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115532/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637160/; classtype:trojan-activity;sid:84500260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024114132/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637161/; classtype:trojan-activity;sid:84500261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8465/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637162/; classtype:trojan-activity;sid:84500262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/25062024073012/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637159/; classtype:trojan-activity;sid:84500259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024110431/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637158/; classtype:trojan-activity;sid:84500258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024091401/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637157/; classtype:trojan-activity;sid:84500257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024124718/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637153/; classtype:trojan-activity;sid:84500253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024185433/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637154/; classtype:trojan-activity;sid:84500254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/09072024110245/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637155/; classtype:trojan-activity;sid:84500255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/09092024072321/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637149/; classtype:trojan-activity;sid:84500249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024180909/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637150/; classtype:trojan-activity;sid:84500250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/24092024073908/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637151/; classtype:trojan-activity;sid:84500251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/19062024071831/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637147/; classtype:trojan-activity;sid:84500247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/21092024114951/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637148/; classtype:trojan-activity;sid:84500248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/30062024113348/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637145/; classtype:trojan-activity;sid:84500245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024113047/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637146/; classtype:trojan-activity;sid:84500246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/04092024120154/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637144/; classtype:trojan-activity;sid:84500244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/01082024110241/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637143/; classtype:trojan-activity;sid:84500243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637141)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/14072024110540/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637141/; classtype:trojan-activity;sid:84500241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024185045/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637142/; classtype:trojan-activity;sid:84500242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/19062024103023/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637138/; classtype:trojan-activity;sid:84500238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/06092024072348/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637139/; classtype:trojan-activity;sid:84500239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024070625/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637140/; classtype:trojan-activity;sid:84500240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/18072024112759/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637137/; classtype:trojan-activity;sid:84500237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637136)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024155154/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637136/; classtype:trojan-activity;sid:84500236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024113426/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637135/; classtype:trojan-activity;sid:84500235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024113602/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637133/; classtype:trojan-activity;sid:84500233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024163408/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637134/; classtype:trojan-activity;sid:84500234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024110351/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637130/; classtype:trojan-activity;sid:84500230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024181446/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637131/; classtype:trojan-activity;sid:84500231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024115142/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637129/; classtype:trojan-activity;sid:84500229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/09092024091444/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637128/; classtype:trojan-activity;sid:84500228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/23082024071038/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637127/; classtype:trojan-activity;sid:84500227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181518/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637122/; classtype:trojan-activity;sid:84500222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024120940/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637123/; classtype:trojan-activity;sid:84500223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112235/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637124/; classtype:trojan-activity;sid:84500224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/17092024073614/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637125/; classtype:trojan-activity;sid:84500225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024122457/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637120/; classtype:trojan-activity;sid:84500220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024112532/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637117/; classtype:trojan-activity;sid:84500217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/24062024072602/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637118/; classtype:trojan-activity;sid:84500218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/12092024070406/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637119/; classtype:trojan-activity;sid:84500219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024143513/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637115/; classtype:trojan-activity;sid:84500215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024081755/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637116/; classtype:trojan-activity;sid:84500216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024120234/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637114/; classtype:trojan-activity;sid:84500214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024123916/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637113/; classtype:trojan-activity;sid:84500213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/29082024122318/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637110/; classtype:trojan-activity;sid:84500210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/15072024080426/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637111/; classtype:trojan-activity;sid:84500211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/22092024115602/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637112/; classtype:trojan-activity;sid:84500212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024125302/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637109/; classtype:trojan-activity;sid:84500209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114842/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637107/; classtype:trojan-activity;sid:84500207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/16092024115114/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637108/; classtype:trojan-activity;sid:84500208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/31072024070936/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637105/; classtype:trojan-activity;sid:84500205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/17092024104334/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637106/; classtype:trojan-activity;sid:84500206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024072447/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637104/; classtype:trojan-activity;sid:84500204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024065930/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637103/; classtype:trojan-activity;sid:84500203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024133101/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637101/; classtype:trojan-activity;sid:84500201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/02082024083649/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637099/; classtype:trojan-activity;sid:84500199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024182036/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637100/; classtype:trojan-activity;sid:84500200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/19072024071620/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637098/; classtype:trojan-activity;sid:84500198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8029/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637096/; classtype:trojan-activity;sid:84500196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/25092024150814/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637097/; classtype:trojan-activity;sid:84500197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024102505/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637092/; classtype:trojan-activity;sid:84500192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024131015/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637093/; classtype:trojan-activity;sid:84500193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024084956/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637094/; classtype:trojan-activity;sid:84500194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/25062024105808/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637090/; classtype:trojan-activity;sid:84500190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/04092024072725/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637091/; classtype:trojan-activity;sid:84500191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/20062024112748/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637089/; classtype:trojan-activity;sid:84500189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024103622/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637087/; classtype:trojan-activity;sid:84500187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/16082024121016/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637088/; classtype:trojan-activity;sid:84500188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/24092024103551/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637085/; classtype:trojan-activity;sid:84500185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024080017/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637086/; classtype:trojan-activity;sid:84500186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024081535/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637082/; classtype:trojan-activity;sid:84500182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/26072024111342/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637083/; classtype:trojan-activity;sid:84500183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125904/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637084/; classtype:trojan-activity;sid:84500184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/tek/info.zip"; depth:20; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637081/; classtype:trojan-activity;sid:84500181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/11092024075310/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637080/; classtype:trojan-activity;sid:84500180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/24072024121144/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637076/; classtype:trojan-activity;sid:84500176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/badmail/info.zip"; depth:24; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637077/; classtype:trojan-activity;sid:84500177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/06082024080109/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637078/; classtype:trojan-activity;sid:84500178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/12072024072413/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637079/; classtype:trojan-activity;sid:84500179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024071151/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637073/; classtype:trojan-activity;sid:84500173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024073559/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637074/; classtype:trojan-activity;sid:84500174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8336/18072024083258/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637070/; classtype:trojan-activity;sid:84500170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024084736/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637069/; classtype:trojan-activity;sid:84500169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024072046/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637067/; classtype:trojan-activity;sid:84500167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/08072024110224/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637068/; classtype:trojan-activity;sid:84500168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/02092024075924/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637065/; classtype:trojan-activity;sid:84500165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/30082024115734/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637064/; classtype:trojan-activity;sid:84500164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024075958/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637062/; classtype:trojan-activity;sid:84500162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024173545/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637063/; classtype:trojan-activity;sid:84500163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/06092024074954/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637060/; classtype:trojan-activity;sid:84500160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024112958/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637056/; classtype:trojan-activity;sid:84500156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024180827/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637057/; classtype:trojan-activity;sid:84500157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/05092024073851/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637058/; classtype:trojan-activity;sid:84500158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024175914/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637055/; classtype:trojan-activity;sid:84500155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024181015/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637054/; classtype:trojan-activity;sid:84500154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/09082024151247/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637053/; classtype:trojan-activity;sid:84500153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024135901/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637052/; classtype:trojan-activity;sid:84500152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/04072024073930/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637050/; classtype:trojan-activity;sid:84500150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024111013/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637051/; classtype:trojan-activity;sid:84500151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/28092024110908/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637047/; classtype:trojan-activity;sid:84500147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024124213/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637048/; classtype:trojan-activity;sid:84500148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024074659/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637049/; classtype:trojan-activity;sid:84500149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024071203/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637046/; classtype:trojan-activity;sid:84500146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024163133/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637044/; classtype:trojan-activity;sid:84500144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/25092024084516/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637045/; classtype:trojan-activity;sid:84500145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024134811/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637042/; classtype:trojan-activity;sid:84500142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8336/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637037/; classtype:trojan-activity;sid:84500137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/26062024074615/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637038/; classtype:trojan-activity;sid:84500138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/20072024103050/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637039/; classtype:trojan-activity;sid:84500139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/02072024072748/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637040/; classtype:trojan-activity;sid:84500140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/17092024073317/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637041/; classtype:trojan-activity;sid:84500141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024124018/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637036/; classtype:trojan-activity;sid:84500136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/27092024120719/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637034/; classtype:trojan-activity;sid:84500134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024115106/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637032/; classtype:trojan-activity;sid:84500132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/02092024121943/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637030/; classtype:trojan-activity;sid:84500130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024173040/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637029/; classtype:trojan-activity;sid:84500129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/17072024080628/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637026/; classtype:trojan-activity;sid:84500126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024144908/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637027/; classtype:trojan-activity;sid:84500127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024112531/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637028/; classtype:trojan-activity;sid:84500128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024110733/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637025/; classtype:trojan-activity;sid:84500125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024161738/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637024/; classtype:trojan-activity;sid:84500124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/25062024074726/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637021/; classtype:trojan-activity;sid:84500121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/02102024124124/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637022/; classtype:trojan-activity;sid:84500122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024124212/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637023/; classtype:trojan-activity;sid:84500123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024170139/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637020/; classtype:trojan-activity;sid:84500120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024090633/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637015/; classtype:trojan-activity;sid:84500115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024111719/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637017/; classtype:trojan-activity;sid:84500117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/13062024073315/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637019/; classtype:trojan-activity;sid:84500119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/26092024073319/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637011/; classtype:trojan-activity;sid:84500111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/03072024075801/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637012/; classtype:trojan-activity;sid:84500112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/13092024065731/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637013/; classtype:trojan-activity;sid:84500113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024155414/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637014/; classtype:trojan-activity;sid:84500114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024131718/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637007/; classtype:trojan-activity;sid:84500107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163711/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637008/; classtype:trojan-activity;sid:84500108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/27062024115812/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637009/; classtype:trojan-activity;sid:84500109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024113310/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637010/; classtype:trojan-activity;sid:84500110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024175225/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637005/; classtype:trojan-activity;sid:84500105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024112226/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637002/; classtype:trojan-activity;sid:84500102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/1/8325/14062024181140/info.zip"; depth:43; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637003/; classtype:trojan-activity;sid:84500103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024163914/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637004/; classtype:trojan-activity;sid:84500104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/12082024111034/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636999/; classtype:trojan-activity;sid:84500099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/19062024111300/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637000/; classtype:trojan-activity;sid:84500100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/02092024070516/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637001/; classtype:trojan-activity;sid:84500101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024120757/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636997/; classtype:trojan-activity;sid:84500097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/07082024074934/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636996/; classtype:trojan-activity;sid:84500096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/drop/info.zip"; depth:21; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636993/; classtype:trojan-activity;sid:84500093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024172104/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636994/; classtype:trojan-activity;sid:84500094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024072015/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636995/; classtype:trojan-activity;sid:84500095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024174028/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636992/; classtype:trojan-activity;sid:84500092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/10072024072615/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636991/; classtype:trojan-activity;sid:84500091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/03102024140347/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636990/; classtype:trojan-activity;sid:84500090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/29072024094428/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636987/; classtype:trojan-activity;sid:84500087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114220/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636988/; classtype:trojan-activity;sid:84500088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/19072024081323/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636986/; classtype:trojan-activity;sid:84500086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/08082024072411/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636985/; classtype:trojan-activity;sid:84500085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024072722/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636982/; classtype:trojan-activity;sid:84500082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/17062024075813/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636978/; classtype:trojan-activity;sid:84500078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024071101/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636979/; classtype:trojan-activity;sid:84500079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/18092024104929/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636980/; classtype:trojan-activity;sid:84500080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8051/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636975/; classtype:trojan-activity;sid:84500075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024144032/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636976/; classtype:trojan-activity;sid:84500076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/26082024121258/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636977/; classtype:trojan-activity;sid:84500077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024111920/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636967/; classtype:trojan-activity;sid:84500067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024121015/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636968/; classtype:trojan-activity;sid:84500068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024175843/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636969/; classtype:trojan-activity;sid:84500069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/18062024121810/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636970/; classtype:trojan-activity;sid:84500070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024130606/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636971/; classtype:trojan-activity;sid:84500071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024115815/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636972/; classtype:trojan-activity;sid:84500072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024164829/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636973/; classtype:trojan-activity;sid:84500073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024071944/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636965/; classtype:trojan-activity;sid:84500065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024103900/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636966/; classtype:trojan-activity;sid:84500066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024130857/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636964/; classtype:trojan-activity;sid:84500064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/06092024071949/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636963/; classtype:trojan-activity;sid:84500063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024111134/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636957/; classtype:trojan-activity;sid:84500057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024174415/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636958/; classtype:trojan-activity;sid:84500058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/02082024073257/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636959/; classtype:trojan-activity;sid:84500059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024120537/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636960/; classtype:trojan-activity;sid:84500060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/01072024102122/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636961/; classtype:trojan-activity;sid:84500061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024112004/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636962/; classtype:trojan-activity;sid:84500062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/09072024071533/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636956/; classtype:trojan-activity;sid:84500056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024070804/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636955/; classtype:trojan-activity;sid:84500055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115442/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636954/; classtype:trojan-activity;sid:84500054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/1/8325/info.zip"; depth:28; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636953/; classtype:trojan-activity;sid:84500053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/17072024080732/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636948/; classtype:trojan-activity;sid:84500048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/19082024080051/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636949/; classtype:trojan-activity;sid:84500049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024111159/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636950/; classtype:trojan-activity;sid:84500050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115238/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636951/; classtype:trojan-activity;sid:84500051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/07082024070516/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636947/; classtype:trojan-activity;sid:84500047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024175546/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636946/; classtype:trojan-activity;sid:84500046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024103203/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636945/; classtype:trojan-activity;sid:84500045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024165207/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636942/; classtype:trojan-activity;sid:84500042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024093514/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636943/; classtype:trojan-activity;sid:84500043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/06092024114755/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636944/; classtype:trojan-activity;sid:84500044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024123259/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636940/; classtype:trojan-activity;sid:84500040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/23092024073238/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636941/; classtype:trojan-activity;sid:84500041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115545/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636937/; classtype:trojan-activity;sid:84500037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024104316/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636936/; classtype:trojan-activity;sid:84500036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115848/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636935/; classtype:trojan-activity;sid:84500035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024071414/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636934/; classtype:trojan-activity;sid:84500034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16092024105926/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636933/; classtype:trojan-activity;sid:84500033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024174605/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636932/; classtype:trojan-activity;sid:84500032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024174233/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636931/; classtype:trojan-activity;sid:84500031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024081312/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636927/; classtype:trojan-activity;sid:84500027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/02102024072353/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636928/; classtype:trojan-activity;sid:84500028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024174750/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636929/; classtype:trojan-activity;sid:84500029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8325/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636930/; classtype:trojan-activity;sid:84500030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8336/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636925/; classtype:trojan-activity;sid:84500025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/19062024070824/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636926/; classtype:trojan-activity;sid:84500026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/22082024121329/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636920/; classtype:trojan-activity;sid:84500020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024155216/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636921/; classtype:trojan-activity;sid:84500021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/24092024120511/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636922/; classtype:trojan-activity;sid:84500022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024180613/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636923/; classtype:trojan-activity;sid:84500023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024165922/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636919/; classtype:trojan-activity;sid:84500019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024114239/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636918/; classtype:trojan-activity;sid:84500018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024112036/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636917/; classtype:trojan-activity;sid:84500017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8318/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636916/; classtype:trojan-activity;sid:84500016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024110606/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636913/; classtype:trojan-activity;sid:84500013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024112609/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636914/; classtype:trojan-activity;sid:84500014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/02072024115435/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636910/; classtype:trojan-activity;sid:84500010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024122439/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636909/; classtype:trojan-activity;sid:84500009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/14062024123830/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636906/; classtype:trojan-activity;sid:84500006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024180043/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636908/; classtype:trojan-activity;sid:84500008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115112/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636905/; classtype:trojan-activity;sid:84500005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024090731/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636904/; classtype:trojan-activity;sid:84500004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/23092024113222/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636902/; classtype:trojan-activity;sid:84500002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/03072024113724/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636900/; classtype:trojan-activity;sid:84500000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024134516/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636899/; classtype:trojan-activity;sid:84499999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8334/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636897/; classtype:trojan-activity;sid:84499997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114317/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636894/; classtype:trojan-activity;sid:84499994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024151745/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636895/; classtype:trojan-activity;sid:84499995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024124237/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636893/; classtype:trojan-activity;sid:84499993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024170717/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636892/; classtype:trojan-activity;sid:84499992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/08072024075903/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636883/; classtype:trojan-activity;sid:84499983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8325/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636884/; classtype:trojan-activity;sid:84499984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024114520/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636885/; classtype:trojan-activity;sid:84499985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024153227/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636886/; classtype:trojan-activity;sid:84499986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/14082024075957/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636887/; classtype:trojan-activity;sid:84499987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/26082024070716/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636888/; classtype:trojan-activity;sid:84499988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024072959/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636890/; classtype:trojan-activity;sid:84499990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/1/8325/13062024155232/info.zip"; depth:43; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636882/; classtype:trojan-activity;sid:84499982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024111126/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636881/; classtype:trojan-activity;sid:84499981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/04072024125301/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636880/; classtype:trojan-activity;sid:84499980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113244/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636876/; classtype:trojan-activity;sid:84499976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/04092024091820/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636877/; classtype:trojan-activity;sid:84499977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024125032/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636878/; classtype:trojan-activity;sid:84499978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/30072024114118/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636872/; classtype:trojan-activity;sid:84499972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024083850/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636873/; classtype:trojan-activity;sid:84499973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/17062024072104/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636874/; classtype:trojan-activity;sid:84499974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024125710/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636875/; classtype:trojan-activity;sid:84499975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024103601/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636871/; classtype:trojan-activity;sid:84499971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/12082024120632/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636869/; classtype:trojan-activity;sid:84499969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636863/; classtype:trojan-activity;sid:84499963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024071932/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636864/; classtype:trojan-activity;sid:84499964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024143228/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636865/; classtype:trojan-activity;sid:84499965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/27092024124432/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636866/; classtype:trojan-activity;sid:84499966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175244/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636867/; classtype:trojan-activity;sid:84499967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/13062024070655/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636868/; classtype:trojan-activity;sid:84499968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024072833/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636862/; classtype:trojan-activity;sid:84499962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/25092024120601/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636859/; classtype:trojan-activity;sid:84499959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115123/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636860/; classtype:trojan-activity;sid:84499960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/05072024071033/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636855/; classtype:trojan-activity;sid:84499955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/04102024094250/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636856/; classtype:trojan-activity;sid:84499956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/01082024101244/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636857/; classtype:trojan-activity;sid:84499957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024091538/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636850/; classtype:trojan-activity;sid:84499950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/05082024114357/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636851/; classtype:trojan-activity;sid:84499951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/10092024070313/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636852/; classtype:trojan-activity;sid:84499952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/23092024123854/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636853/; classtype:trojan-activity;sid:84499953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024112941/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636854/; classtype:trojan-activity;sid:84499954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/08072024113918/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636849/; classtype:trojan-activity;sid:84499949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8326/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636847/; classtype:trojan-activity;sid:84499947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11072024110808/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636843/; classtype:trojan-activity;sid:84499943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/06072024112721/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636845/; classtype:trojan-activity;sid:84499945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8326/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636846/; classtype:trojan-activity;sid:84499946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024151521/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636839/; classtype:trojan-activity;sid:84499939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024120102/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636840/; classtype:trojan-activity;sid:84499940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636842)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115226/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636842/; classtype:trojan-activity;sid:84499942; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/08072024070547/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636836/; classtype:trojan-activity;sid:84499936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/26092024103307/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636837/; classtype:trojan-activity;sid:84499937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024134639/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636835/; classtype:trojan-activity;sid:84499935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024120914/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636833/; classtype:trojan-activity;sid:84499933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024104834/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636834/; classtype:trojan-activity;sid:84499934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/01072024095738/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636826/; classtype:trojan-activity;sid:84499926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/10072024073020/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636827/; classtype:trojan-activity;sid:84499927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/13082024065051/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636828/; classtype:trojan-activity;sid:84499928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024074730/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636829/; classtype:trojan-activity;sid:84499929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/05092024071139/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636830/; classtype:trojan-activity;sid:84499930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024143423/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636831/; classtype:trojan-activity;sid:84499931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/01072024073548/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636832/; classtype:trojan-activity;sid:84499932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/16092024075132/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636825/; classtype:trojan-activity;sid:84499925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/28062024112249/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636824/; classtype:trojan-activity;sid:84499924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/18072024080738/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636823/; classtype:trojan-activity;sid:84499923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/06102024112545/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636816/; classtype:trojan-activity;sid:84499916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181057/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636817/; classtype:trojan-activity;sid:84499917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/02072024073145/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636818/; classtype:trojan-activity;sid:84499918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/21062024070935/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636819/; classtype:trojan-activity;sid:84499919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/06082024120113/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636820/; classtype:trojan-activity;sid:84499920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/27062024081736/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636821/; classtype:trojan-activity;sid:84499921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/29082024071803/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636822/; classtype:trojan-activity;sid:84499922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024113513/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636815/; classtype:trojan-activity;sid:84499915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/25072024071606/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636814/; classtype:trojan-activity;sid:84499914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/12062024085922/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636812/; classtype:trojan-activity;sid:84499912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024152101/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636813/; classtype:trojan-activity;sid:84499913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/08072024113231/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636811/; classtype:trojan-activity;sid:84499911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130114/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636806/; classtype:trojan-activity;sid:84499906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114959/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636807/; classtype:trojan-activity;sid:84499907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/20082024121600/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636809/; classtype:trojan-activity;sid:84499909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/26092024115544/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636810/; classtype:trojan-activity;sid:84499910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/28082024070417/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636803/; classtype:trojan-activity;sid:84499903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024143113/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636804/; classtype:trojan-activity;sid:84499904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/13092024071052/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636800/; classtype:trojan-activity;sid:84499900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/10062024180136/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636801/; classtype:trojan-activity;sid:84499901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175356/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636802/; classtype:trojan-activity;sid:84499902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/27082024070328/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636799/; classtype:trojan-activity;sid:84499899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8050/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636798/; classtype:trojan-activity;sid:84499898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/18062024071837/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636795/; classtype:trojan-activity;sid:84499895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/18072024120409/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636796/; classtype:trojan-activity;sid:84499896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/30082024111343/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636797/; classtype:trojan-activity;sid:84499897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/21082024112544/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636794/; classtype:trojan-activity;sid:84499894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/19072024111357/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636791/; classtype:trojan-activity;sid:84499891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024175200/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636784/; classtype:trojan-activity;sid:84499884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/30072024115935/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636785/; classtype:trojan-activity;sid:84499885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024114819/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636786/; classtype:trojan-activity;sid:84499886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024070959/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636788/; classtype:trojan-activity;sid:84499888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/05092024120909/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636789/; classtype:trojan-activity;sid:84499889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/05072024112530/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636790/; classtype:trojan-activity;sid:84499890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024115132/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636783/; classtype:trojan-activity;sid:84499883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024114316/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636782/; classtype:trojan-activity;sid:84499882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024113136/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636781/; classtype:trojan-activity;sid:84499881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/04072024170824/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636779/; classtype:trojan-activity;sid:84499879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024135746/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636780/; classtype:trojan-activity;sid:84499880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115515/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636777/; classtype:trojan-activity;sid:84499877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024115926/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636778/; classtype:trojan-activity;sid:84499878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024082013/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636775/; classtype:trojan-activity;sid:84499875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/10072024110114/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636776/; classtype:trojan-activity;sid:84499876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024071919/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636773/; classtype:trojan-activity;sid:84499873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/19082024070444/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636771/; classtype:trojan-activity;sid:84499871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024104419/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636772/; classtype:trojan-activity;sid:84499872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024070754/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636770/; classtype:trojan-activity;sid:84499870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024074514/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636769/; classtype:trojan-activity;sid:84499869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/23072024073428/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636768/; classtype:trojan-activity;sid:84499868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024110029/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636767/; classtype:trojan-activity;sid:84499867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/30072024075615/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636766/; classtype:trojan-activity;sid:84499866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024173603/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636764/; classtype:trojan-activity;sid:84499864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/27092024072930/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636763/; classtype:trojan-activity;sid:84499863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/14092024070825/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636761/; classtype:trojan-activity;sid:84499861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024105405/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636762/; classtype:trojan-activity;sid:84499862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/31072024120304/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636760/; classtype:trojan-activity;sid:84499860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/16082024171045/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636759/; classtype:trojan-activity;sid:84499859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024083204/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636757/; classtype:trojan-activity;sid:84499857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024175202/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636758/; classtype:trojan-activity;sid:84499858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/09082024071028/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636754/; classtype:trojan-activity;sid:84499854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/bkp/info.zip"; depth:20; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636753/; classtype:trojan-activity;sid:84499853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/11062024074638/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636752/; classtype:trojan-activity;sid:84499852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8318/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636751/; classtype:trojan-activity;sid:84499851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024071328/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636750/; classtype:trojan-activity;sid:84499850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/17082024111540/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636749/; classtype:trojan-activity;sid:84499849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/25072024111710/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636748/; classtype:trojan-activity;sid:84499848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125639/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636746/; classtype:trojan-activity;sid:84499846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024072316/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636745/; classtype:trojan-activity;sid:84499845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024152842/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636744/; classtype:trojan-activity;sid:84499844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/03092024065611/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636743/; classtype:trojan-activity;sid:84499843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/20082024074454/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636742/; classtype:trojan-activity;sid:84499842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/14062024182506/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636741/; classtype:trojan-activity;sid:84499841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/28062024162227/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636740/; classtype:trojan-activity;sid:84499840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/25082024112344/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636739/; classtype:trojan-activity;sid:84499839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/05102024112225/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636736/; classtype:trojan-activity;sid:84499836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/22072024112228/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636737/; classtype:trojan-activity;sid:84499837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024123948/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636735/; classtype:trojan-activity;sid:84499835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636733/; classtype:trojan-activity;sid:84499833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/21082024065715/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636734/; classtype:trojan-activity;sid:84499834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163507/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636728/; classtype:trojan-activity;sid:84499828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024111850/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636729/; classtype:trojan-activity;sid:84499829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112124/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636730/; classtype:trojan-activity;sid:84499830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/pickup/info.zip"; depth:23; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636731/; classtype:trojan-activity;sid:84499831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/09072024072801/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636732/; classtype:trojan-activity;sid:84499832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/30082024070843/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636727/; classtype:trojan-activity;sid:84499827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/15072024111306/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636723/; classtype:trojan-activity;sid:84499823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/24072024072622/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636724/; classtype:trojan-activity;sid:84499824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/23082024120742/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636726/; classtype:trojan-activity;sid:84499826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024121001/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636721/; classtype:trojan-activity;sid:84499821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024162753/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636722/; classtype:trojan-activity;sid:84499822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024130538/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636719/; classtype:trojan-activity;sid:84499819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/01102024075913/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636720/; classtype:trojan-activity;sid:84499820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/31072024110649/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636717/; classtype:trojan-activity;sid:84499817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/24092024074236/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636718/; classtype:trojan-activity;sid:84499818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/26092024073810/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636715/; classtype:trojan-activity;sid:84499815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/19062024073721/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636716/; classtype:trojan-activity;sid:84499816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/03102024114713/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636714/; classtype:trojan-activity;sid:84499814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/27062024134606/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636708/; classtype:trojan-activity;sid:84499808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/25092024074358/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636709/; classtype:trojan-activity;sid:84499809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636710/; classtype:trojan-activity;sid:84499810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/12092024065636/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636711/; classtype:trojan-activity;sid:84499811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024113359/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636712/; classtype:trojan-activity;sid:84499812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/14082024102908/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636713/; classtype:trojan-activity;sid:84499813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/27062024074304/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636705/; classtype:trojan-activity;sid:84499805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/20092024114457/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636706/; classtype:trojan-activity;sid:84499806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/idi/info.zip"; depth:20; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636707/; classtype:trojan-activity;sid:84499807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/05072024105131/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636703/; classtype:trojan-activity;sid:84499803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024123414/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636704/; classtype:trojan-activity;sid:84499804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/12062024122748/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636698/; classtype:trojan-activity;sid:84499798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636699/; classtype:trojan-activity;sid:84499799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024180206/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636693/; classtype:trojan-activity;sid:84499793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024172514/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636694/; classtype:trojan-activity;sid:84499794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024070343/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636695/; classtype:trojan-activity;sid:84499795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024125844/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636696/; classtype:trojan-activity;sid:84499796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/01082024070127/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636697/; classtype:trojan-activity;sid:84499797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/30092024073115/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636685/; classtype:trojan-activity;sid:84499785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/04102024114428/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636686/; classtype:trojan-activity;sid:84499786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024162506/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636687/; classtype:trojan-activity;sid:84499787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/17072024112121/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636688/; classtype:trojan-activity;sid:84499788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/13062024123930/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636689/; classtype:trojan-activity;sid:84499789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/20082024114833/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636690/; classtype:trojan-activity;sid:84499790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/22072024071046/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636691/; classtype:trojan-activity;sid:84499791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024074934/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636692/; classtype:trojan-activity;sid:84499792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/12072024073215/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636683/; classtype:trojan-activity;sid:84499783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113341/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636684/; classtype:trojan-activity;sid:84499784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/09092024080429/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636681/; classtype:trojan-activity;sid:84499781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8342/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636682/; classtype:trojan-activity;sid:84499782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/16092024071437/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636678/; classtype:trojan-activity;sid:84499778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/11092024070152/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636679/; classtype:trojan-activity;sid:84499779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/19072024082257/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636676/; classtype:trojan-activity;sid:84499776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/02092024173539/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636666/; classtype:trojan-activity;sid:84499766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024074014/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636667/; classtype:trojan-activity;sid:84499767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/queue/info.zip"; depth:22; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636668/; classtype:trojan-activity;sid:84499768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112311/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636669/; classtype:trojan-activity;sid:84499769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/23072024112852/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636670/; classtype:trojan-activity;sid:84499770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024094613/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636671/; classtype:trojan-activity;sid:84499771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/19082024113816/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636672/; classtype:trojan-activity;sid:84499772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/02082024121949/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636674/; classtype:trojan-activity;sid:84499774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/10092024185923/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636675/; classtype:trojan-activity;sid:84499775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024130440/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636662/; classtype:trojan-activity;sid:84499762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8336/05072024082450/info.zip"; depth:46; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636663/; classtype:trojan-activity;sid:84499763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024181236/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636664/; classtype:trojan-activity;sid:84499764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024150907/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636665/; classtype:trojan-activity;sid:84499765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/22082024114017/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636656/; classtype:trojan-activity;sid:84499756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/14082024065337/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636657/; classtype:trojan-activity;sid:84499757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/8059/info.zip"; depth:31; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636658/; classtype:trojan-activity;sid:84499758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024154958/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636659/; classtype:trojan-activity;sid:84499759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/24062024075130/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636660/; classtype:trojan-activity;sid:84499760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024070807/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636654/; classtype:trojan-activity;sid:84499754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.98.68"; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636585/; classtype:trojan-activity;sid:84499685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.197.122.35"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635840/; classtype:trojan-activity;sid:84498940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/nano/image.jpg"; depth:40; endswith; nocase; http.host; content:"ybgctdtbzvgpdxjivafy.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_30; reference:url, urlhaus.abuse.ch/url/3635467/; classtype:trojan-activity;sid:84498567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3635131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.194.248.230"; depth:15; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3635131/; classtype:trojan-activity;sid:84498231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3634292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ziobigiu84/site/raw/refs/heads/main/launcher.zip"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_29; reference:url, urlhaus.abuse.ch/url/3634292/; classtype:trojan-activity;sid:84497392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3633174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.112.126.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3633174/; classtype:trojan-activity;sid:84496274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3632903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/bocavenue.exe"; depth:25; endswith; nocase; http.host; content:"versaclean.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_27; reference:url, urlhaus.abuse.ch/url/3632903/; classtype:trojan-activity;sid:84496003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/installer.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631593/; classtype:trojan-activity;sid:84494693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/tlp.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631583/; classtype:trojan-activity;sid:84494683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol11.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631573/; classtype:trojan-activity;sid:84494673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1488.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631574/; classtype:trojan-activity;sid:84494674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/1210.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631575/; classtype:trojan-activity;sid:84494675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631555/; classtype:trojan-activity;sid:84494655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/bsg.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_25; reference:url, urlhaus.abuse.ch/url/3631554/; classtype:trojan-activity;sid:84494654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3631233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.95.148.167"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_24; reference:url, urlhaus.abuse.ch/url/3631233/; classtype:trojan-activity;sid:84494333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3630546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shaerrlys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_23; reference:url, urlhaus.abuse.ch/url/3630546/; classtype:trojan-activity;sid:84493646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"36.154.188.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_20; reference:url, urlhaus.abuse.ch/url/3627935/; classtype:trojan-activity;sid:84491035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3627210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"36.154.188.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_19; reference:url, urlhaus.abuse.ch/url/3627210/; classtype:trojan-activity;sid:84490310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"113.57.8.243"; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626596/; classtype:trojan-activity;sid:84489696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drilldata/info.zip"; depth:19; endswith; nocase; http.host; content:"113.57.8.243"; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626595/; classtype:trojan-activity;sid:84489695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.115.254.91"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626300/; classtype:trojan-activity;sid:84489400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3626275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"74.62.255.234"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_18; reference:url, urlhaus.abuse.ch/url/3626275/; classtype:trojan-activity;sid:84489375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mise.exe"; depth:9; endswith; nocase; http.host; content:"210.16.163.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_14; reference:url, urlhaus.abuse.ch/url/3623786/; classtype:trojan-activity;sid:84486886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkakkkaa/gdsssdggsg/releases/download/fsdfsd/lol1.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623408/; classtype:trojan-activity;sid:84486508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123.exe"; depth:8; endswith; nocase; http.host; content:"210.16.163.207"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623390/; classtype:trojan-activity;sid:84486490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rasadhlp.dll"; depth:13; endswith; nocase; http.host; content:"118.25.68.152"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623131/; classtype:trojan-activity;sid:84486231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ziobigiu84/site/refs/heads/main/launcher.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623126/; classtype:trojan-activity;sid:84486226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/midkourtbbe/network/refs/heads/main/software.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623123/; classtype:trojan-activity;sid:84486223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anno29/web/refs/heads/main/software.zip"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623122/; classtype:trojan-activity;sid:84486222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilpigna03/site/refs/heads/main/launcher.zip"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623121/; classtype:trojan-activity;sid:84486221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3623120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullarchive/request/refs/heads/main/software.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_09_13; reference:url, urlhaus.abuse.ch/url/3623120/; classtype:trojan-activity;sid:84486220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/hold/image.jpg"; depth:40; endswith; nocase; http.host; content:"ihmmkvkaiwnilneauhfn.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622759/; classtype:trojan-activity;sid:84485859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343p"; depth:58; endswith; nocase; http.host; content:"frygzjyhtiunvhvnacif.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622643/; classtype:trojan-activity;sid:84485743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/nano_duso/image.jpg|3f|12711343"; depth:57; endswith; nocase; http.host; content:"frygzjyhtiunvhvnacif.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622639/; classtype:trojan-activity;sid:84485739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343"; depth:52; endswith; nocase; http.host; content:"ihmmkvkaiwnilneauhfn.supabase.co"; depth:32; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622638/; classtype:trojan-activity;sid:84485738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"www.hcsnet.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622625/; classtype:trojan-activity;sid:84485725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"www.hcsnet.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622623/; classtype:trojan-activity;sid:84485723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_x86"; depth:10; endswith; nocase; http.host; content:"www.hcsnet.com.br"; depth:17; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622624/; classtype:trojan-activity;sid:84485724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/125.bin"; depth:8; endswith; nocase; http.host; content:"39.105.223.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622541/; classtype:trojan-activity;sid:84485641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellcode.bin"; depth:14; endswith; nocase; http.host; content:"39.105.223.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622545/; classtype:trojan-activity;sid:84485645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er/45.bin"; depth:10; endswith; nocase; http.host; content:"39.105.223.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622547/; classtype:trojan-activity;sid:84485647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er/326.bin"; depth:11; endswith; nocase; http.host; content:"39.105.223.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622548/; classtype:trojan-activity;sid:84485648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er/46.bin"; depth:10; endswith; nocase; http.host; content:"39.105.223.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622549/; classtype:trojan-activity;sid:84485649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3622539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/er/1212.bin"; depth:12; endswith; nocase; http.host; content:"39.105.223.127"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_12; reference:url, urlhaus.abuse.ch/url/3622539/; classtype:trojan-activity;sid:84485639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1xisuc6psmmj5jzq7jgoffba7avfhzga_"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621757/; classtype:trojan-activity;sid:84484857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1okqdyr_kghanl7h_i1mwmlmzfesw_gx0"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_09_11; reference:url, urlhaus.abuse.ch/url/3621753/; classtype:trojan-activity;sid:84484853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3621442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"175.214.227.21"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_10; reference:url, urlhaus.abuse.ch/url/3621442/; classtype:trojan-activity;sid:84484542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_amd64"; depth:12; endswith; nocase; http.host; content:"hcsnet.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619986/; classtype:trojan-activity;sid:84483086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"hcsnet.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619984/; classtype:trojan-activity;sid:84483084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3619985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux_x86"; depth:10; endswith; nocase; http.host; content:"hcsnet.com.br"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_08; reference:url, urlhaus.abuse.ch/url/3619985/; classtype:trojan-activity;sid:84483085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.93.200.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617421/; classtype:trojan-activity;sid:84480521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19000101/av.scr"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617201/; classtype:trojan-activity;sid:84480301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19000101/photo.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617196/; classtype:trojan-activity;sid:84480296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19000101/video.scr"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617193/; classtype:trojan-activity;sid:84480293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19000101/av.lnk"; depth:16; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617189/; classtype:trojan-activity;sid:84480289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3617190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/19000101/video.lnk"; depth:19; endswith; nocase; http.host; content:"111.59.254.165"; depth:14; isdataat:!1,relative; metadata:created_at 2025_09_04; reference:url, urlhaus.abuse.ch/url/3617190/; classtype:trojan-activity;sid:84480290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.55.126.179"; depth:12; isdataat:!1,relative; metadata:created_at 2025_09_02; reference:url, urlhaus.abuse.ch/url/3615696/; classtype:trojan-activity;sid:84478796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3615306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"193.109.44.54"; depth:13; isdataat:!1,relative; metadata:created_at 2025_09_01; reference:url, urlhaus.abuse.ch/url/3615306/; classtype:trojan-activity;sid:84478406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windowsupdate.exe"; depth:18; endswith; nocase; http.host; content:"129.152.20.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614697/; classtype:trojan-activity;sid:84477797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/windows.x64.silent.cpu.exe"; depth:27; endswith; nocase; http.host; content:"129.152.20.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_31; reference:url, urlhaus.abuse.ch/url/3614696/; classtype:trojan-activity;sid:84477796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d/mzjfndu3ndewnzjf/dvgihou177.bin"; depth:34; endswith; nocase; http.host; content:"od.lk"; depth:5; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614280/; classtype:trojan-activity;sid:84477380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3614199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/827-mh1-3t/827/main/t1.png"; depth:27; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_30; reference:url, urlhaus.abuse.ch/url/3614199/; classtype:trojan-activity;sid:84477299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.126.1.30"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613683/; classtype:trojan-activity;sid:84476783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/pinaview.exe"; depth:23; endswith; nocase; http.host; content:"pinaview.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613629/; classtype:trojan-activity;sid:84476729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peterson643eu/projecttop/refs/heads/main/zjqppajn.exe"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_29; reference:url, urlhaus.abuse.ch/url/3613494/; classtype:trojan-activity;sid:84476594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3613214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.43.76.100"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_28; reference:url, urlhaus.abuse.ch/url/3613214/; classtype:trojan-activity;sid:84476314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3611504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/usbmmidd_v2.zip"; depth:26; endswith; nocase; http.host; content:"www.amyuni.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_25; reference:url, urlhaus.abuse.ch/url/3611504/; classtype:trojan-activity;sid:84474604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tfsoft/xftd/v2/ctf/"; depth:20; endswith; nocase; http.host; content:"tengfeidn.cn"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610613/; classtype:trojan-activity;sid:84473713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tfsoft/xftd/v2/ctf/"; depth:20; endswith; nocase; http.host; content:"pcupd.com"; depth:9; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610612/; classtype:trojan-activity;sid:84473712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/upgrade/jd"; depth:15; endswith; nocase; http.host; content:"rdm.91yunma.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610604/; classtype:trojan-activity;sid:84473704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/api/upgrade/qcoin"; depth:18; endswith; nocase; http.host; content:"rdm.91yunma.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610602/; classtype:trojan-activity;sid:84473702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/mely.exe"; depth:14; endswith; nocase; http.host; content:"areyouready.co.za"; depth:17; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610401/; classtype:trojan-activity;sid:84473501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/loic/raw/refs/heads/master/loic.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610381/; classtype:trojan-activity;sid:84473481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3610380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/raizydaizy/steamcmd/raw/refs/heads/main/steamcmd.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_24; reference:url, urlhaus.abuse.ch/url/3610380/; classtype:trojan-activity;sid:84473480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/remmbuil.txt"; depth:15; endswith; nocase; http.host; content:"gestionycobranzas.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609420/; classtype:trojan-activity;sid:84472520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/task.vbs"; depth:11; endswith; nocase; http.host; content:"gestionycobranzas.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609414/; classtype:trojan-activity;sid:84472514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3609409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2/task.js"; depth:10; endswith; nocase; http.host; content:"gestionycobranzas.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3609409/; classtype:trojan-activity;sid:84472509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"119.45.105.211"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608802/; classtype:trojan-activity;sid:84471902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"119.45.105.211"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_22; reference:url, urlhaus.abuse.ch/url/3608773/; classtype:trojan-activity;sid:84471873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/22072024080730/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608522/; classtype:trojan-activity;sid:84471622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024123023/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608521/; classtype:trojan-activity;sid:84471621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/14082024082341/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608520/; classtype:trojan-activity;sid:84471620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/09072024080408/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608519/; classtype:trojan-activity;sid:84471619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024072520/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608518/; classtype:trojan-activity;sid:84471618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8029/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608517/; classtype:trojan-activity;sid:84471617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/10092024072747/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608511/; classtype:trojan-activity;sid:84471611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/23092024080311/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608513/; classtype:trojan-activity;sid:84471613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/02082024071413/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608506/; classtype:trojan-activity;sid:84471606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024103542/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608503/; classtype:trojan-activity;sid:84471603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/15072024075523/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608500/; classtype:trojan-activity;sid:84471600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/13082024070204/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608487/; classtype:trojan-activity;sid:84471587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/14062024075221/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608488/; classtype:trojan-activity;sid:84471588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/12082024075637/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608491/; classtype:trojan-activity;sid:84471591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/16082024071234/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608492/; classtype:trojan-activity;sid:84471592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/13072024070443/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608493/; classtype:trojan-activity;sid:84471593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/18062024074945/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608496/; classtype:trojan-activity;sid:84471596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110801/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608497/; classtype:trojan-activity;sid:84471597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/12092024121832/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608482/; classtype:trojan-activity;sid:84471582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8461/info.zip"; depth:42; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608483/; classtype:trojan-activity;sid:84471583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/10092024080037/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608479/; classtype:trojan-activity;sid:84471579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/28082024112055/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608471/; classtype:trojan-activity;sid:84471571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8050/11062024140819/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608474/; classtype:trojan-activity;sid:84471574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/6011/25072024071607/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608470/; classtype:trojan-activity;sid:84471570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/8059/17082024070657/info.zip"; depth:57; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608466/; classtype:trojan-activity;sid:84471566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3608082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.55.82.160"; depth:11; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3608082/; classtype:trojan-activity;sid:84471182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ntchuy/hack/refs/heads/main/client.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607961/; classtype:trojan-activity;sid:84471061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3607915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linpeas.sh"; depth:11; endswith; nocase; http.host; content:"34.70.102.215"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_21; reference:url, urlhaus.abuse.ch/url/3607915/; classtype:trojan-activity;sid:84471015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ovu/pon/refs/heads/main/rustmedebyg.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606770/; classtype:trojan-activity;sid:84469870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ovu/pon/refs/heads/main/rustme.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606767/; classtype:trojan-activity;sid:84469867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d1ovu/pon/refs/heads/main/debugconfig.bat"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606766/; classtype:trojan-activity;sid:84469866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atu.lim"; depth:8; endswith; nocase; http.host; content:"electri.billregulator.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606680/; classtype:trojan-activity;sid:84469780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3606577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2508/9e3363f017c60726bf610a2a472040144t."; depth:41; endswith; nocase; http.host; content:"file.uhsea.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_19; reference:url, urlhaus.abuse.ch/url/3606577/; classtype:trojan-activity;sid:84469677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"121.154.116.86"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605366/; classtype:trojan-activity;sid:84468466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3605364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.166.218.154"; depth:15; isdataat:!1,relative; metadata:created_at 2025_08_17; reference:url, urlhaus.abuse.ch/url/3605364/; classtype:trojan-activity;sid:84468464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keepon.exe"; depth:11; endswith; nocase; http.host; content:"209.145.51.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604879/; classtype:trojan-activity;sid:84467979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"117.20.17.17"; depth:12; isdataat:!1,relative; metadata:created_at 2025_08_16; reference:url, urlhaus.abuse.ch/url/3604744/; classtype:trojan-activity;sid:84467844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.196.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604243/; classtype:trojan-activity;sid:84467343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"141.149.36.27"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604235/; classtype:trojan-activity;sid:84467335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3604233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"164.126.150.95"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_15; reference:url, urlhaus.abuse.ch/url/3604233/; classtype:trojan-activity;sid:84467333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/runtime/vc_redist.x64.exe"; depth:26; endswith; nocase; http.host; content:"checkfivem.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_13; reference:url, urlhaus.abuse.ch/url/3601597/; classtype:trojan-activity;sid:84464697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3601445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"164.126.150.95"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_12; reference:url, urlhaus.abuse.ch/url/3601445/; classtype:trojan-activity;sid:84464545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"79.122.193.32"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_09; reference:url, urlhaus.abuse.ch/url/3599810/; classtype:trojan-activity;sid:84462910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.90.236.250"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599101/; classtype:trojan-activity;sid:84462201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3599106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.54.221.234"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_08; reference:url, urlhaus.abuse.ch/url/3599106/; classtype:trojan-activity;sid:84462206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1.exe"; depth:6; endswith; nocase; http.host; content:"117.72.183.111"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_06; reference:url, urlhaus.abuse.ch/url/3597379/; classtype:trojan-activity;sid:84460479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3597150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zmyjungmin/img001.exe"; depth:22; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_05; reference:url, urlhaus.abuse.ch/url/3597150/; classtype:trojan-activity;sid:84460250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3595203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.241.78.146"; depth:14; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3595203/; classtype:trojan-activity;sid:84458303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.ssa/t1.png"; depth:12; endswith; nocase; http.host; content:"isiore.com.co"; depth:13; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594962/; classtype:trojan-activity;sid:84458062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3594942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r00tnik8/zianr35524869492586/raw/refs/heads/main/plugin3.plg"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_08_02; reference:url, urlhaus.abuse.ch/url/3594942/; classtype:trojan-activity;sid:84458042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"216.247.208.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592552/; classtype:trojan-activity;sid:84455652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"216.247.208.231"; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592078/; classtype:trojan-activity;sid:84455178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3592038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image/cache/data/aksesuarlar/patch-yama-arma/skid-row-500x500.jpg"; depth:66; endswith; nocase; http.host; content:"xshop.com.tr"; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_29; reference:url, urlhaus.abuse.ch/url/3592038/; classtype:trojan-activity;sid:84455138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3591244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cat.sh"; depth:7; endswith; nocase; http.host; content:"23.95.247.31"; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3591244/; classtype:trojan-activity;sid:84454344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amineamine284/d3dx11_45/refs/heads/main/d3dx11_45.dll"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590749/; classtype:trojan-activity;sid:84453849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amineamine284/rssdgxgr/refs/heads/main/garo%20x.exe"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590748/; classtype:trojan-activity;sid:84453848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amineamine284/edggqdsg/refs/heads/main/garo%20v1.dll"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590746/; classtype:trojan-activity;sid:84453846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hafiz12cyber/request/raw/refs/heads/main/launcher.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590552/; classtype:trojan-activity;sid:84453652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/midkourtbbe/network/raw/refs/heads/main/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590550/; classtype:trojan-activity;sid:84453650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anno29/web/raw/refs/heads/main/software.zip"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590549/; classtype:trojan-activity;sid:84453649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notcat999/sys/raw/refs/heads/main/software.zip"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590548/; classtype:trojan-activity;sid:84453648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gethalal-007/request/raw/refs/heads/main/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590547/; classtype:trojan-activity;sid:84453647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3590546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nullarchive/request/raw/refs/heads/main/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_27; reference:url, urlhaus.abuse.ch/url/3590546/; classtype:trojan-activity;sid:84453646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.52.121"; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589312/; classtype:trojan-activity;sid:84452412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3589307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.24.52.121"; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_25; reference:url, urlhaus.abuse.ch/url/3589307/; classtype:trojan-activity;sid:84452407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sid2983/-1aa-valoranta/releases/download/d0wn10ad/valcheat.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587585/; classtype:trojan-activity;sid:84450685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3587551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//2025/07/19/15/683192372.png"; depth:29; endswith; nocase; http.host; content:"www2.0zz0.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_21; reference:url, urlhaus.abuse.ch/url/3587551/; classtype:trojan-activity;sid:84450651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3586167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.83.186.62"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_20; reference:url, urlhaus.abuse.ch/url/3586167/; classtype:trojan-activity;sid:84449267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.30.12.254"; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585163/; classtype:trojan-activity;sid:84448263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.236.116.198"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585169/; classtype:trojan-activity;sid:84448269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"59.7.131.145"; depth:12; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585162/; classtype:trojan-activity;sid:84448262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/catalog/model/cummersmg.exe"; depth:28; endswith; nocase; http.host; content:"kavacanada.ca"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585053/; classtype:trojan-activity;sid:84448153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3585052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/catalog/model/cheekpiecegar.ps1"; depth:32; endswith; nocase; http.host; content:"kavacanada.ca"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3585052/; classtype:trojan-activity;sid:84448152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.101.123.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584733/; classtype:trojan-activity;sid:84447833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.2.45.191"; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_17; reference:url, urlhaus.abuse.ch/url/3584719/; classtype:trojan-activity;sid:84447819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3584281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.204.227"; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_16; reference:url, urlhaus.abuse.ch/url/3584281/; classtype:trojan-activity;sid:84447381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"177.70.102.228"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_15; reference:url, urlhaus.abuse.ch/url/3583571/; classtype:trojan-activity;sid:84446671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3583040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laurenxss/42429a19c72b875b93608f8cb0cab933/raw/"; depth:48; endswith; nocase; http.host; content:"gist.githubusercontent.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_07_14; reference:url, urlhaus.abuse.ch/url/3583040/; classtype:trojan-activity;sid:84446140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3582620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.2.45.172"; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_13; reference:url, urlhaus.abuse.ch/url/3582620/; classtype:trojan-activity;sid:84445720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"61.2.45.141"; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580902/; classtype:trojan-activity;sid:84444002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.247.191.106"; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580896/; classtype:trojan-activity;sid:84443996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"115.240.70.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580881/; classtype:trojan-activity;sid:84443981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.153.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580884/; classtype:trojan-activity;sid:84443984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3580863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.96.233"; depth:11; isdataat:!1,relative; metadata:created_at 2025_07_11; reference:url, urlhaus.abuse.ch/url/3580863/; classtype:trojan-activity;sid:84443963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invisiblebunny/records/main/bunny-mini/mini.shell.php"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578386/; classtype:trojan-activity;sid:84441486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3578385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ly4k/pwnkit/main/pwnkit"; depth:24; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_07; reference:url, urlhaus.abuse.ch/url/3578385/; classtype:trojan-activity;sid:84441485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost%2bfound/photo.lnk"; depth:23; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577021/; classtype:trojan-activity;sid:84440121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/av.lnk"; depth:9; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577020/; classtype:trojan-activity;sid:84440120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/video.scr"; depth:12; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577008/; classtype:trojan-activity;sid:84440108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3577009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/photo.scr"; depth:12; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3577009/; classtype:trojan-activity;sid:84440109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/av.scr"; depth:9; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576996/; classtype:trojan-activity;sid:84440096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576990/; classtype:trojan-activity;sid:84440090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost%2bfound/photo.scr"; depth:23; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576991/; classtype:trojan-activity;sid:84440091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost%2bfound/info.zip"; depth:22; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576992/; classtype:trojan-activity;sid:84440092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost%2bfound/av.scr"; depth:20; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576993/; classtype:trojan-activity;sid:84440093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.scr"; depth:10; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576994/; classtype:trojan-activity;sid:84440094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost%2bfound/av.lnk"; depth:20; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576995/; classtype:trojan-activity;sid:84440095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/av.scr"; depth:7; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576988/; classtype:trojan-activity;sid:84440088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost%2bfound/video.scr"; depth:23; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576989/; classtype:trojan-activity;sid:84440089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lost%2bfound/video.lnk"; depth:23; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576987/; classtype:trojan-activity;sid:84440087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/video.lnk"; depth:10; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576982/; classtype:trojan-activity;sid:84440082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/video.lnk"; depth:12; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576983/; classtype:trojan-activity;sid:84440083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/photo.lnk"; depth:12; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576984/; classtype:trojan-activity;sid:84440084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/info.zip"; depth:11; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576985/; classtype:trojan-activity;sid:84440085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3576986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"116.133.72.10"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3576986/; classtype:trojan-activity;sid:84440086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/allbnc.jpg"; depth:11; endswith; nocase; http.host; content:"185.253.75.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575978/; classtype:trojan-activity;sid:84439078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/auto.jpg"; depth:9; endswith; nocase; http.host; content:"185.253.75.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575979/; classtype:trojan-activity;sid:84439079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.sh"; depth:5; endswith; nocase; http.host; content:"185.253.75.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575971/; classtype:trojan-activity;sid:84439071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cata2.jpg"; depth:10; endswith; nocase; http.host; content:"185.253.75.188"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_05; reference:url, urlhaus.abuse.ch/url/3575892/; classtype:trojan-activity;sid:84438992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labubu99999/localoco8386/main/shaman.zip"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575355/; classtype:trojan-activity;sid:84438455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3575354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/labubu99999/localoco8386/raw/main/update0.bat"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_07_04; reference:url, urlhaus.abuse.ch/url/3575354/; classtype:trojan-activity;sid:84438454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"222.239.87.50"; depth:13; isdataat:!1,relative; metadata:created_at 2025_07_02; reference:url, urlhaus.abuse.ch/url/3573965/; classtype:trojan-activity;sid:84437065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3573084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chrome_134.exe"; depth:15; endswith; nocase; http.host; content:"lomejordesalamanca.es"; depth:21; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3573084/; classtype:trojan-activity;sid:84436184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3572294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.142.68"; depth:14; isdataat:!1,relative; metadata:created_at 2025_07_01; reference:url, urlhaus.abuse.ch/url/3572294/; classtype:trojan-activity;sid:84435394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3571424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a3f.dof"; depth:8; endswith; nocase; http.host; content:"checkinetverifk.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_06_30; reference:url, urlhaus.abuse.ch/url/3571424/; classtype:trojan-activity;sid:84434524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.120.203.230"; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_26; reference:url, urlhaus.abuse.ch/url/3570433/; classtype:trojan-activity;sid:84433533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.139.187.78"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570176/; classtype:trojan-activity;sid:84433276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3570158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"90.8.83.87"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_25; reference:url, urlhaus.abuse.ch/url/3570158/; classtype:trojan-activity;sid:84433258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"85.57.30.25"; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569817/; classtype:trojan-activity;sid:84432917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"90.8.83.87"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569802/; classtype:trojan-activity;sid:84432902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"90.8.83.87"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_24; reference:url, urlhaus.abuse.ch/url/3569803/; classtype:trojan-activity;sid:84432903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3569088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/images/trapapo.ps1"; depth:31; endswith; nocase; http.host; content:"www.vuelaviajero.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_22; reference:url, urlhaus.abuse.ch/url/3569088/; classtype:trojan-activity;sid:84432188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aminer.gz"; depth:10; endswith; nocase; http.host; content:"162.215.218.82"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568977/; classtype:trojan-activity;sid:84432077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install.tgz"; depth:12; endswith; nocase; http.host; content:"162.215.218.82"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_21; reference:url, urlhaus.abuse.ch/url/3568976/; classtype:trojan-activity;sid:84432076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new_image.jpg"; depth:14; endswith; nocase; http.host; content:"talentrecruitments.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568238/; classtype:trojan-activity;sid:84431338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js/new_image.jpg"; depth:17; endswith; nocase; http.host; content:"talentrecruitments.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_06_19; reference:url, urlhaus.abuse.ch/url/3568230/; classtype:trojan-activity;sid:84431330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3568006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xl.txt"; depth:7; endswith; nocase; http.host; content:"mundocarnes.cl"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3568006/; classtype:trojan-activity;sid:84431106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/info.zip"; depth:16; endswith; nocase; http.host; content:"5.149.184.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565283/; classtype:trojan-activity;sid:84428383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svg/info.zip"; depth:13; endswith; nocase; http.host; content:"5.149.184.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565284/; classtype:trojan-activity;sid:84428384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"5.149.184.170"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565285/; classtype:trojan-activity;sid:84428385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/dao/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565262/; classtype:trojan-activity;sid:84428362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp%20-%20copia/badmail/info.zip"; depth:36; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565260/; classtype:trojan-activity;sid:84428360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/1/info.zip"; depth:23; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565261/; classtype:trojan-activity;sid:84428361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/1/info.zip"; depth:37; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565259/; classtype:trojan-activity;sid:84428359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp%20-%20copia/info.zip"; depth:28; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565258/; classtype:trojan-activity;sid:84428358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/delcacheprodutoseg/info.zip"; depth:35; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565257/; classtype:trojan-activity;sid:84428357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bkp/info.zip"; depth:13; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565256/; classtype:trojan-activity;sid:84428356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp%20-%20copia/queue/info.zip"; depth:34; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565255/; classtype:trojan-activity;sid:84428355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/relftp/info.zip"; depth:16; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565254/; classtype:trojan-activity;sid:84428354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp%20-%20copia/drop/info.zip"; depth:33; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565253/; classtype:trojan-activity;sid:84428353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp/info.zip"; depth:16; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565252/; classtype:trojan-activity;sid:84428352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp%20-%20copia/pickup/info.zip"; depth:35; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565249/; classtype:trojan-activity;sid:84428349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/h4lud3ae/info.zip"; depth:18; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565244/; classtype:trojan-activity;sid:84428344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/info.zip"; depth:17; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565245/; classtype:trojan-activity;sid:84428345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/cons/info.zip"; depth:21; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565246/; classtype:trojan-activity;sid:84428346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/relftp/pdf/info.zip"; depth:20; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565243/; classtype:trojan-activity;sid:84428343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/1/info.zip"; depth:26; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565230/; classtype:trojan-activity;sid:84428330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/idi/info.zip"; depth:13; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565236/; classtype:trojan-activity;sid:84428336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tmpftp/extcons/info.zip"; depth:24; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565239/; classtype:trojan-activity;sid:84428339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/exeftp%20-%20copia/idi/info.zip"; depth:32; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565240/; classtype:trojan-activity;sid:84428340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gdbftp/info.zip"; depth:16; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565241/; classtype:trojan-activity;sid:84428341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/cksy/info.zip"; depth:98; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565091/; classtype:trojan-activity;sid:84428191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/service/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565090/; classtype:trojan-activity;sid:84428190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/info.zip"; depth:98; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565089/; classtype:trojan-activity;sid:84428189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565088/; classtype:trojan-activity;sid:84428188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/entity/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565087/; classtype:trojan-activity;sid:84428187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/info.zip"; depth:62; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565085/; classtype:trojan-activity;sid:84428185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; depth:80; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565086/; classtype:trojan-activity;sid:84428186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/info.zip"; depth:74; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565084/; classtype:trojan-activity;sid:84428184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/entity/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565083/; classtype:trojan-activity;sid:84428183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/constrant/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565082/; classtype:trojan-activity;sid:84428182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/dao/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565081/; classtype:trojan-activity;sid:84428181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/info.zip"; depth:57; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565080/; classtype:trojan-activity;sid:84428180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565079/; classtype:trojan-activity;sid:84428179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/log/info.zip"; depth:83; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565078/; classtype:trojan-activity;sid:84428178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565077/; classtype:trojan-activity;sid:84428177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; depth:80; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565076/; classtype:trojan-activity;sid:84428176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/images/new/info.zip"; depth:48; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565075/; classtype:trojan-activity;sid:84428175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/info.zip"; depth:54; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565074/; classtype:trojan-activity;sid:84428174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/photoset/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565073/; classtype:trojan-activity;sid:84428173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/templete/info.zip"; depth:55; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565072/; classtype:trojan-activity;sid:84428172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/service/impl/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565071/; classtype:trojan-activity;sid:84428171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/action/info.zip"; depth:76; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565070/; classtype:trojan-activity;sid:84428170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/vehiclereview/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565069/; classtype:trojan-activity;sid:84428169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/root/org/info.zip"; depth:50; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565068/; classtype:trojan-activity;sid:84428168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/css1/info.zip"; depth:42; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565066/; classtype:trojan-activity;sid:84428166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/base/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565067/; classtype:trojan-activity;sid:84428167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/zbawss/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565065/; classtype:trojan-activity;sid:84428165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/entity/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565064/; classtype:trojan-activity;sid:84428164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/info.zip"; depth:75; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565062/; classtype:trojan-activity;sid:84428162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dto/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565063/; classtype:trojan-activity;sid:84428163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/info.zip"; depth:91; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565061/; classtype:trojan-activity;sid:84428161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/root/org/apache/info.zip"; depth:57; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565060/; classtype:trojan-activity;sid:84428160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/templete/info.zip"; depth:59; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565059/; classtype:trojan-activity;sid:84428159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/photo/info.zip"; depth:36; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565057/; classtype:trojan-activity;sid:84428157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/info.zip"; depth:92; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565058/; classtype:trojan-activity;sid:84428158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/entity/info.zip"; depth:90; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565056/; classtype:trojan-activity;sid:84428156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565054/; classtype:trojan-activity;sid:84428154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/impl/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565049/; classtype:trojan-activity;sid:84428149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/localxml.zip"; depth:54; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565050/; classtype:trojan-activity;sid:84428150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/info.zip"; depth:37; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565051/; classtype:trojan-activity;sid:84428151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dto/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565048/; classtype:trojan-activity;sid:84428148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/action/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565044/; classtype:trojan-activity;sid:84428144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/entity/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565043/; classtype:trojan-activity;sid:84428143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/servacpt/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565040/; classtype:trojan-activity;sid:84428140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/temp/info.zip"; depth:22; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565035/; classtype:trojan-activity;sid:84428135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565034/; classtype:trojan-activity;sid:84428134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/action/info.zip"; depth:94; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565030/; classtype:trojan-activity;sid:84428130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; depth:80; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565029/; classtype:trojan-activity;sid:84428129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/info.zip"; depth:38; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565024/; classtype:trojan-activity;sid:84428124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/client/info.zip"; depth:70; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565017/; classtype:trojan-activity;sid:84428117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/info.zip"; depth:31; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565018/; classtype:trojan-activity;sid:84428118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565016/; classtype:trojan-activity;sid:84428116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/info.zip"; depth:80; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565015/; classtype:trojan-activity;sid:84428115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/dao/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565014/; classtype:trojan-activity;sid:84428114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/interceptor/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565008/; classtype:trojan-activity;sid:84428108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/plugin/info.zip"; depth:37; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565009/; classtype:trojan-activity;sid:84428109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dto/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565010/; classtype:trojan-activity;sid:84428110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/info.zip"; depth:71; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565011/; classtype:trojan-activity;sid:84428111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; depth:77; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565004/; classtype:trojan-activity;sid:84428104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3565001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/info.zip"; depth:66; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3565001/; classtype:trojan-activity;sid:84428101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564999/; classtype:trojan-activity;sid:84428099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564992/; classtype:trojan-activity;sid:84428092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/mgr/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564993/; classtype:trojan-activity;sid:84428093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/visitwss/info.zip"; depth:90; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564990/; classtype:trojan-activity;sid:84428090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/info.zip"; depth:54; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564988/; classtype:trojan-activity;sid:84428088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/wss/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564986/; classtype:trojan-activity;sid:84428086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/dto/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564985/; classtype:trojan-activity;sid:84428085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564984/; classtype:trojan-activity;sid:84428084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/info.zip"; depth:68; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564983/; classtype:trojan-activity;sid:84428083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/exception/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564980/; classtype:trojan-activity;sid:84428080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/dao/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564979/; classtype:trojan-activity;sid:84428079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564977/; classtype:trojan-activity;sid:84428077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564975/; classtype:trojan-activity;sid:84428075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/dao/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564976/; classtype:trojan-activity;sid:84428076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/impl/info.zip"; depth:95; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564974/; classtype:trojan-activity;sid:84428074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/dao/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564972/; classtype:trojan-activity;sid:84428072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/localxml.zip"; depth:58; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564971/; classtype:trojan-activity;sid:84428071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/info.zip"; depth:17; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564969/; classtype:trojan-activity;sid:84428069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564968/; classtype:trojan-activity;sid:84428068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/info.zip"; depth:59; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564966/; classtype:trojan-activity;sid:84428066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/dao/info.zip"; depth:92; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564965/; classtype:trojan-activity;sid:84428065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/info.zip"; depth:64; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564964/; classtype:trojan-activity;sid:84428064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/info.zip"; depth:71; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564960/; classtype:trojan-activity;sid:84428060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspnet_client/system_web/info.zip"; depth:34; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564961/; classtype:trojan-activity;sid:84428061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dto/info.zip"; depth:91; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564958/; classtype:trojan-activity;sid:84428058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/action/info.zip"; depth:96; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564957/; classtype:trojan-activity;sid:84428057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/conf/catalina/info.zip"; depth:31; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564956/; classtype:trojan-activity;sid:84428056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564953/; classtype:trojan-activity;sid:84428053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/impl/info.zip"; depth:91; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564948/; classtype:trojan-activity;sid:84428048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/info.zip"; depth:50; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564949/; classtype:trojan-activity;sid:84428049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2345downloads/info.zip"; depth:23; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564944/; classtype:trojan-activity;sid:84428044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/lib/info.zip"; depth:46; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564937/; classtype:trojan-activity;sid:84428037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/info.zip"; depth:62; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564938/; classtype:trojan-activity;sid:84428038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/impl/info.zip"; depth:76; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564939/; classtype:trojan-activity;sid:84428039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/record/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564940/; classtype:trojan-activity;sid:84428040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/info.zip"; depth:69; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564935/; classtype:trojan-activity;sid:84428035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564936)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/info.zip"; depth:74; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564936/; classtype:trojan-activity;sid:84428036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/mgr/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564931/; classtype:trojan-activity;sid:84428031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/nvrsetting/info.zip"; depth:90; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564927/; classtype:trojan-activity;sid:84428027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/css1/_notes/info.zip"; depth:49; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564925/; classtype:trojan-activity;sid:84428025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/rgsy/system/info.zip"; depth:66; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564926/; classtype:trojan-activity;sid:84428026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/info.zip"; depth:77; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564924/; classtype:trojan-activity;sid:84428024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564920/; classtype:trojan-activity;sid:84428020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/web/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564908/; classtype:trojan-activity;sid:84428008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/info.zip"; depth:44; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564909/; classtype:trojan-activity;sid:84428009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/lib/info.zip"; depth:48; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564906/; classtype:trojan-activity;sid:84428006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564903/; classtype:trojan-activity;sid:84428003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/unusual/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564902/; classtype:trojan-activity;sid:84428002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564900/; classtype:trojan-activity;sid:84428000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/pub/info.zip"; depth:58; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564899/; classtype:trojan-activity;sid:84427999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/info.zip"; depth:61; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564898/; classtype:trojan-activity;sid:84427998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/cyzpdytemp/info.zip"; depth:36; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564895/; classtype:trojan-activity;sid:84427995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/systemset/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564896/; classtype:trojan-activity;sid:84427996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; depth:79; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564893/; classtype:trojan-activity;sid:84427993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/info.zip"; depth:68; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564894/; classtype:trojan-activity;sid:84427994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/util/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564892/; classtype:trojan-activity;sid:84427992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/info.zip"; depth:75; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564888/; classtype:trojan-activity;sid:84427988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/util/nvr/info.zip"; depth:72; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564889/; classtype:trojan-activity;sid:84427989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564882/; classtype:trojan-activity;sid:84427982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/com/vkl/ckts_pc/cksy/info.zip"; depth:59; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564883/; classtype:trojan-activity;sid:84427983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/sysparam/info.zip"; depth:90; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564881/; classtype:trojan-activity;sid:84427981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/bin/tomcat8.exe"; depth:24; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564878/; classtype:trojan-activity;sid:84427978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/info.zip"; depth:58; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564876/; classtype:trojan-activity;sid:84427976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/info.zip"; depth:63; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564874/; classtype:trojan-activity;sid:84427974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/dao/info.zip"; depth:75; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564871/; classtype:trojan-activity;sid:84427971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/dao/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564866/; classtype:trojan-activity;sid:84427966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/action/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564861/; classtype:trojan-activity;sid:84427961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/info.zip"; depth:54; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564862/; classtype:trojan-activity;sid:84427962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/dto/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564863/; classtype:trojan-activity;sid:84427963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/vehicleinformation/info.zip"; depth:98; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564858/; classtype:trojan-activity;sid:84427958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/logs/info.zip"; depth:22; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564859/; classtype:trojan-activity;sid:84427959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/entity/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564855/; classtype:trojan-activity;sid:84427955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/entity/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564852/; classtype:trojan-activity;sid:84427952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/info.zip"; depth:83; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564850/; classtype:trojan-activity;sid:84427950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564849/; classtype:trojan-activity;sid:84427949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564847/; classtype:trojan-activity;sid:84427947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/service/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564845/; classtype:trojan-activity;sid:84427945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/szclient/info.zip"; depth:72; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564844/; classtype:trojan-activity;sid:84427944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/futai/info.zip"; depth:15; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564838/; classtype:trojan-activity;sid:84427938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564839/; classtype:trojan-activity;sid:84427939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/service/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564832/; classtype:trojan-activity;sid:84427932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564819/; classtype:trojan-activity;sid:84427919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564820/; classtype:trojan-activity;sid:84427920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dto/info.zip"; depth:92; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564821/; classtype:trojan-activity;sid:84427921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/service/impl/info.zip"; depth:97; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564822/; classtype:trojan-activity;sid:84427922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/info.zip"; depth:42; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564823/; classtype:trojan-activity;sid:84427923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/jurisdict/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564809/; classtype:trojan-activity;sid:84427909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/info.zip"; depth:83; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564810/; classtype:trojan-activity;sid:84427910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/exception/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564812/; classtype:trojan-activity;sid:84427912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/hcnetsdkcom/info.zip"; depth:66; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564807/; classtype:trojan-activity;sid:84427907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564808/; classtype:trojan-activity;sid:84427908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/dao/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564804/; classtype:trojan-activity;sid:84427904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/chkptwss/mgr/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564801/; classtype:trojan-activity;sid:84427901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/info.zip"; depth:36; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564800/; classtype:trojan-activity;sid:84427900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/pub/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564799/; classtype:trojan-activity;sid:84427899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/cksy/info.zip"; depth:79; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564797/; classtype:trojan-activity;sid:84427897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/info.zip"; depth:58; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564796/; classtype:trojan-activity;sid:84427896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/info.zip"; depth:50; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564794/; classtype:trojan-activity;sid:84427894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/info.zip"; depth:64; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564793/; classtype:trojan-activity;sid:84427893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/hcnetsdkcom/info.zip"; depth:62; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564791/; classtype:trojan-activity;sid:84427891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/info.zip"; depth:60; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564787/; classtype:trojan-activity;sid:84427887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/pub/info.zip"; depth:97; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564785/; classtype:trojan-activity;sid:84427885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/service/info.zip"; depth:71; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564783/; classtype:trojan-activity;sid:84427883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564784/; classtype:trojan-activity;sid:84427884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/info.zip"; depth:74; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564781/; classtype:trojan-activity;sid:84427881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/js/info.zip"; depth:40; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564782/; classtype:trojan-activity;sid:84427882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/com/info.zip"; depth:42; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564780/; classtype:trojan-activity;sid:84427880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/count/web/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564778/; classtype:trojan-activity;sid:84427878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/base/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564777/; classtype:trojan-activity;sid:84427877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/dto/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564776/; classtype:trojan-activity;sid:84427876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564769/; classtype:trojan-activity;sid:84427869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/meta-inf/info.zip"; depth:43; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564770/; classtype:trojan-activity;sid:84427870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/wss/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564771/; classtype:trojan-activity;sid:84427871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/root/org/apache/jsp/info.zip"; depth:61; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564766/; classtype:trojan-activity;sid:84427866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/utils/nvr/info.zip"; depth:79; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564761/; classtype:trojan-activity;sid:84427861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/web/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564760/; classtype:trojan-activity;sid:84427860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/meta-inf/info.zip"; depth:45; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564755/; classtype:trojan-activity;sid:84427855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/info.zip"; depth:92; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564756/; classtype:trojan-activity;sid:84427856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/conf/info.zip"; depth:22; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564757/; classtype:trojan-activity;sid:84427857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/mgr/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564753/; classtype:trojan-activity;sid:84427853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/action/info.zip"; depth:95; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564752/; classtype:trojan-activity;sid:84427852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dao/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564749/; classtype:trojan-activity;sid:84427849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564748/; classtype:trojan-activity;sid:84427848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; depth:91; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564747/; classtype:trojan-activity;sid:84427847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/css/info.zip"; depth:41; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564746/; classtype:trojan-activity;sid:84427846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/viewwss/mgr/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564743/; classtype:trojan-activity;sid:84427843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/impl/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564739/; classtype:trojan-activity;sid:84427839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/chkptwss/dto/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564740/; classtype:trojan-activity;sid:84427840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/action/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564737/; classtype:trojan-activity;sid:84427837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/exception/info.zip"; depth:99; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564734/; classtype:trojan-activity;sid:84427834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564735/; classtype:trojan-activity;sid:84427835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/dao/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564736/; classtype:trojan-activity;sid:84427836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/images/info.zip"; depth:44; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564731/; classtype:trojan-activity;sid:84427831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/download/info.zip"; depth:39; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564726/; classtype:trojan-activity;sid:84427826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/info.zip"; depth:64; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564724/; classtype:trojan-activity;sid:84427824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/hdk/info.zip"; depth:50; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564725/; classtype:trojan-activity;sid:84427825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/controller/info.zip"; depth:94; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564720/; classtype:trojan-activity;sid:84427820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dto/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564717/; classtype:trojan-activity;sid:84427817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/info.zip"; depth:22; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564718/; classtype:trojan-activity;sid:84427818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xinheyuan/info.zip"; depth:19; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564715/; classtype:trojan-activity;sid:84427815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/dao/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564713/; classtype:trojan-activity;sid:84427813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/dao/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564711/; classtype:trojan-activity;sid:84427811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/mgr/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564706/; classtype:trojan-activity;sid:84427806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/info.zip"; depth:46; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564703/; classtype:trojan-activity;sid:84427803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/service/impl/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564704/; classtype:trojan-activity;sid:84427804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/pdawss/mgr/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564700/; classtype:trojan-activity;sid:84427800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dao/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564697/; classtype:trojan-activity;sid:84427797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/spotcheck/info.zip"; depth:74; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564693/; classtype:trojan-activity;sid:84427793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/static/images/icons/info.zip"; depth:50; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564694/; classtype:trojan-activity;sid:84427794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/hdk/info.zip"; depth:54; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564685/; classtype:trojan-activity;sid:84427785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/info.zip"; depth:74; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564686/; classtype:trojan-activity;sid:84427786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/service/info.zip"; depth:79; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564687/; classtype:trojan-activity;sid:84427787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/mgr/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564681/; classtype:trojan-activity;sid:84427781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564682/; classtype:trojan-activity;sid:84427782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/lib/info.zip"; depth:42; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564675/; classtype:trojan-activity;sid:84427775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564674/; classtype:trojan-activity;sid:84427774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/bin/info.zip"; depth:21; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564673/; classtype:trojan-activity;sid:84427773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/dao/info.zip"; depth:91; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564672/; classtype:trojan-activity;sid:84427772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/videosetting/entity/info.zip"; depth:91; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564671/; classtype:trojan-activity;sid:84427771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/info.zip"; depth:54; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564669/; classtype:trojan-activity;sid:84427769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/jurisdict/service/impl/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564670/; classtype:trojan-activity;sid:84427770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/utils/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564666/; classtype:trojan-activity;sid:84427766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/gbrwrite/dao/info.zip"; depth:92; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564667/; classtype:trojan-activity;sid:84427767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/dao/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564665/; classtype:trojan-activity;sid:84427765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/service/impl/info.zip"; depth:97; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564659/; classtype:trojan-activity;sid:84427759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/spotckeck/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564660/; classtype:trojan-activity;sid:84427760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/entity/info.zip"; depth:91; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564653/; classtype:trojan-activity;sid:84427753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hengsheng/info.zip"; depth:19; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564654/; classtype:trojan-activity;sid:84427754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/info.zip"; depth:25; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564655/; classtype:trojan-activity;sid:84427755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/vehicleinformation/service/impl/info.zip"; depth:96; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564648/; classtype:trojan-activity;sid:84427748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/pdauser/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564644/; classtype:trojan-activity;sid:84427744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/dto/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564640/; classtype:trojan-activity;sid:84427740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/dao/info.zip"; depth:77; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564641/; classtype:trojan-activity;sid:84427741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dto/info.zip"; depth:67; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564636/; classtype:trojan-activity;sid:84427736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/base/dao/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564638/; classtype:trojan-activity;sid:84427738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564633/; classtype:trojan-activity;sid:84427733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/service/info.zip"; depth:77; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564634/; classtype:trojan-activity;sid:84427734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/info.zip"; depth:64; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564635/; classtype:trojan-activity;sid:84427735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/entity/info.zip"; depth:95; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564630/; classtype:trojan-activity;sid:84427730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/info.zip"; depth:69; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564629/; classtype:trojan-activity;sid:84427729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/info.zip"; depth:41; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564620/; classtype:trojan-activity;sid:84427720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/unusual/service/info.zip"; depth:90; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564621/; classtype:trojan-activity;sid:84427721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/statistic/log/web/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564616/; classtype:trojan-activity;sid:84427716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/web/info.zip"; depth:73; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564611/; classtype:trojan-activity;sid:84427711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/guirui/info.zip"; depth:16; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564599/; classtype:trojan-activity;sid:84427699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/info.zip"; depth:30; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564600/; classtype:trojan-activity;sid:84427700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564601/; classtype:trojan-activity;sid:84427701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/sysparam/action/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564602/; classtype:trojan-activity;sid:84427702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/datawrite/action/info.zip"; depth:96; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564603/; classtype:trojan-activity;sid:84427703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/dao/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564597/; classtype:trojan-activity;sid:84427697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/info.zip"; depth:80; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564598/; classtype:trojan-activity;sid:84427698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/info.zip"; depth:67; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564594/; classtype:trojan-activity;sid:84427694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/info.zip"; depth:60; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564595/; classtype:trojan-activity;sid:84427695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/nvrsetting/service/info.zip"; depth:90; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564596/; classtype:trojan-activity;sid:84427696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/excel/annotation/info.zip"; depth:92; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564593/; classtype:trojan-activity;sid:84427693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/set/service/impl/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564592/; classtype:trojan-activity;sid:84427692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/base/utils/info.zip"; depth:75; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564589/; classtype:trojan-activity;sid:84427689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/dao/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564590/; classtype:trojan-activity;sid:84427690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/info.zip"; depth:96; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564583/; classtype:trojan-activity;sid:84427683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%e6%96%b0%e6%96%87%e4%bb%b6%e5%a4%b9%20(2)/info.zip"; depth:52; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564584/; classtype:trojan-activity;sid:84427684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/info.zip"; depth:34; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564585/; classtype:trojan-activity;sid:84427685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/service/info.zip"; depth:92; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564581/; classtype:trojan-activity;sid:84427681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haohua/info.zip"; depth:16; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564578/; classtype:trojan-activity;sid:84427678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/ckwss/base/info.zip"; depth:82; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564577/; classtype:trojan-activity;sid:84427677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/count/info.zip"; depth:85; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564576/; classtype:trojan-activity;sid:84427676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/checksetting/dao/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564574/; classtype:trojan-activity;sid:84427674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/info.zip"; depth:52; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564575/; classtype:trojan-activity;sid:84427675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pda/module/info.zip"; depth:69; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564569/; classtype:trojan-activity;sid:84427669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/operationsetting/service/impl/info.zip"; depth:101; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564568/; classtype:trojan-activity;sid:84427668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/ckts_005fpc/rgsy/system/info.zip"; depth:105; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564566/; classtype:trojan-activity;sid:84427666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/chkpt/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564565/; classtype:trojan-activity;sid:84427665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/info.zip"; depth:63; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564563/; classtype:trojan-activity;sid:84427663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/vehiclereview/controller/info.zip"; depth:89; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564561/; classtype:trojan-activity;sid:84427661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/info.zip"; depth:56; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564562/; classtype:trojan-activity;sid:84427662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/entity/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564559/; classtype:trojan-activity;sid:84427659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/lib/info.zip"; depth:21; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564554/; classtype:trojan-activity;sid:84427654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/root/info.zip"; depth:46; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564542/; classtype:trojan-activity;sid:84427642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaifa/info.zip"; depth:15; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564543/; classtype:trojan-activity;sid:84427643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/dataquery/dto/info.zip"; depth:93; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564544/; classtype:trojan-activity;sid:84427644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/org/apache/jsp/web_002dinf/com/vkl/info.zip"; depth:81; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564545/; classtype:trojan-activity;sid:84427645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/info.zip"; depth:71; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564539/; classtype:trojan-activity;sid:84427639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/viewws/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564540/; classtype:trojan-activity;sid:84427640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pda/web-inf/classes/com/vkl/pcwss/module/pdawss/info.zip"; depth:78; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564541/; classtype:trojan-activity;sid:84427641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/record/web/info.zip"; depth:75; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564538/; classtype:trojan-activity;sid:84427638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/work/catalina/localhost/bfxt/info.zip"; depth:46; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564534/; classtype:trojan-activity;sid:84427634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/mapping/com/vkl/pcwss/module/ckwss/info.zip"; depth:87; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564535/; classtype:trojan-activity;sid:84427635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/zbzlwss/action/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564536/; classtype:trojan-activity;sid:84427636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/info.zip"; depth:79; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564537/; classtype:trojan-activity;sid:84427637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/info.zip"; depth:50; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564527/; classtype:trojan-activity;sid:84427627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aspnet_client/info.zip"; depth:23; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564528/; classtype:trojan-activity;sid:84427628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/web/info.zip"; depth:67; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564529/; classtype:trojan-activity;sid:84427629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/temp/poifiles/info.zip"; depth:31; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564526/; classtype:trojan-activity;sid:84427626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/report/info.zip"; depth:37; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564522/; classtype:trojan-activity;sid:84427622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/pub/dao/info.zip"; depth:67; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564521/; classtype:trojan-activity;sid:84427621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/visitwss/dto/info.zip"; depth:86; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564519/; classtype:trojan-activity;sid:84427619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/cksy/servacpt/entity/info.zip"; depth:80; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564518/; classtype:trojan-activity;sid:84427618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/ckwss/info.zip"; depth:79; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564515/; classtype:trojan-activity;sid:84427615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/wss/action/info.zip"; depth:70; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564514/; classtype:trojan-activity;sid:84427614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/dao/info.zip"; depth:88; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564509/; classtype:trojan-activity;sid:84427609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/info.zip"; depth:59; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564500/; classtype:trojan-activity;sid:84427600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt_pcwss/web-inf/classes/com/vkl/pcwss/module/gbrwss/dao/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564502/; classtype:trojan-activity;sid:84427602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/dept/service/info.zip"; depth:77; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564498/; classtype:trojan-activity;sid:84427598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/mapping/com/vkl/ckts/module/rgsy/dept/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564499/; classtype:trojan-activity;sid:84427599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3564497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomcat8/webapps/bfxt/web-inf/classes/com/vkl/ckts/rgsy/system/photosetting/info.zip"; depth:84; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_18; reference:url, urlhaus.abuse.ch/url/3564497/; classtype:trojan-activity;sid:84427597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agent.exe"; depth:10; endswith; nocase; http.host; content:"152.67.84.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563453/; classtype:trojan-activity;sid:84426553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"43.136.88.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563444/; classtype:trojan-activity;sid:84426544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"175.178.174.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563441/; classtype:trojan-activity;sid:84426541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"175.178.174.23"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563442/; classtype:trojan-activity;sid:84426542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"43.136.51.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563435/; classtype:trojan-activity;sid:84426535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"42.193.115.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563432/; classtype:trojan-activity;sid:84426532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"43.136.51.89"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563425/; classtype:trojan-activity;sid:84426525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"42.193.115.114"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563418/; classtype:trojan-activity;sid:84426518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"43.136.88.193"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563424/; classtype:trojan-activity;sid:84426524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"114.132.86.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563388/; classtype:trojan-activity;sid:84426488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"43.139.88.161"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563385/; classtype:trojan-activity;sid:84426485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"106.55.134.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563384/; classtype:trojan-activity;sid:84426484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"124.223.73.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563380/; classtype:trojan-activity;sid:84426480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"124.223.73.186"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563381/; classtype:trojan-activity;sid:84426481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"42.194.199.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563374/; classtype:trojan-activity;sid:84426474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"114.132.86.182"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563373/; classtype:trojan-activity;sid:84426473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"49.233.172.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563369/; classtype:trojan-activity;sid:84426469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"43.139.88.161"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563362/; classtype:trojan-activity;sid:84426462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"49.233.172.4"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563363/; classtype:trojan-activity;sid:84426463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"119.91.58.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563364/; classtype:trojan-activity;sid:84426464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"81.69.185.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563349/; classtype:trojan-activity;sid:84426449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"81.69.185.184"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563343/; classtype:trojan-activity;sid:84426443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"106.55.134.240"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563336/; classtype:trojan-activity;sid:84426436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"119.91.58.97"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563320/; classtype:trojan-activity;sid:84426420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3563253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gg.apk"; depth:7; endswith; nocase; http.host; content:"112.18.10.80"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3563253/; classtype:trojan-activity;sid:84426353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mar10/wsgidav/archive/refs/heads/master.zip"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_17; reference:url, urlhaus.abuse.ch/url/3562926/; classtype:trojan-activity;sid:84426026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/flame/msglu32.ocx"; depth:28; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562778/; classtype:trojan-activity;sid:84425878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/energizertrojan-malware.zip"; depth:38; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562768/; classtype:trojan-activity;sid:84425868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/flame/advnetcfg.ocx"; depth:30; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562769/; classtype:trojan-activity;sid:84425869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malware/icecast2_2.0.0_vulnerable.exe"; depth:38; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562770/; classtype:trojan-activity;sid:84425870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/flame/mssecmgr.ocx"; depth:29; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562771/; classtype:trojan-activity;sid:84425871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/dnsmasq-2.73rc7.tar.gz"; depth:33; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562772/; classtype:trojan-activity;sid:84425872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/flame/boot32drv.sys"; depth:30; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562774/; classtype:trojan-activity;sid:84425874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malware/energizertrojan-malware.zip"; depth:36; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562775/; classtype:trojan-activity;sid:84425875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/flame/nteps32.ocx"; depth:28; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562766/; classtype:trojan-activity;sid:84425866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/malware/dnsmasq-2.73rc7.tar.gz"; depth:31; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562767/; classtype:trojan-activity;sid:84425867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/icecast2_2.0.0_vulnerable.exe"; depth:40; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562765/; classtype:trojan-activity;sid:84425865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dangerous/flame/ccalc32.sys"; depth:28; endswith; nocase; http.host; content:"172.236.108.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562763/; classtype:trojan-activity;sid:84425863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tcp_linux_amd64"; depth:16; endswith; nocase; http.host; content:"101.43.49.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562757/; classtype:trojan-activity;sid:84425857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zusyaku/malware-collection-part-2/refs/heads/main/666/666.exe"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562600/; classtype:trojan-activity;sid:84425700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp.bat"; depth:7; endswith; nocase; http.host; content:"92.127.156.174"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562599/; classtype:trojan-activity;sid:84425699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/live.lnk"; depth:9; endswith; nocase; http.host; content:"103.116.190.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562404/; classtype:trojan-activity;sid:84425504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3562403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uat.lnk"; depth:8; endswith; nocase; http.host; content:"103.116.190.93"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_16; reference:url, urlhaus.abuse.ch/url/3562403/; classtype:trojan-activity;sid:84425503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-x86_64_windows.7z"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561991/; classtype:trojan-activity;sid:84425091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561989/; classtype:trojan-activity;sid:84425089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyverntkc/cpuminer-gr-avx2/archive/refs/tags/1.2.4.1.tar.gz"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561990/; classtype:trojan-activity;sid:84425090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561988)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wyverntkc/cpuminer-gr-avx2/releases/download/1.2.4.1/cpuminer-gr-1.2.4.1-args-x86_64_linux.tar.gz"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_14; reference:url, urlhaus.abuse.ch/url/3561988/; classtype:trojan-activity;sid:84425088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invc/xfspeed/qqpcmgr/module_update/fid1746669868_runqmhunt.exe.zip"; depth:67; endswith; nocase; http.host; content:"dlied6.yz.tcdnos.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561860/; classtype:trojan-activity;sid:84424960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747308966_runqmhunt.exe.zip"; depth:67; endswith; nocase; http.host; content:"dlied6.bytes.tcdnos.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561859/; classtype:trojan-activity;sid:84424959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747209335_runqmhunt.exe.zip"; depth:67; endswith; nocase; http.host; content:"dlied6.bytes.tcdnos.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561858/; classtype:trojan-activity;sid:84424958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747732120_runqmhunt.exe.zip"; depth:67; endswith; nocase; http.host; content:"dlied6.bytes.tcdnos.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561857/; classtype:trojan-activity;sid:84424957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invc/xfspeed/qqpcmgr/module_update/fid1747640975_runqmhunt.exe.zip"; depth:67; endswith; nocase; http.host; content:"dlied6.bytes.tcdnos.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561856/; classtype:trojan-activity;sid:84424956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/data/drss/drbw.zip"; depth:25; endswith; nocase; http.host; content:"124.223.105.161"; depth:15; isdataat:!1,relative; metadata:created_at 2025_06_13; reference:url, urlhaus.abuse.ch/url/3561839/; classtype:trojan-activity;sid:84424939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3561639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/kedadecoder.zip"; depth:25; endswith; nocase; http.host; content:"123.232.43.185"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_12; reference:url, urlhaus.abuse.ch/url/3561639/; classtype:trojan-activity;sid:84424739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.88.234.44"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_11; reference:url, urlhaus.abuse.ch/url/3560938/; classtype:trojan-activity;sid:84424038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/ransomware/annabelle.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560452/; classtype:trojan-activity;sid:84423552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rzm-crack-team/redline-crack/main/redline-crack-by-rzt.zip"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560449/; classtype:trojan-activity;sid:84423549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barrigudinha157/barrigudinha/master/ydrag.dll"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560445/; classtype:trojan-activity;sid:84423545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/loic/master/loic.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560439/; classtype:trojan-activity;sid:84423539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phantompeek/kematian/main/frontend-src/kematian_shellcode.ps1"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560434/; classtype:trojan-activity;sid:84423534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/ransomware/cryptowall.exe"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560418/; classtype:trojan-activity;sid:84423518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phantompeek/kematian/main/frontend-src/main.ps1"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560419/; classtype:trojan-activity;sid:84423519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/ransomware/cryptolocker.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560422/; classtype:trojan-activity;sid:84423522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/email-worm/prolin.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560416/; classtype:trojan-activity;sid:84423516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phantompeek/kematian/main/frontend-src/main.bat"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560412/; classtype:trojan-activity;sid:84423512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/funbatchcode-malicousandnonmalicous/master/worm.bat"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560414/; classtype:trojan-activity;sid:84423514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noccenter/noccenter/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; depth:83; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560409/; classtype:trojan-activity;sid:84423509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pc/pdfconvert/pdfconverter_p2w154-zx-666.exe"; depth:45; endswith; nocase; http.host; content:"download.pdf00.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560385/; classtype:trojan-activity;sid:84423485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/rod_en_1.exe"; depth:23; endswith; nocase; http.host; content:"www.r-tt.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560380/; classtype:trojan-activity;sid:84423480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/rmd_en_1.exe"; depth:23; endswith; nocase; http.host; content:"www.r-tt.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560381/; classtype:trojan-activity;sid:84423481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/rxd_en_1.exe"; depth:23; endswith; nocase; http.host; content:"www.r-tt.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560383/; classtype:trojan-activity;sid:84423483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3560209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cybertoxin/remcos-professional-cracked-by-alcatraz3222/raw/master/remcos%20professional%20cracked%20by%20alcatraz3222.zip"; depth:122; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_06_10; reference:url, urlhaus.abuse.ch/url/3560209/; classtype:trojan-activity;sid:84423309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.219.130.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_08; reference:url, urlhaus.abuse.ch/url/3559317/; classtype:trojan-activity;sid:84422417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/update/bmw_v1.7.exe"; depth:27; endswith; nocase; http.host; content:"acc.jiangsujiaxue.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559217/; classtype:trojan-activity;sid:84422317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/classticket.exe"; depth:16; endswith; nocase; http.host; content:"class1004.dothome.co.kr"; depth:23; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559216/; classtype:trojan-activity;sid:84422316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/static/download/teleport-assist-windows.exe"; depth:44; endswith; nocase; http.host; content:"58.49.210.250"; depth:13; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559211/; classtype:trojan-activity;sid:84422311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yx/dts/sqft/904576/yx_dts.exe"; depth:30; endswith; nocase; http.host; content:"d.14yaa.com"; depth:11; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559208/; classtype:trojan-activity;sid:84422308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nps.exe"; depth:8; endswith; nocase; http.host; content:"118.219.11.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559123/; classtype:trojan-activity;sid:84422223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/keystone.dll"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559040/; classtype:trojan-activity;sid:84422140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/sgn.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559037/; classtype:trojan-activity;sid:84422137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/bsodlogicbomb.ps1"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559033/; classtype:trojan-activity;sid:84422133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/powersyringe.ps1"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559034/; classtype:trojan-activity;sid:84422134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/invoke-reflectivepeinjection.ps1"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559022/; classtype:trojan-activity;sid:84422122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/pe2shc.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559025/; classtype:trojan-activity;sid:84422125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/encrypted.enc"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559019/; classtype:trojan-activity;sid:84422119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/masquerade-peb.ps1"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559009/; classtype:trojan-activity;sid:84422109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/uacbstartup.ps1"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559012/; classtype:trojan-activity;sid:84422112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/invoke-shellcode-fixed.ps1"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559014/; classtype:trojan-activity;sid:84422114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/onedoesnotsimplybypassentirewindefender.ps1"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559015/; classtype:trojan-activity;sid:84422115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/migrate.rb"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559005/; classtype:trojan-activity;sid:84422105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3559006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/base64.rb"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3559006/; classtype:trojan-activity;sid:84422106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/email-worm/bugsoft.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558975/; classtype:trojan-activity;sid:84422075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/email-worm/brontok.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558976/; classtype:trojan-activity;sid:84422076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/banking-malware/zloader.xlsm"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558977/; classtype:trojan-activity;sid:84422077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/email-worm/anap.a.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558973/; classtype:trojan-activity;sid:84422073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/email-worm/axam.a.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558974/; classtype:trojan-activity;sid:84422074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/banking-malware/emotet.zip"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558966/; classtype:trojan-activity;sid:84422066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/master/email-worm/amus.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558967/; classtype:trojan-activity;sid:84422067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/rickware/master/rickroll.exe"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_07; reference:url, urlhaus.abuse.ch/url/3558969/; classtype:trojan-activity;sid:84422069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.26.97.59"; depth:12; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558602/; classtype:trojan-activity;sid:84421702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g7_update.exe"; depth:14; endswith; nocase; http.host; content:"118.219.11.202"; depth:14; isdataat:!1,relative; metadata:created_at 2025_06_05; reference:url, urlhaus.abuse.ch/url/3558501/; classtype:trojan-activity;sid:84421601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/amsibypass/main/newamsibypass.ps1"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558302/; classtype:trojan-activity;sid:84421402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/link-exe-test/main/matthew.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558300/; classtype:trojan-activity;sid:84421400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/second.bin"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558295/; classtype:trojan-activity;sid:84421395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/urbanvpn.exe"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558290/; classtype:trojan-activity;sid:84421390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/svhost.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558291/; classtype:trojan-activity;sid:84421391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/second.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558292/; classtype:trojan-activity;sid:84421392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/invoke-nicelittlekittieobf/main/invoke-nicelittlekittieobf.ps1"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558289/; classtype:trojan-activity;sid:84421389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/pvp.exe"; depth:26; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558285/; classtype:trojan-activity;sid:84421385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/darwin.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558287/; classtype:trojan-activity;sid:84421387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/rust-dropper/main/src/main.rs"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558280/; classtype:trojan-activity;sid:84421380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5hackr/phantom/main/phantom/bin/x64/release/phantom.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558271/; classtype:trojan-activity;sid:84421371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/invoke-shell/main/reverse.ps1"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558266/; classtype:trojan-activity;sid:84421366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/iso-file-testing/main/pleaserunme.iso"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558264/; classtype:trojan-activity;sid:84421364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5hackr/phantom/main/phantom/resources/uac64.dll"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558260/; classtype:trojan-activity;sid:84421360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/payload.bin"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558252/; classtype:trojan-activity;sid:84421352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/riende.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558247/; classtype:trojan-activity;sid:84421347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5hackr/phantom/main/phantom/resources/uac.dll"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558249/; classtype:trojan-activity;sid:84421349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/invoke-nicelittlekittie/main/invoke-nicelittlekittie.ps1"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558243/; classtype:trojan-activity;sid:84421343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/main/payload_encrypted.bin"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558235/; classtype:trojan-activity;sid:84421335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/meter/main/meter5555.ps1"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558237/; classtype:trojan-activity;sid:84421337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/js-file-test/main/loader.js"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558229/; classtype:trojan-activity;sid:84421329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3558230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/rust-revshell/main/src/main.rs"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_06_04; reference:url, urlhaus.abuse.ch/url/3558230/; classtype:trojan-activity;sid:84421330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2025/05/1tronps1.txt"; depth:40; endswith; nocase; http.host; content:"sablayan.seasonshotelmindoro.com"; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556675/; classtype:trojan-activity;sid:84419775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2025/05/1framework.txt"; depth:42; endswith; nocase; http.host; content:"sablayan.seasonshotelmindoro.com"; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556673/; classtype:trojan-activity;sid:84419773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2025/05/1tronvbs.txt"; depth:40; endswith; nocase; http.host; content:"sablayan.seasonshotelmindoro.com"; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556668/; classtype:trojan-activity;sid:84419768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3556670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2025/05/imagens.txt"; depth:39; endswith; nocase; http.host; content:"sablayan.seasonshotelmindoro.com"; depth:32; isdataat:!1,relative; metadata:created_at 2025_06_03; reference:url, urlhaus.abuse.ch/url/3556670/; classtype:trojan-activity;sid:84419770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3555192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/raw/refs/heads/master/ransomware/wannacry.exe"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_29; reference:url, urlhaus.abuse.ch/url/3555192/; classtype:trojan-activity;sid:84418292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.239.78.134"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554546/; classtype:trojan-activity;sid:84417646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rate.zip"; depth:9; endswith; nocase; http.host; content:"celebratingseniors.net"; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554430/; classtype:trojan-activity;sid:84417530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rats.zip"; depth:9; endswith; nocase; http.host; content:"celebratingseniors.net"; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554345/; classtype:trojan-activity;sid:84417445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3554334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oste.zip"; depth:9; endswith; nocase; http.host; content:"celebratingseniors.net"; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_28; reference:url, urlhaus.abuse.ch/url/3554334/; classtype:trojan-activity;sid:84417434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.95.253.86"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553946/; classtype:trojan-activity;sid:84417046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bufs.zip"; depth:9; endswith; nocase; http.host; content:"maidforyou1985.com"; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553636/; classtype:trojan-activity;sid:84416736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mits.zip"; depth:9; endswith; nocase; http.host; content:"windomstatetheater.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553629/; classtype:trojan-activity;sid:84416729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/osxs.zip"; depth:9; endswith; nocase; http.host; content:"windomstatetheater.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553633/; classtype:trojan-activity;sid:84416733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rars.zip"; depth:9; endswith; nocase; http.host; content:"windomstatetheater.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553609/; classtype:trojan-activity;sid:84416709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3553268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"180.92.228.34"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_27; reference:url, urlhaus.abuse.ch/url/3553268/; classtype:trojan-activity;sid:84416368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.81.156.123"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552756/; classtype:trojan-activity;sid:84415856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.81.156.124"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552757/; classtype:trojan-activity;sid:84415857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.83.211.82"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552741/; classtype:trojan-activity;sid:84415841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bre"; depth:4; endswith; nocase; http.host; content:"109.74.204.206"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_26; reference:url, urlhaus.abuse.ch/url/3552617/; classtype:trojan-activity;sid:84415717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonimusman00-2/xmr/refs/heads/main/silent%20miner.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552045/; classtype:trojan-activity;sid:84415145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/waf/dracula-cmd/master/dist/colortool.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552042/; classtype:trojan-activity;sid:84415142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iamsysadmin/setteamsbg/main/set-teams-backgrounds.zip"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552043/; classtype:trojan-activity;sid:84415143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anonimusman00-2/xmr/raw/refs/heads/main/silent%20miner.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552009/; classtype:trojan-activity;sid:84415109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3552005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alanparadis/stalker2simplemodmerger/releases/download/vortex-v1.4.9/stalker2simplemodmergerforvortex.zip"; depth:105; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3552005/; classtype:trojan-activity;sid:84415105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"47.242.66.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551493/; classtype:trojan-activity;sid:84414593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.15.250.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551361/; classtype:trojan-activity;sid:84414461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3551305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.208.193"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_24; reference:url, urlhaus.abuse.ch/url/3551305/; classtype:trojan-activity;sid:84414405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/macmid_sonoma_14_5.exe"; depth:23; endswith; nocase; http.host; content:"107.198.40.184"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550735/; classtype:trojan-activity;sid:84413835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.59.90.109"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550381/; classtype:trojan-activity;sid:84413481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"47.86.190.58"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550356/; classtype:trojan-activity;sid:84413456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3550290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"84.15.250.81"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_23; reference:url, urlhaus.abuse.ch/url/3550290/; classtype:trojan-activity;sid:84413390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/server.exe"; depth:11; endswith; nocase; http.host; content:"106.14.68.26"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549998/; classtype:trojan-activity;sid:84413098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3549645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.87.82.140"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_22; reference:url, urlhaus.abuse.ch/url/3549645/; classtype:trojan-activity;sid:84412745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ed2w0zvvx53_mfifdszyslleurub40zo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547880/; classtype:trojan-activity;sid:84410980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.84.143"; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547784/; classtype:trojan-activity;sid:84410884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3547782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.98.176.195"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_20; reference:url, urlhaus.abuse.ch/url/3547782/; classtype:trojan-activity;sid:84410882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.119.108.21"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546975/; classtype:trojan-activity;sid:84410075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3546969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"84.236.147.129"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_19; reference:url, urlhaus.abuse.ch/url/3546969/; classtype:trojan-activity;sid:84410069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/nk/wunbbnvf102.bin"; depth:31; endswith; nocase; http.host; content:"planetariumobil.ro"; depth:18; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544992/; classtype:trojan-activity;sid:84408092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3544450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.204.105.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_16; reference:url, urlhaus.abuse.ch/url/3544450/; classtype:trojan-activity;sid:84407550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.239.97"; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543803/; classtype:trojan-activity;sid:84406903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.239.98"; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543805/; classtype:trojan-activity;sid:84406905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.83.40"; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543801/; classtype:trojan-activity;sid:84406901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.204.105.97"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_15; reference:url, urlhaus.abuse.ch/url/3543701/; classtype:trojan-activity;sid:84406801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3543392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.50.222.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_14; reference:url, urlhaus.abuse.ch/url/3543392/; classtype:trojan-activity;sid:84406492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3542563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wvxiyf_ryvgg_x3x7uceicqrndhb7lul"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_05_13; reference:url, urlhaus.abuse.ch/url/3542563/; classtype:trojan-activity;sid:84405663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/giphy.gif"; depth:21; endswith; nocase; http.host; content:"onfiltre.com.tr"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_12; reference:url, urlhaus.abuse.ch/url/3541826/; classtype:trojan-activity;sid:84404926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.sh4"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541464/; classtype:trojan-activity;sid:84404564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.arm"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541468/; classtype:trojan-activity;sid:84404568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.x86"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541469/; classtype:trojan-activity;sid:84404569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.m68k"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541471/; classtype:trojan-activity;sid:84404571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.ppc"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541473/; classtype:trojan-activity;sid:84404573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.arm5"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541474/; classtype:trojan-activity;sid:84404574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.mips"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541476/; classtype:trojan-activity;sid:84404576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.arm6"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541477/; classtype:trojan-activity;sid:84404577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.spc"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541479/; classtype:trojan-activity;sid:84404579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.mpsl"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541481/; classtype:trojan-activity;sid:84404581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.mpsl"; depth:24; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541456/; classtype:trojan-activity;sid:84404556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.mips"; depth:24; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541457/; classtype:trojan-activity;sid:84404557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.arm7"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541458/; classtype:trojan-activity;sid:84404558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.x86_64"; depth:26; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541459/; classtype:trojan-activity;sid:84404559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm5"; depth:24; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541460/; classtype:trojan-activity;sid:84404560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/arm7"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541461/; classtype:trojan-activity;sid:84404561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm7"; depth:24; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541446/; classtype:trojan-activity;sid:84404546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm"; depth:23; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541447/; classtype:trojan-activity;sid:84404547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/x86_64"; depth:13; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541448/; classtype:trojan-activity;sid:84404548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.arm6"; depth:24; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541449/; classtype:trojan-activity;sid:84404549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.spc"; depth:23; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541450/; classtype:trojan-activity;sid:84404550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.ppc"; depth:23; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541451/; classtype:trojan-activity;sid:84404551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.m68k"; depth:24; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541452/; classtype:trojan-activity;sid:84404552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.x86"; depth:23; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541453/; classtype:trojan-activity;sid:84404553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/vcimanagement.sh4"; depth:23; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541454/; classtype:trojan-activity;sid:84404554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/kwari.x86_64"; depth:18; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541455/; classtype:trojan-activity;sid:84404555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/m68k"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541365/; classtype:trojan-activity;sid:84404465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/arm"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541355/; classtype:trojan-activity;sid:84404455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/arm5"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541356/; classtype:trojan-activity;sid:84404456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/x86"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541358/; classtype:trojan-activity;sid:84404458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/ppc"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541359/; classtype:trojan-activity;sid:84404459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/mips"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541360/; classtype:trojan-activity;sid:84404460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/sh4"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541361/; classtype:trojan-activity;sid:84404461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/mpsl"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541362/; classtype:trojan-activity;sid:84404462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/arm6"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541363/; classtype:trojan-activity;sid:84404463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3541364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/spc"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3541364/; classtype:trojan-activity;sid:84404464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-static-x64.tar.gz"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_05_11; reference:url, urlhaus.abuse.ch/url/3540931/; classtype:trojan-activity;sid:84404031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/c.sh"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540430/; classtype:trojan-activity;sid:84403530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/w.sh"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540431/; classtype:trojan-activity;sid:84403531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm6"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540409/; classtype:trojan-activity;sid:84403509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm5"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540400/; classtype:trojan-activity;sid:84403500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.arm"; depth:14; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540401/; classtype:trojan-activity;sid:84403501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.ppc"; depth:14; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540402/; classtype:trojan-activity;sid:84403502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mips"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540403/; classtype:trojan-activity;sid:84403503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.x86"; depth:14; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540404/; classtype:trojan-activity;sid:84403504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.sh4"; depth:14; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540405/; classtype:trojan-activity;sid:84403505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.mpsl"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540406/; classtype:trojan-activity;sid:84403506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.m68k"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540407/; classtype:trojan-activity;sid:84403507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/sora.spc"; depth:14; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540408/; classtype:trojan-activity;sid:84403508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3540085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.x/pax.txt"; depth:11; endswith; nocase; http.host; content:"13.71.2.244"; depth:11; isdataat:!1,relative; metadata:created_at 2025_05_10; reference:url, urlhaus.abuse.ch/url/3540085/; classtype:trojan-activity;sid:84403185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/js_bo/werkstastt/shotstar.prm"; depth:30; endswith; nocase; http.host; content:"www.silver-hubdachwohnwagen.de"; depth:30; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539686/; classtype:trojan-activity;sid:84402786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"8.218.225.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539354/; classtype:trojan-activity;sid:84402454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.190.58.102"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_09; reference:url, urlhaus.abuse.ch/url/3539297/; classtype:trojan-activity;sid:84402397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3539028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.22.42.232"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3539028/; classtype:trojan-activity;sid:84402128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.211.217"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538764/; classtype:trojan-activity;sid:84401864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.208.237"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538763/; classtype:trojan-activity;sid:84401863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.209.31"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538762/; classtype:trojan-activity;sid:84401862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.94.181.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538761/; classtype:trojan-activity;sid:84401861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.209.46"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538755/; classtype:trojan-activity;sid:84401855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.94.181.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538747/; classtype:trojan-activity;sid:84401847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.94.181.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538741/; classtype:trojan-activity;sid:84401841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"201.94.181.7"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538744/; classtype:trojan-activity;sid:84401844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"121.202.208.107"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538670/; classtype:trojan-activity;sid:84401770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3538179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.22.42.232"; depth:12; isdataat:!1,relative; metadata:created_at 2025_05_08; reference:url, urlhaus.abuse.ch/url/3538179/; classtype:trojan-activity;sid:84401279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3537710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp/wex.gif"; depth:11; endswith; nocase; http.host; content:"stonecradle.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_07; reference:url, urlhaus.abuse.ch/url/3537710/; classtype:trojan-activity;sid:84400810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/wget.sh"; depth:14; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536597/; classtype:trojan-activity;sid:84399697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm5"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536598/; classtype:trojan-activity;sid:84399698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mips"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536618/; classtype:trojan-activity;sid:84399718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/w.sh"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536583/; classtype:trojan-activity;sid:84399683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm6"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536582/; classtype:trojan-activity;sid:84399682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.m68k"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536575/; classtype:trojan-activity;sid:84399675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.mpsl"; depth:16; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536576/; classtype:trojan-activity;sid:84399676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/c.sh"; depth:11; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536577/; classtype:trojan-activity;sid:84399677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.x86"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536578/; classtype:trojan-activity;sid:84399678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.arm"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536579/; classtype:trojan-activity;sid:84399679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.spc"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536580/; classtype:trojan-activity;sid:84399680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/where/botx.sh4"; depth:15; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536581/; classtype:trojan-activity;sid:84399681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3536070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl202"; depth:6; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_06; reference:url, urlhaus.abuse.ch/url/3536070/; classtype:trojan-activity;sid:84399170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3534886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"103.153.93.18"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_04; reference:url, urlhaus.abuse.ch/url/3534886/; classtype:trojan-activity;sid:84397986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3533582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kokotpycauholica/ultraundetecteddrv/refs/heads/main/hbvtmbp46iieehp1.exe"; depth:73; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_05_03; reference:url, urlhaus.abuse.ch/url/3533582/; classtype:trojan-activity;sid:84396682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl201"; depth:6; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532985/; classtype:trojan-activity;sid:84396085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.102.198.226"; depth:15; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532855/; classtype:trojan-activity;sid:84395955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"114.129.49.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532847/; classtype:trojan-activity;sid:84395947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"114.129.49.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532848/; classtype:trojan-activity;sid:84395948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"114.129.49.131"; depth:14; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532849/; classtype:trojan-activity;sid:84395949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3532282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl200"; depth:6; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_05_02; reference:url, urlhaus.abuse.ch/url/3532282/; classtype:trojan-activity;sid:84395382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3529878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.4.13.252"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_29; reference:url, urlhaus.abuse.ch/url/3529878/; classtype:trojan-activity;sid:84392978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mir1ce/hawkeye/releases/download/v0319/hawkeye.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528280/; classtype:trojan-activity;sid:84391380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yarahq/yara-forge/releases/latest/download/yara-forge-rules-core.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528279/; classtype:trojan-activity;sid:84391379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meckazin/chromekatz/releases/download/0.6.1/chromekatzbofs.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_28; reference:url, urlhaus.abuse.ch/url/3528277/; classtype:trojan-activity;sid:84391377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/19831362/alpha.zip"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528171/; classtype:trojan-activity;sid:84391271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/decalage2/oletools/releases/download/v0.60.2/oletools-0.60.2.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528170/; classtype:trojan-activity;sid:84391270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/19831288/crack.nurik.zip"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528165/; classtype:trojan-activity;sid:84391265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/19831450/solara.zip"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528162/; classtype:trojan-activity;sid:84391262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/19835739/solarus.zip"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528154/; classtype:trojan-activity;sid:84391254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zxc5wezxc/new/main/dllbase64reverse.txt"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528128/; classtype:trojan-activity;sid:84391228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/androidmalware/android_hid/f25d0234cff288ab8384689685e37b1b4bbaf2ba/test.exe"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528127/; classtype:trojan-activity;sid:84391227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monkeyadece/v-f/releases/download/1.4.2/vector-fixer-v1.4.2.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528108/; classtype:trojan-activity;sid:84391208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ui.exe"; depth:7; endswith; nocase; http.host; content:"public.demo.securecloudsandbox.com"; depth:34; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528105/; classtype:trojan-activity;sid:84391205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbormann/darts-gif/releases/download/v1.1.0/darts-gif.exe"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528107/; classtype:trojan-activity;sid:84391207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbormann/darts-pixelit/releases/download/v1.2.2/darts-pixelit.exe"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528100/; classtype:trojan-activity;sid:84391200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lbormann/darts-wled/releases/download/v1.8.1/darts-wled.exe"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528101/; classtype:trojan-activity;sid:84391201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528097)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harelba/q/releases/download/2.0.19/q-amd64-windows.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528097/; classtype:trojan-activity;sid:84391197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3528098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3528098/; classtype:trojan-activity;sid:84391198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527856)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"78.36.11.185"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527856/; classtype:trojan-activity;sid:84390956; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3527814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"85.57.30.25"; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_27; reference:url, urlhaus.abuse.ch/url/3527814/; classtype:trojan-activity;sid:84390914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verify-sec"; depth:11; endswith; nocase; http.host; content:"msoftdatastore.z22.web.core.windows.net"; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526930/; classtype:trojan-activity;sid:84390030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3526832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.252.69.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3526832/; classtype:trojan-activity;sid:84389932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/debug.dbg"; depth:10; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525979/; classtype:trojan-activity;sid:84389079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.83.158.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525714/; classtype:trojan-activity;sid:84388814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"149.241.40.177"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_26; reference:url, urlhaus.abuse.ch/url/3525710/; classtype:trojan-activity;sid:84388810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.144.210.195"; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525139/; classtype:trojan-activity;sid:84388239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.252.69.10"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525013/; classtype:trojan-activity;sid:84388113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3525021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/linux"; depth:6; endswith; nocase; http.host; content:"47.83.203.183"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3525021/; classtype:trojan-activity;sid:84388121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vaxilu/x-ui/releases/latest/download/x-ui-linux-amd64.tar.gz"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524811/; classtype:trojan-activity;sid:84387911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.158.88.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524779/; classtype:trojan-activity;sid:84387879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ccjlbddgjhpeeff1b1hfkgp3x16c_tj1"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524506/; classtype:trojan-activity;sid:84387606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3524454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1bpc5z-hv6kosk6artkfmbtsnnwwpdghy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_25; reference:url, urlhaus.abuse.ch/url/3524454/; classtype:trojan-activity;sid:84387554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3523738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"23.239.12.230"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_24; reference:url, urlhaus.abuse.ch/url/3523738/; classtype:trojan-activity;sid:84386838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oto"; depth:4; endswith; nocase; http.host; content:"162.215.218.82"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522943/; classtype:trojan-activity;sid:84386043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.30.92.188"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522876/; classtype:trojan-activity;sid:84385976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ltrdqlgcl6smoqujfs1pb2ernzhsbydh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_23; reference:url, urlhaus.abuse.ch/url/3522687/; classtype:trojan-activity;sid:84385787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eed8989/u/main/ud.bat"; depth:22; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522201/; classtype:trojan-activity;sid:84385301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3522159)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.243.36.33"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_22; reference:url, urlhaus.abuse.ch/url/3522159/; classtype:trojan-activity;sid:84385259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.12.2/xmrig-6.12.2-linux-x64.tar.gz"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_21; reference:url, urlhaus.abuse.ch/url/3520366/; classtype:trojan-activity;sid:84383466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"77.226.241.197"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520082/; classtype:trojan-activity;sid:84383182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"202.57.43.234"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520081/; classtype:trojan-activity;sid:84383181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"179.63.168.2"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520073/; classtype:trojan-activity;sid:84383173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"61.244.254.110"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520077/; classtype:trojan-activity;sid:84383177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"2.136.63.232"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520070/; classtype:trojan-activity;sid:84383170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3520068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.182.77.20"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3520068/; classtype:trojan-activity;sid:84383168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.229.20.42"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519584/; classtype:trojan-activity;sid:84382684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519540)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_autovlbs19_new/trainjx2.exe"; depth:29; endswith; nocase; http.host; content:"thtp2.volamngayxua.net"; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519540/; classtype:trojan-activity;sid:84382640; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_autovlbs19_new/trainjx.exe"; depth:28; endswith; nocase; http.host; content:"thtp2.volamngayxua.net"; depth:22; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519529/; classtype:trojan-activity;sid:84382629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/linm_free/tg_linm_data_image_free.dll"; depth:43; endswith; nocase; http.host; content:"tiwanlinm.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519525/; classtype:trojan-activity;sid:84382625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb/32.exe"; depth:10; endswith; nocase; http.host; content:"ny.lshdw.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519518/; classtype:trojan-activity;sid:84382618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/install/namu832.exe"; depth:20; endswith; nocase; http.host; content:"www.namuvpn.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519513/; classtype:trojan-activity;sid:84382613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/versions/gestioniccv20.21.8.51/gestionicc.exe"; depth:46; endswith; nocase; http.host; content:"icoffeecloud.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519485/; classtype:trojan-activity;sid:84382585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/static/files/bootstrappernew.exe"; depth:42; endswith; nocase; http.host; content:"60aaf9c6.salamanderprocessing.pages.dev"; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519469/; classtype:trojan-activity;sid:84382569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/linm_free/tg_linm_data_map_free.dll"; depth:41; endswith; nocase; http.host; content:"tiwanlinm.duckdns.org"; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519467/; classtype:trojan-activity;sid:84382567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fb/sm.exe"; depth:10; endswith; nocase; http.host; content:"ny.lshdw.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519464/; classtype:trojan-activity;sid:84382564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pds/mogimall/giftorder/giftorder.exe"; depth:37; endswith; nocase; http.host; content:"mogimall.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519459/; classtype:trojan-activity;sid:84382559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/static/files/bootstrappernew.exe"; depth:42; endswith; nocase; http.host; content:"2cfc0222.salamanderprocessing.pages.dev"; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519451/; classtype:trojan-activity;sid:84382551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newchaisupon/vendor/bin/psysh.bat"; depth:34; endswith; nocase; http.host; content:"99194034-96-20180108171507.webstarterz.com"; depth:42; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519446/; classtype:trojan-activity;sid:84382546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/diaclients/doitallmain.exe"; depth:27; endswith; nocase; http.host; content:"www.salonmarketing.ca"; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519442/; classtype:trojan-activity;sid:84382542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sa0611/systemsa32.dll"; depth:22; endswith; nocase; http.host; content:"www.ss-01.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519443/; classtype:trojan-activity;sid:84382543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msedge.exe"; depth:11; endswith; nocase; http.host; content:"c9791c08-f1e4-4402-9510-d04c13c50ea3.selstorage.ru"; depth:50; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519432/; classtype:trojan-activity;sid:84382532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/pubdata/hpsocket4c.dll"; depth:30; endswith; nocase; http.host; content:"114.55.106.136"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519429/; classtype:trojan-activity;sid:84382529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/static/files/bootstrappernew.exe"; depth:42; endswith; nocase; http.host; content:"c3436037.salamanderprocessing.pages.dev"; depth:39; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519415/; classtype:trojan-activity;sid:84382515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rh/setup.exe"; depth:13; endswith; nocase; http.host; content:"d3cciiowg5l3jx.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519408/; classtype:trojan-activity;sid:84382508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pds/mogimall/giftorder/updater.exe"; depth:35; endswith; nocase; http.host; content:"mogimall.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519404/; classtype:trojan-activity;sid:84382504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/video_file/round_setup.exe"; depth:33; endswith; nocase; http.host; content:"tapestryoftruth.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519392/; classtype:trojan-activity;sid:84382492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cfxre.exe"; depth:10; endswith; nocase; http.host; content:"198.50.242.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519389/; classtype:trojan-activity;sid:84382489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r0400/yahoodll.dll"; depth:19; endswith; nocase; http.host; content:"www.ss-01.com"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519368/; classtype:trojan-activity;sid:84382468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/driveapplet.exe"; depth:16; endswith; nocase; http.host; content:"noithaticon.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519369/; classtype:trojan-activity;sid:84382469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/updates/addmefast%20bot.exe"; depth:38; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519354/; classtype:trojan-activity;sid:84382454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nircmd.exe"; depth:11; endswith; nocase; http.host; content:"pub-0478b308b8cf46709a73d0eed5afd633.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519356/; classtype:trojan-activity;sid:84382456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pst.exe"; depth:8; endswith; nocase; http.host; content:"o24o.ru"; depth:7; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519092/; classtype:trojan-activity;sid:84382192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-msvc-win64.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519066/; classtype:trojan-activity;sid:84382166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519063/; classtype:trojan-activity;sid:84382163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tiansys(xp%e4%b8%93%e7%94%a8).exe"; depth:34; endswith; nocase; http.host; content:"fz.tiansys.cn"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519036/; classtype:trojan-activity;sid:84382136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/disbalancer-project/main/releases/latest/download/disbalancer-go-client-windows-386.exe"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519035/; classtype:trojan-activity;sid:84382135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uniondown/haozip_tiny.201805.exe"; depth:33; endswith; nocase; http.host; content:"download.haozip.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519028/; classtype:trojan-activity;sid:84382128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cosmicdevv/icarus-lite/releases/download/v1.1.13/icaruslite-v1.1.13-win.exe"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519027/; classtype:trojan-activity;sid:84382127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sebaxakerhtc/rdpwrap/releases/download/v1.8.9.9/rdpw_installer.exe"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519025/; classtype:trojan-activity;sid:84382125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dax009yt/chilledwindows-gui/releases/download/1.0/chilledwindows.gui.exe"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519026/; classtype:trojan-activity;sid:84382126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jackson2323/mohradiant/blob/master/updt.exe|3f|raw=true"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519019/; classtype:trojan-activity;sid:84382119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/pkexu0ytxar3.exe"; depth:22; endswith; nocase; http.host; content:"115.159.149.113"; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519020/; classtype:trojan-activity;sid:84382120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519016/; classtype:trojan-activity;sid:84382116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/2590057.s21d-2.faiusrd.com/0/abuiabblgaagytxhtauo1pck0ge.exe|3f|f=ghost%e7%bd%91%e5%85%8b%e9%9a%86%e6%a3%80%e6%b5%8b%e5%b7%a5%e5%85%b7.exe|7c|26|7c|v=1452829385|7c|26|7c|wsiphost=local|7c|26|7c|wsrid_tag=61c52eb2_psmgzjgord1de87_17635-16713"; depth:241; endswith; nocase; http.host; content:"157.185.170.200"; depth:15; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518999/; classtype:trojan-activity;sid:84382099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3519000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vexcentry/vex/raw/refs/heads/main/runtimebroker.exe"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3519000/; classtype:trojan-activity;sid:84382100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns3.jpg"; depth:8; endswith; nocase; http.host; content:"162.215.218.82"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518861/; classtype:trojan-activity;sid:84381961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3518860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ns1.jpg"; depth:8; endswith; nocase; http.host; content:"162.215.218.82"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_20; reference:url, urlhaus.abuse.ch/url/3518860/; classtype:trojan-activity;sid:84381960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3517040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mig"; depth:4; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3517040/; classtype:trojan-activity;sid:84380140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vinhuptoday/testbn/raw/refs/heads/main/brbotnet.exe"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516658/; classtype:trojan-activity;sid:84379758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.219.49.173"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_18; reference:url, urlhaus.abuse.ch/url/3516584/; classtype:trojan-activity;sid:84379684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3516013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"43.153.2.113"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3516013/; classtype:trojan-activity;sid:84379113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"120.79.64.164"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515978/; classtype:trojan-activity;sid:84379078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3515922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"113.45.253.80"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3515922/; classtype:trojan-activity;sid:84379022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hrp9lnasbplclnhppp1abwb1uwv4kdvs"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514570/; classtype:trojan-activity;sid:84377670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3514066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkminash/my-codd/raw/896d806a9b4569c9c3a275f200ebe7d2ecec5702/snd16061.exe"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_17; reference:url, urlhaus.abuse.ch/url/3514066/; classtype:trojan-activity;sid:84377166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3510901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl16"; depth:5; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_14; reference:url, urlhaus.abuse.ch/url/3510901/; classtype:trojan-activity;sid:84374001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahmounben/lc/refs/heads/main/xclient.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509907/; classtype:trojan-activity;sid:84373007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justjzero/ahh/refs/heads/main/cloudy.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509904/; classtype:trojan-activity;sid:84373004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justjzero/ahh/raw/refs/heads/main/cloudy.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509901/; classtype:trojan-activity;sid:84373001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3509872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/niggedddx/dependenciuesfeife/raw/refs/heads/main/bruterv3.1.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_13; reference:url, urlhaus.abuse.ch/url/3509872/; classtype:trojan-activity;sid:84372972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.60.246.15"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507942/; classtype:trojan-activity;sid:84371042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3507452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/misterlobster22/mimik/blob/main/mimikatz.exe|3f|raw=true"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_11; reference:url, urlhaus.abuse.ch/url/3507452/; classtype:trojan-activity;sid:84370552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s86.txt"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506392/; classtype:trojan-activity;sid:84369492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deepakmeena2006/lib/6753a65f543afe81079459a8439ec1e0c0a660b4/s64.txt"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506391/; classtype:trojan-activity;sid:84369491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3506346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kcbhxhjt-bdxszgxt1nfnzdt5hpvkwk4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_10; reference:url, urlhaus.abuse.ch/url/3506346/; classtype:trojan-activity;sid:84369446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1muftth-5lscdi3ovd5vn7sjkeit2h9k1"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505672/; classtype:trojan-activity;sid:84368772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/electrichermit/vegas-pro-version/releases/download/v2.0/software.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505377/; classtype:trojan-activity;sid:84368477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ergin3432432/movie-mates/releases/download/v1.0/application.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505382/; classtype:trojan-activity;sid:84368482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yumyumdonuts/free-youtube-to-mp3-converter-free/releases/download/1.1.2/freeyoutubetomp3converterfree-1.1.2.zip"; depth:112; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505334/; classtype:trojan-activity;sid:84368434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nmattioni/upload/raw/refs/heads/master/software.zip"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505313/; classtype:trojan-activity;sid:84368413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anamesias580/upload/refs/heads/master/software.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505307/; classtype:trojan-activity;sid:84368407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phanu85/upload/raw/refs/heads/master/software.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505305/; classtype:trojan-activity;sid:84368405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3505304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pantay/upload/raw/refs/heads/master/software.zip"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_09; reference:url, urlhaus.abuse.ch/url/3505304/; classtype:trojan-activity;sid:84368404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3504713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.238.31"; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_08; reference:url, urlhaus.abuse.ch/url/3504713/; classtype:trojan-activity;sid:84367813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.43.17.123"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503657/; classtype:trojan-activity;sid:84366757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tirtekeka/rat-client/zip/refs/heads/main"; depth:41; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_04_07; reference:url, urlhaus.abuse.ch/url/3503409/; classtype:trojan-activity;sid:84366509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3503003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/konsol.exe"; depth:20; endswith; nocase; http.host; content:"backupso.com"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3503003/; classtype:trojan-activity;sid:84366103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3502701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.210.214.48"; depth:14; isdataat:!1,relative; metadata:created_at 2025_04_06; reference:url, urlhaus.abuse.ch/url/3502701/; classtype:trojan-activity;sid:84365801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chin/ifjjmktge.mp3"; depth:19; endswith; nocase; http.host; content:"dcrun.co.uk"; depth:11; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500891/; classtype:trojan-activity;sid:84363991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3500733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.102.74.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_04_04; reference:url, urlhaus.abuse.ch/url/3500733/; classtype:trojan-activity;sid:84363833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roniel8/apex-no-recoil/releases/download/v2.5.1-alpha.3/apex-no-recoil-v2-5-1-alpha-3.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_03; reference:url, urlhaus.abuse.ch/url/3499993/; classtype:trojan-activity;sid:84363093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3499150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"79.124.72.22"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_02; reference:url, urlhaus.abuse.ch/url/3499150/; classtype:trojan-activity;sid:84362250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/juanbustoss/src/raw/refs/heads/master/application.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498482/; classtype:trojan-activity;sid:84361582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellyacm/imgx/releases/download/v1.0/software.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498084/; classtype:trojan-activity;sid:84361184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shellyacm/imgx/releases/download/v2.0/software.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498082/; classtype:trojan-activity;sid:84361182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demonsofhe/onion-rings/releases/download/3.1.7/onion-rings-3.1.7.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498070/; classtype:trojan-activity;sid:84361170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v2.0/software.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498076/; classtype:trojan-activity;sid:84361176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frank698/localocr/releases/download/v2.3.3/localocr_v2.3.3.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498067/; classtype:trojan-activity;sid:84361167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.1/soft.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498056/; classtype:trojan-activity;sid:84361156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ushii/weather_app/releases/download/v1.0/installer.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498045/; classtype:trojan-activity;sid:84361145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahulpa045/cphishtermux/releases/download/v1.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498047/; classtype:trojan-activity;sid:84361147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wfeifefeifef/pokemon-crud/releases/download/v1.2/soft.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498050/; classtype:trojan-activity;sid:84361150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jxx1234567890jxx/datatransformationchecker/releases/download/v1.0/application.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498053/; classtype:trojan-activity;sid:84361153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v1.0/software.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498033/; classtype:trojan-activity;sid:84361133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ushii/weather_app/releases/download/v2.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498034/; classtype:trojan-activity;sid:84361134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamer615/acdsee-photo-studio-professional-download/releases/download/v2.0/software.zip"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498036/; classtype:trojan-activity;sid:84361136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3498038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eltrapico2/php-library-system/releases/download/v1.0/software.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3498038/; classtype:trojan-activity;sid:84361138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497826/; classtype:trojan-activity;sid:84360926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itznaviya/hamster-kombat-bot/releases/download/v2.0/program.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497822/; classtype:trojan-activity;sid:84360922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itznaviya/hamster-kombat-bot/releases/download/v1.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497825/; classtype:trojan-activity;sid:84360925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffxjevefi/nix-system-services-hardened/releases/download/v2.0/software.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497805/; classtype:trojan-activity;sid:84360905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supreme-snaze/permutations/releases/download/v1.0/program.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497797/; classtype:trojan-activity;sid:84360897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/repirate/asset-recovery-tool/releases/download/v1.7.6/asset-recovery-tool-v1.7.6.zip"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497758/; classtype:trojan-activity;sid:84360858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ander12342/pugdns/releases/download/1.3.1/pugdns_v1.3.1.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497739/; classtype:trojan-activity;sid:84360839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/devpev777/d/refs/heads/main/r.msi"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497677/; classtype:trojan-activity;sid:84360777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.14.250"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497334/; classtype:trojan-activity;sid:84360434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.4.13.252"; depth:12; isdataat:!1,relative; metadata:created_at 2025_04_01; reference:url, urlhaus.abuse.ch/url/3497309/; classtype:trojan-activity;sid:84360409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dodobaba25/repo/refs/heads/master/s64.txt"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497120/; classtype:trojan-activity;sid:84360220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3497121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dodobaba25/repo/refs/heads/master/s86.txt"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3497121/; classtype:trojan-activity;sid:84360221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/benkku25/assets/raw/41f4f8f16b76af39e1bc3f8024b66010dd2617c7/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496952/; classtype:trojan-activity;sid:84360052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/syklon99/ai-chatbot-svelte/releases/download/v1.4.9/ai-chatbot-svelte-v1.4.9.zip"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496664/; classtype:trojan-activity;sid:84359764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sigarikafat/xeet/releases/download/1.6.4/xeet_v1.6.4.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496662/; classtype:trojan-activity;sid:84359762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naoval19/tacos/releases/download/v1.0/program.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496645/; classtype:trojan-activity;sid:84359745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naoval19/tacos/releases/download/v2.0/software.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496646/; classtype:trojan-activity;sid:84359746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rle123/ai-self-coding-book/releases/download/v1.0/program.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496631/; classtype:trojan-activity;sid:84359731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skibidi-crypto/quarkus-openapi-problem/releases/download/v1.4.2/quarkus-openapi-problem-v1.4.2.zip"; depth:99; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496594/; classtype:trojan-activity;sid:84359694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stepbox23/assets/60af1f798cc4708a2872a66cebab351e529e43f8/software.zip"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_31; reference:url, urlhaus.abuse.ch/url/3496564/; classtype:trojan-activity;sid:84359664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new_image.jpg"; depth:14; endswith; nocase; http.host; content:"talentrecruitments.com"; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496067/; classtype:trojan-activity;sid:84359167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eed8989/u/raw/refs/heads/main/ud.bat"; depth:37; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496061/; classtype:trojan-activity;sid:84359161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3496058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eed8989/u/raw/main/ud.bat"; depth:26; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3496058/; classtype:trojan-activity;sid:84359158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3495857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tsl/downloader.exe"; depth:19; endswith; nocase; http.host; content:"tobecation.github.io"; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_30; reference:url, urlhaus.abuse.ch/url/3495857/; classtype:trojan-activity;sid:84358957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/w.sh"; depth:5; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494818/; classtype:trojan-activity;sid:84357918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c.sh"; depth:5; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494816/; classtype:trojan-activity;sid:84357916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl20"; depth:5; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_29; reference:url, urlhaus.abuse.ch/url/3494793/; classtype:trojan-activity;sid:84357893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm5"; depth:5; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494037/; classtype:trojan-activity;sid:84357137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494038)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mpsl"; depth:5; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494038/; classtype:trojan-activity;sid:84357138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm"; depth:4; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494039/; classtype:trojan-activity;sid:84357139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ppc"; depth:4; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494040/; classtype:trojan-activity;sid:84357140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86"; depth:4; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494041/; classtype:trojan-activity;sid:84357141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm6"; depth:5; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494042/; classtype:trojan-activity;sid:84357142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh4"; depth:4; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494043/; classtype:trojan-activity;sid:84357143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/spc"; depth:4; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494044/; classtype:trojan-activity;sid:84357144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m68k"; depth:5; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494045/; classtype:trojan-activity;sid:84357145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3494046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mips"; depth:5; endswith; nocase; http.host; content:"160.187.146.122"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3494046/; classtype:trojan-activity;sid:84357146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aussieonzaza/assets/refs/heads/master/launcher.zip"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493608/; classtype:trojan-activity;sid:84356708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3493604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rafael1679/assets/raw/refs/heads/master/launcher.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_28; reference:url, urlhaus.abuse.ch/url/3493604/; classtype:trojan-activity;sid:84356704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdeu-cpu/coap-mqtt-encryption/releases/download/v1.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492622/; classtype:trojan-activity;sid:84355722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/forzon96/cataclismo/releases/download/1.4.6/cataclismo_1.4.6.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492611/; classtype:trojan-activity;sid:84355711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mjunaid87/tokenset/releases/download/v2.8.1/tokenset.v2.8.1.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492613/; classtype:trojan-activity;sid:84355713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joacokia/oopd/releases/download/bretschneideraceae/oopd_bretschneideraceae.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492608/; classtype:trojan-activity;sid:84355708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mardecilnonp568/assasin-creed-shadows/releases/download/v2.7.5/assassin-creed-shadows-v2.7.5.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492600/; classtype:trojan-activity;sid:84355700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reninstem/productlisting/releases/download/2.6.1/productlisting-2.6.1.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492563/; classtype:trojan-activity;sid:84355663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lordland929on6/1ab-phantasystaronline2b/releases/download/p7ew0zthra/156qeiu3fhnohcj2.rar"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492224/; classtype:trojan-activity;sid:84355324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eding442gfm/1ar-bladeandsoulr/releases/download/4sd7l2qydh/37uji8i2.rar"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492188/; classtype:trojan-activity;sid:84355288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eding442gfm/1ax-bladeandsoulx/releases/download/n6seqop1o4/q.rar"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492186/; classtype:trojan-activity;sid:84355286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/howlux40worthyfp4h/1af-starwars-theoldrepublicf/releases/download/j0ndd81djg/eskf6bqczzc2j.rar"; depth:95; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492168/; classtype:trojan-activity;sid:84355268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uragon005/ai-chatbot-svelte/releases/download/v2.4.5/ai-chatbot-svelte_v2.4.5.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492160/; classtype:trojan-activity;sid:84355260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdeguay/seed-phrase-generator/releases/download/v1.0/release.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492135/; classtype:trojan-activity;sid:84355235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abdeguay/seed-phrase-generator/releases/download/v2.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492134/; classtype:trojan-activity;sid:84355234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3492056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aussieonzaza/assets/raw/refs/heads/master/launcher.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_27; reference:url, urlhaus.abuse.ch/url/3492056/; classtype:trojan-activity;sid:84355156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3491741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.111.30.28"; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_26; reference:url, urlhaus.abuse.ch/url/3491741/; classtype:trojan-activity;sid:84354841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phamkhanhhung208/assets/refs/heads/master/launcher.zip"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490432/; classtype:trojan-activity;sid:84353532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rafael1679/assets/refs/heads/master/launcher.zip"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490427/; classtype:trojan-activity;sid:84353527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/beast2122006/assignment/238415a963aab57f18fd2c2ef60995d7c0b39fe0/library.txt"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490409/; classtype:trojan-activity;sid:84353509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilganrat342/dertyom/refs/heads/main/setup.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490350/; classtype:trojan-activity;sid:84353450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rh/setup.exe"; depth:13; endswith; nocase; http.host; content:"d3cciiowg5l3jx.cloudfront.net"; depth:29; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490349/; classtype:trojan-activity;sid:84353449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kammywammyman/boyboy/main/chromeupdate.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490313/; classtype:trojan-activity;sid:84353413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tacocat2222/materia-fivem/refs/heads/main/loader.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490294/; classtype:trojan-activity;sid:84353394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3490235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl18"; depth:5; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_25; reference:url, urlhaus.abuse.ch/url/3490235/; classtype:trojan-activity;sid:84353335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aldenpogznet22/hamster-bot/releases/download/v1.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489509/; classtype:trojan-activity;sid:84352609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/worakom99/carbon-executor/releases/download/v1.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489508/; classtype:trojan-activity;sid:84352608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thurynw/uoffice_library_uot/releases/download/v1.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489502/; classtype:trojan-activity;sid:84352602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jamescarlzafra/dx9ware-roblox/releases/download/v1.0/software.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489501/; classtype:trojan-activity;sid:84352601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toanminh2004/duan1/releases/download/v2.0/software.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489474/; classtype:trojan-activity;sid:84352574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tatooo29/loco/releases/download/v1.0/application.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489476/; classtype:trojan-activity;sid:84352576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tatooo29/loco/releases/download/v2.0/software.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489478/; classtype:trojan-activity;sid:84352578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmanykwim/simple-2/releases/download/v1.0/application.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489479/; classtype:trojan-activity;sid:84352579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v1.0/software.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489480/; classtype:trojan-activity;sid:84352580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmanykwim/simple-proxytv/releases/download/v2.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489481/; classtype:trojan-activity;sid:84352581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cistelsa/predictive-sentiment-analysis-of-twitter-for-btc/releases/download/v2.0/software.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489471/; classtype:trojan-activity;sid:84352571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmanykwim/simple-proxytv/releases/download/v1.0/application.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489472/; classtype:trojan-activity;sid:84352572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmanykwim/simple-2/releases/download/v2.0/software.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489473/; classtype:trojan-activity;sid:84352573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iampriam-dev/new/releases/download/v2.0/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489333/; classtype:trojan-activity;sid:84352433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v2.0/software.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489336/; classtype:trojan-activity;sid:84352436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/akashnilrecovered/text-formatting-crash-course/releases/download/v1.0/software.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489340/; classtype:trojan-activity;sid:84352440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iampriam-dev/new/releases/download/v1.0/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489331/; classtype:trojan-activity;sid:84352431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v1.0/software.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489310/; classtype:trojan-activity;sid:84352410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v1.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489313/; classtype:trojan-activity;sid:84352413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/laravel-authentication-breeze/releases/download/v2.0/software.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489314/; classtype:trojan-activity;sid:84352414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v1.0/software.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489315/; classtype:trojan-activity;sid:84352415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/newlaravel/releases/download/v2.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489317/; classtype:trojan-activity;sid:84352417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/fortify-auth-laravel/releases/download/v2.0/software.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489307/; classtype:trojan-activity;sid:84352407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v2.0/software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489308/; classtype:trojan-activity;sid:84352408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/book-e-commerce/releases/download/v1.0/software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489300/; classtype:trojan-activity;sid:84352400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/newlaravel/releases/download/v1.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489303/; classtype:trojan-activity;sid:84352403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samueltonao/frontendmentor/releases/download/v1.0/application.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489274/; classtype:trojan-activity;sid:84352374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v2.0/software.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489275/; classtype:trojan-activity;sid:84352375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samueltonao/frontendmentor/releases/download/v2.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489280/; classtype:trojan-activity;sid:84352380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/ui-package-email-verify/releases/download/v1.0/software.zip"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489288/; classtype:trojan-activity;sid:84352388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_bootable_recovery/releases/download/v2.0/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489266/; classtype:trojan-activity;sid:84352366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489265)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackslash-nitp/healthcare-web-page/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489265/; classtype:trojan-activity;sid:84352365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_tinycompress/releases/download/v2.0/software.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489263/; classtype:trojan-activity;sid:84352363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v1.0/application.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489264/; classtype:trojan-activity;sid:84352364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_build/releases/download/v2.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489247/; classtype:trojan-activity;sid:84352347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_json-c/releases/download/v1.0/application.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489248/; classtype:trojan-activity;sid:84352348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v1.0/software.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489251/; classtype:trojan-activity;sid:84352351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_tinycompress/releases/download/v1.0/application.zip"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489252/; classtype:trojan-activity;sid:84352352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_build/releases/download/v1.0/application.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489253/; classtype:trojan-activity;sid:84352353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_selinux/releases/download/v1.0/application.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489255/; classtype:trojan-activity;sid:84352355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_json-c/releases/download/v2.0/software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489256/; classtype:trojan-activity;sid:84352356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amandwivedi0/device_xiaomi_santoni/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489260/; classtype:trojan-activity;sid:84352360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_tinyxml/releases/download/v1.0/application.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489261/; classtype:trojan-activity;sid:84352361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_sqlite/releases/download/v1.0/application.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489231/; classtype:trojan-activity;sid:84352331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_bootable_recovery/releases/download/v1.0/application.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489232/; classtype:trojan-activity;sid:84352332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_bionic/releases/download/v1.0/application.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489240/; classtype:trojan-activity;sid:84352340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_sqlite/releases/download/v2.0/software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489242/; classtype:trojan-activity;sid:84352342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/laravel-ecommerce-project/releases/download/v2.0/software.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489243/; classtype:trojan-activity;sid:84352343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ambassadorscoders/togonon_motiv.poster/releases/download/v2.0/software.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489227/; classtype:trojan-activity;sid:84352327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_bionic/releases/download/v2.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489228/; classtype:trojan-activity;sid:84352328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eltrapico2/12-03assignment/releases/download/v1.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489214/; classtype:trojan-activity;sid:84352314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvm010/nucleus/releases/download/v1.0/software.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489215/; classtype:trojan-activity;sid:84352315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489218)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eltrapico2/eltrapico2/releases/download/v1.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489218/; classtype:trojan-activity;sid:84352318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puram-supriya/amazon/releases/download/v1.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489219/; classtype:trojan-activity;sid:84352319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eltrapico2/fri-app/releases/download/v1.0/software.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489205/; classtype:trojan-activity;sid:84352305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puram-supriya/ecommerce/releases/download/v1.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489207/; classtype:trojan-activity;sid:84352307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/student-chicken/fit-track-goal-progress/releases/download/v1.0/software.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489211/; classtype:trojan-activity;sid:84352311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/puram-supriya/resume/releases/download/v1.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489212/; classtype:trojan-activity;sid:84352312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvm010/movie/releases/download/v1.0/software.zip"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489202/; classtype:trojan-activity;sid:84352302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vernaloqui/farmer-shubreact/releases/download/v1.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489203/; classtype:trojan-activity;sid:84352303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boomerxd69/fixing-error-0xc00000ba/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489173/; classtype:trojan-activity;sid:84352273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matimazzia/worldgame-web/releases/download/v1.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489171/; classtype:trojan-activity;sid:84352271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489155)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yosif9999/hamster-clicker/releases/download/v3.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489155/; classtype:trojan-activity;sid:84352255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yosif9999/hamster-clicker/releases/download/v1.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489151/; classtype:trojan-activity;sid:84352251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drankrych/fakebtcsend/releases/download/v2.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489127/; classtype:trojan-activity;sid:84352227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/atom3dx/array-base-scatter-filled/releases/download/v2.0/software.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489128/; classtype:trojan-activity;sid:84352228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bluecheatah123/apex/releases/download/v2.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489129/; classtype:trojan-activity;sid:84352229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lethanhdat0403/earnorm/releases/download/v1.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489131/; classtype:trojan-activity;sid:84352231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firematheo00x/chat-app-mern/releases/download/v1.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489135/; classtype:trojan-activity;sid:84352235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monyigamer/bliss_browser_janet/releases/download/v1.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489137/; classtype:trojan-activity;sid:84352237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/monyigamer/bliss_browser_janet/releases/download/v2.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489118/; classtype:trojan-activity;sid:84352218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/firematheo00x/chat-app-mern/releases/download/v2.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489120/; classtype:trojan-activity;sid:84352220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lilanders123/act/releases/download/v2.0/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489090/; classtype:trojan-activity;sid:84352190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tatooo29/project-hub/releases/download/v2.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489088/; classtype:trojan-activity;sid:84352188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tatooo29/project-hub/releases/download/v1.0/application.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489083/; classtype:trojan-activity;sid:84352183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/basterfg/myproject/releases/download/v2.0/software.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489063/; classtype:trojan-activity;sid:84352163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booody123/manual-brick-breaker/releases/download/v1.0/program.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489054/; classtype:trojan-activity;sid:84352154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/basterfg/myproject/releases/download/v1.0/application.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489049/; classtype:trojan-activity;sid:84352149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/booody123/manual-brick-breaker/releases/download/v2.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489047/; classtype:trojan-activity;sid:84352147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v1.0/application.zip"; depth:135; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489032/; classtype:trojan-activity;sid:84352132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nash-abella/organization-service/releases/download/v1.0.0/application.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489035/; classtype:trojan-activity;sid:84352135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nash-abella/organization-service/releases/download/v2.0/software.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489027/; classtype:trojan-activity;sid:84352127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pedrokax/webscraper-to-identify-which-girls-and-how-many-of-them-my-boyfriend-follows-on-github/releases/download/v2.0/software.zip"; depth:132; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489028/; classtype:trojan-activity;sid:84352128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tailstheflyingfox/subghost/releases/download/v2.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489020/; classtype:trojan-activity;sid:84352120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v2.0/software.zip"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488996/; classtype:trojan-activity;sid:84352096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v1.0/release.zip"; depth:121; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489002/; classtype:trojan-activity;sid:84352102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tailstheflyingfox/subghost/releases/download/v1.0/release.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489003/; classtype:trojan-activity;sid:84352103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/application.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489004/; classtype:trojan-activity;sid:84352104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seiolonmsk/contextindent.nvim/releases/download/v2.0/software.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489006/; classtype:trojan-activity;sid:84352106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclearcatlegit/simple_bank/releases/download/v1.0/application.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489009/; classtype:trojan-activity;sid:84352109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/application.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489010/; classtype:trojan-activity;sid:84352110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zilts345890/golang-html-parsing/releases/download/v1.0/program.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489011/; classtype:trojan-activity;sid:84352111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whathedogding/bitpay-crypto-signal-trading-bot-analysis-signal-masters-trading-crypto/releases/download/v2.0/software.zip"; depth:122; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489014/; classtype:trojan-activity;sid:84352114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3489015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naiahahah/musicbox/releases/download/v1.0/release.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3489015/; classtype:trojan-activity;sid:84352115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nuclearcatlegit/simple_bank/releases/download/v2.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488994/; classtype:trojan-activity;sid:84352094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/seiolonmsk/contextindent.nvim/releases/download/v1.0/program.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488995/; classtype:trojan-activity;sid:84352095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/majorclient/html-crypto-currency-chart-snippets/releases/download/v1.0/release.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488983/; classtype:trojan-activity;sid:84352083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peloixitu35/javascript-questions-pro/releases/download/v2.0/software.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488966/; classtype:trojan-activity;sid:84352066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/peloixitu35/javascript-questions-pro/releases/download/v1.0/program.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488969/; classtype:trojan-activity;sid:84352069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/konnuyu/0xbuilder/releases/download/v1.0/release_x64.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488950/; classtype:trojan-activity;sid:84352050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/finn9633/batchgenie/releases/download/v1.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488940/; classtype:trojan-activity;sid:84352040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/konnuyu/0xbuilder/releases/download/v2.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488941/; classtype:trojan-activity;sid:84352041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rakkunsatura/p.e.n.i.s./releases/download/v2.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488943/; classtype:trojan-activity;sid:84352043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v1.0/release_x64.zip"; depth:100; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488945/; classtype:trojan-activity;sid:84352045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thiagx08/bue-introduction-to-programming-and-problem-solving/releases/download/v2.0/software.zip"; depth:97; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488946/; classtype:trojan-activity;sid:84352046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samix151210/ndarray-base-normalize-indices/releases/download/v2.0/software.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488890/; classtype:trojan-activity;sid:84351990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdadadsaasdsadas991/database-project/releases/download/v2.0/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488880/; classtype:trojan-activity;sid:84351980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merosegamerx/pizza_webapp/releases/download/v2.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488874/; classtype:trojan-activity;sid:84351974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/merosegamerx/pizza_webapp/releases/download/v1.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488879/; classtype:trojan-activity;sid:84351979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kleteee/injectra/releases/download/v1.0/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488850/; classtype:trojan-activity;sid:84351950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v2.0/software.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488821/; classtype:trojan-activity;sid:84351921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsgaming999/lottery/releases/download/v1.0/application.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488822/; classtype:trojan-activity;sid:84351922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruka232323/network-traffic-visualizer/releases/download/v1.0/application.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488799/; classtype:trojan-activity;sid:84351899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/feelingfishy/challenge-backend-anotaai/releases/download/v1.0/application.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488800/; classtype:trojan-activity;sid:84351900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruka232323/network-traffic-visualizer/releases/download/v2.0/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488802/; classtype:trojan-activity;sid:84351902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pietro152/tgbot-for-orders/releases/download/v1.0/application.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488806/; classtype:trojan-activity;sid:84351906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nsgaming999/lottery/releases/download/v2.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488793/; classtype:trojan-activity;sid:84351893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pietro152/tgbot-for-orders/releases/download/v2.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488795/; classtype:trojan-activity;sid:84351895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hza3o/covid-19_dashboard/releases/download/v2.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488779/; classtype:trojan-activity;sid:84351879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hza3o/covid-19_dashboard/releases/download/v1.0.0/application.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488780/; classtype:trojan-activity;sid:84351880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1set-t/ai-model/releases/download/v1.0.0/application.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488765/; classtype:trojan-activity;sid:84351865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1set-t/ai-model/releases/download/v2.0/software.zip"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488758/; classtype:trojan-activity;sid:84351858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v1.0/application.zip"; depth:104; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488755/; classtype:trojan-activity;sid:84351855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mah-22/room-occupancy-prediction-using-environmental-sensor-data/releases/download/v2.0/software.zip"; depth:101; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488746/; classtype:trojan-activity;sid:84351846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/serbianty/eureka-framework/releases/download/v1.0/soft.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488751/; classtype:trojan-activity;sid:84351851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/serbianty/eureka-framework/releases/download/v2.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488752/; classtype:trojan-activity;sid:84351852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v2.0/software.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488729/; classtype:trojan-activity;sid:84351829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/application.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488730/; classtype:trojan-activity;sid:84351830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrx-slayer/ai-resume-parser/releases/download/v2.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488732/; classtype:trojan-activity;sid:84351832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/papajszef/web-devapp/releases/download/v2.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488733/; classtype:trojan-activity;sid:84351833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gopuatop100/badan-hukum/releases/download/v1.0/release.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488734/; classtype:trojan-activity;sid:84351834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v1.0/program.zip"; depth:111; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488735/; classtype:trojan-activity;sid:84351835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/papajszef/web-devapp/releases/download/v1.0/application.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488736/; classtype:trojan-activity;sid:84351836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mrx-slayer/ai-resume-parser/releases/download/v1.0/program.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488739/; classtype:trojan-activity;sid:84351839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as3dyasen/portfolio/releases/download/v2.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488740/; classtype:trojan-activity;sid:84351840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/as3dyasen/portfolio/releases/download/v1.0/release.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488742/; classtype:trojan-activity;sid:84351842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gopuatop100/badan-hukum/releases/download/v2.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488725/; classtype:trojan-activity;sid:84351825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jobetsison/working-with-form-validation-in-an-asp.net-core-rich-text-editor/releases/download/v2.0/software.zip"; depth:112; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488728/; classtype:trojan-activity;sid:84351828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jaylnjohnart/vertex-ai-chat-prompting-tablular-data-bq/releases/download/v1.0/program.zip"; depth:90; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488722/; classtype:trojan-activity;sid:84351822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/papajszef/web-devapp/releases/download/v1.0/program.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488723/; classtype:trojan-activity;sid:84351823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/program.zip"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488720/; classtype:trojan-activity;sid:84351820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zrty456/web-development-project-2/releases/download/v1.0/program.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488711/; classtype:trojan-activity;sid:84351811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekin441/urban_company_clone/releases/download/v1.0/program.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488712/; classtype:trojan-activity;sid:84351812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekin441/urban_company_clone/releases/download/v1.0/application.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488713/; classtype:trojan-activity;sid:84351813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v1.0/program.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488714/; classtype:trojan-activity;sid:84351814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flameoptics/xkucoinbot-script-autoclicker/releases/download/v2.0/software.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488716/; classtype:trojan-activity;sid:84351816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/application.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488717/; classtype:trojan-activity;sid:84351817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zrty456/web-development-project-2/releases/download/v2.0/software.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488706/; classtype:trojan-activity;sid:84351806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v1.0/application.zip"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488708/; classtype:trojan-activity;sid:84351808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekin441/urban_company_clone/releases/download/v2.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488702/; classtype:trojan-activity;sid:84351802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azw1/suction-funnel-for-bosch-click-clean-system/releases/download/v2.0/software.zip"; depth:85; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488703/; classtype:trojan-activity;sid:84351803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488704/; classtype:trojan-activity;sid:84351804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/psxdupes028/comfyui-bs_kokoro-onnx/releases/download/v1.0/program.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488699/; classtype:trojan-activity;sid:84351799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antonio12gkn71/underlayer/releases/download/v1.0/application.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488684/; classtype:trojan-activity;sid:84351784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sundarlalji/autoimport/releases/download/v2.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488686/; classtype:trojan-activity;sid:84351786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sundarlalji/autoimport/releases/download/v1.0.0/application.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488682/; classtype:trojan-activity;sid:84351782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antonio12gkn71/underlayer/releases/download/v2.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488679/; classtype:trojan-activity;sid:84351779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samueltonao/lauth/releases/download/v2.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488673/; classtype:trojan-activity;sid:84351773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v2.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488674/; classtype:trojan-activity;sid:84351774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hadesxyzz/baichuan-m1-14b/releases/download/v1.0/application.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488663/; classtype:trojan-activity;sid:84351763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/samueltonao/lauth/releases/download/v1.0/application.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488666/; classtype:trojan-activity;sid:84351766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muum1209/couplers/releases/download/v2.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488647/; classtype:trojan-activity;sid:84351747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muum1209/couplers/releases/download/v1.0/application.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488649/; classtype:trojan-activity;sid:84351749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v2.0/software.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488654/; classtype:trojan-activity;sid:84351754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/npcgamingyt-thegoat/telegram-robot-handler/releases/download/v1.0/application.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488643/; classtype:trojan-activity;sid:84351743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/18630095/software.zip"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488636/; classtype:trojan-activity;sid:84351736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488637/; classtype:trojan-activity;sid:84351737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/18630095/software.zip"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488632/; classtype:trojan-activity;sid:84351732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip/"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488620/; classtype:trojan-activity;sid:84351720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ericsribas/linux-studies/releases/download/v2.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488599/; classtype:trojan-activity;sid:84351699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488602/; classtype:trojan-activity;sid:84351702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488605/; classtype:trojan-activity;sid:84351705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488606/; classtype:trojan-activity;sid:84351706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488608/; classtype:trojan-activity;sid:84351708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488614/; classtype:trojan-activity;sid:84351714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/18722098/application.zip"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488615/; classtype:trojan-activity;sid:84351715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/18722098/application.zip"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488595/; classtype:trojan-activity;sid:84351695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip/"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488549/; classtype:trojan-activity;sid:84351649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488550/; classtype:trojan-activity;sid:84351650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488552/; classtype:trojan-activity;sid:84351652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488555/; classtype:trojan-activity;sid:84351655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xaviertya/.dotfiles/releases/download/v2.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488533/; classtype:trojan-activity;sid:84351633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488537/; classtype:trojan-activity;sid:84351637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488543/; classtype:trojan-activity;sid:84351643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488511/; classtype:trojan-activity;sid:84351611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488505/; classtype:trojan-activity;sid:84351605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488477/; classtype:trojan-activity;sid:84351577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahulpa045/cphishtermux/releases/download/v2.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488478/; classtype:trojan-activity;sid:84351578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip/"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488483/; classtype:trojan-activity;sid:84351583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488487/; classtype:trojan-activity;sid:84351587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488488/; classtype:trojan-activity;sid:84351588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip/"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488492/; classtype:trojan-activity;sid:84351592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488496/; classtype:trojan-activity;sid:84351596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/globalnewsory/layeredge-auto-bot/releases/download/v2.0/software.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488497/; classtype:trojan-activity;sid:84351597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488501/; classtype:trojan-activity;sid:84351601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488470/; classtype:trojan-activity;sid:84351570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488471/; classtype:trojan-activity;sid:84351571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loudwens/displayindex/releases/download/v2.0/software.zip/"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488460/; classtype:trojan-activity;sid:84351560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488441/; classtype:trojan-activity;sid:84351541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488443/; classtype:trojan-activity;sid:84351543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488436)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip/"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488436/; classtype:trojan-activity;sid:84351536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488433/; classtype:trojan-activity;sid:84351533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v1.0/software.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488426/; classtype:trojan-activity;sid:84351526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rag7720/coretech-solutions-custom-odoo-module/releases/download/v2.0/software.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488425/; classtype:trojan-activity;sid:84351525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v2.0/software.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488403/; classtype:trojan-activity;sid:84351503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kevinborgesz/the-data-engineering-academy/releases/download/v1.0/software.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488406/; classtype:trojan-activity;sid:84351506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notready155/whatsapp-chat-analysis/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488368/; classtype:trojan-activity;sid:84351468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilovedoo/ted-lasso-gpt/releases/download/v1.0/application.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488350/; classtype:trojan-activity;sid:84351450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/notready155/whatsapp-chat-analysis/releases/download/v1.0/application.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488359/; classtype:trojan-activity;sid:84351459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilovedoo/ted-lasso-gpt/releases/download/v2.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488360/; classtype:trojan-activity;sid:84351460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigdaveyy/react-form-validator-pro/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488346/; classtype:trojan-activity;sid:84351446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin49/gym-management-system-/releases/download/v1.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488334/; classtype:trojan-activity;sid:84351434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin49/gym-management-system-/releases/download/v2.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488336/; classtype:trojan-activity;sid:84351436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigdaveyy/react-form-validator-pro/releases/download/v1.0/installer.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488339/; classtype:trojan-activity;sid:84351439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yunichi/livekit-voice-ai-agent-setup/releases/download/v2.0/software.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488325/; classtype:trojan-activity;sid:84351425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v2.0/software.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488314/; classtype:trojan-activity;sid:84351414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hvkleon/text-classification-sentiment-analysis/releases/download/v1.0/installer.zip"; depth:84; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488306/; classtype:trojan-activity;sid:84351406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thandoman/seedtool/releases/download/v2.0/software.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488307/; classtype:trojan-activity;sid:84351407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thandoman/seedtool/releases/download/v1.0/application.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488304/; classtype:trojan-activity;sid:84351404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v2.0/software.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488294/; classtype:trojan-activity;sid:84351394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v1.0/installer.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488268/; classtype:trojan-activity;sid:84351368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marig1204/dmail_classicemail/releases/download/v2.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488269/; classtype:trojan-activity;sid:84351369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itztoastie/email2_classicemail/releases/download/v1.0/installer.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488273/; classtype:trojan-activity;sid:84351373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/marig1204/dmail_classicemail/releases/download/v1.0/installer.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488274/; classtype:trojan-activity;sid:84351374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488278)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/solana-trading-bot/releases/download/v1.0/software.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488278/; classtype:trojan-activity;sid:84351378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v1.0/release.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488282/; classtype:trojan-activity;sid:84351382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itztoastie/email2_classicemail/releases/download/v2.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488264/; classtype:trojan-activity;sid:84351364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bashspicerb/quasarrat-remote-access-tool/releases/download/v2.0/software.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488261/; classtype:trojan-activity;sid:84351361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pyc888/dbcachinglayer/releases/download/v2.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488243/; classtype:trojan-activity;sid:84351343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bolfymcplayer/intermag/releases/download/v1.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488233/; classtype:trojan-activity;sid:84351333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bolfymcplayer/intermag/releases/download/v2.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488234/; classtype:trojan-activity;sid:84351334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pyc888/dbcachinglayer/releases/download/v1.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488239/; classtype:trojan-activity;sid:84351339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kirito1110/licenses/releases/download/v1.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488214/; classtype:trojan-activity;sid:84351314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vsparedes/pycalc/releases/download/v1.0/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488213/; classtype:trojan-activity;sid:84351313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v2.0/software.zip"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488208/; classtype:trojan-activity;sid:84351308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skibiditoilet123xx/sinav-otomasyonu-prototip/releases/download/v1.0/software.zip"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488209/; classtype:trojan-activity;sid:84351309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fluidx2/roombooking_application/releases/download/v1.0/software.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488210/; classtype:trojan-activity;sid:84351310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488211)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/viper700pro/serum-vst-installer-2024-free/releases/download/v1.0/software.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488211/; classtype:trojan-activity;sid:84351311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ella00311/erugo/releases/download/v1.0/software.zip"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488203/; classtype:trojan-activity;sid:84351303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nour10381/cosmicstar/releases/download/v2.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488182/; classtype:trojan-activity;sid:84351282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nour10381/cosmicstar/releases/download/v1.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488184/; classtype:trojan-activity;sid:84351284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v2.0/software.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488185/; classtype:trojan-activity;sid:84351285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/powerangermerah/esp8266_esp32_web_file_manager/releases/download/v1.0/software.zip"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488186/; classtype:trojan-activity;sid:84351286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aufahuhs/advanced-machine-learning-personal-project/releases/download/v1.0/software.zip"; depth:88; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488181/; classtype:trojan-activity;sid:84351281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/berstarhunter/deepseek-start/releases/download/v2.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488162/; classtype:trojan-activity;sid:84351262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v2.0/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488157/; classtype:trojan-activity;sid:84351257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irfanr-source/synthtweet/releases/download/v2.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488156/; classtype:trojan-activity;sid:84351256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arya-gg/axium/releases/download/v1.0/software.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488147/; classtype:trojan-activity;sid:84351247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/davinjoeevano/batch-project-scaffolds/releases/download/v1.0/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488148/; classtype:trojan-activity;sid:84351248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/berstarhunter/deepseek-start/releases/download/v1.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488152/; classtype:trojan-activity;sid:84351252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toe2132313/zorvex-cat/releases/download/v1.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488153/; classtype:trojan-activity;sid:84351253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/irfanr-source/synthtweet/releases/download/v1.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488146/; classtype:trojan-activity;sid:84351246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loudwens/displayindex/releases/download/v2.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488128/; classtype:trojan-activity;sid:84351228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12301530/pump-fun-frontend/releases/download/v1.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488131/; classtype:trojan-activity;sid:84351231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loudwens/displayindex/releases/download/v1.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488132/; classtype:trojan-activity;sid:84351232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/12301530/pump-fun-frontend/releases/download/v2.0/software.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488125/; classtype:trojan-activity;sid:84351225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saninmysore/aws-face-recognition/releases/download/v1.0/software.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488103/; classtype:trojan-activity;sid:84351203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flarerealfr/url-biblioteca-web/releases/download/v2.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488110/; classtype:trojan-activity;sid:84351210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prakrititz/deepwater/releases/download/v1.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488098/; classtype:trojan-activity;sid:84351198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huizuohaode/leaf/releases/download/v1.0/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488100/; classtype:trojan-activity;sid:84351200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/futurinav/esteai/releases/download/v1.0/software.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488102/; classtype:trojan-activity;sid:84351202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alsooory/svg-templates/releases/download/v1.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488079/; classtype:trojan-activity;sid:84351179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bobbysaremine/hb2/releases/download/v2.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488085/; classtype:trojan-activity;sid:84351185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v2.0/software.zip"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488075/; classtype:trojan-activity;sid:84351175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ayobcoding/deep-research-py/releases/download/v1.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488061/; classtype:trojan-activity;sid:84351161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keanusmall/sahimatch.ai/releases/download/v1.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488054/; classtype:trojan-activity;sid:84351154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488057)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alejandro5486/infestuswebapp/releases/download/v1.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488057/; classtype:trojan-activity;sid:84351157; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kossiw/olievra/releases/download/v1.0/software.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488035/; classtype:trojan-activity;sid:84351135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yogeshnicks/loader-ldtk/releases/download/v2.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488034/; classtype:trojan-activity;sid:84351134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vukhang16/ggg/releases/download/v1.0/software.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488023/; classtype:trojan-activity;sid:84351123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_airbnb-lottie/releases/download/v1.0/application.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488021/; classtype:trojan-activity;sid:84351121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3488000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iampriam-dev/invenstock/releases/download/v1.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3488000/; classtype:trojan-activity;sid:84351100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeidmakic/quorixjwt/releases/download/v1.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487983/; classtype:trojan-activity;sid:84351083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zeidmakic/quorixjwt/releases/download/v2.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487977/; classtype:trojan-activity;sid:84351077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v1.0/software.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487974/; classtype:trojan-activity;sid:84351074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brotimer24/chargingassignment.withtests/releases/download/v1.0/software.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487975/; classtype:trojan-activity;sid:84351075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jay3x/auto-commit/releases/download/v2.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487947/; classtype:trojan-activity;sid:84351047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brotimer24/chargingassignment.withtests/releases/download/v2.0/software.zip"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487950/; classtype:trojan-activity;sid:84351050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/amoni2019/fonepaw-screen-recorder-free/releases/download/v2.0/software.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487952/; classtype:trojan-activity;sid:84351052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daveyisbricked/movie-finder-react/releases/download/v1.0/software.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487953/; classtype:trojan-activity;sid:84351053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daveyisbricked/movie-finder-react/releases/download/v2.0/software.zip"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487954/; classtype:trojan-activity;sid:84351054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jay3x/auto-commit/releases/download/v1.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487955/; classtype:trojan-activity;sid:84351055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quynh814/teafibot/releases/download/v2.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487956/; classtype:trojan-activity;sid:84351056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hafijulkhan786/fhnw-dashboard/releases/download/v2.0/software.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487944/; classtype:trojan-activity;sid:84351044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quynh814/teafibot/releases/download/v1.0/software.zip"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487939/; classtype:trojan-activity;sid:84351039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iampriam-dev/invenstock/releases/download/v2.0/software.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487935/; classtype:trojan-activity;sid:84351035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justnem/deep-research/releases/download/v2.0/software.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487930/; classtype:trojan-activity;sid:84351030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rofix12/spring-microservices/releases/download/v2.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487931/; classtype:trojan-activity;sid:84351031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justnem/deep-research/releases/download/v1.0/app.zip"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487929/; classtype:trojan-activity;sid:84351029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeff2807/githubaipy/releases/download/v1.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487918/; classtype:trojan-activity;sid:84351018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v1.0/software.zip"; depth:96; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487920/; classtype:trojan-activity;sid:84351020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jeff2807/githubaipy/releases/download/v2.0/software.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487921/; classtype:trojan-activity;sid:84351021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/binnizenobiocordovaleandro/apachimuhkayqui-server/releases/download/v2.0/software.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487916/; classtype:trojan-activity;sid:84351016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rofix12/spring-microservices/releases/download/v1.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487909/; classtype:trojan-activity;sid:84351009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahul110110/rocket-telemetry-logger-using-raspberry-pi-pico/releases/download/v2.0/software.zip"; depth:96; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487905/; classtype:trojan-activity;sid:84351005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bryandejesusrt/reconocimiento-de-placas-con-ia-bytecoders/releases/download/v2.0/software.zip"; depth:94; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_24; reference:url, urlhaus.abuse.ch/url/3487902/; classtype:trojan-activity;sid:84351002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wer812/bhh666666666666/raw/refs/heads/main/service.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487360/; classtype:trojan-activity;sid:84350460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wer812/vbvgghjjio999000/raw/refs/heads/main/bnoaprihjatuasss.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487363/; classtype:trojan-activity;sid:84350463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wer812/bbgy555555551/raw/refs/heads/main/ntladlklthawd.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487364/; classtype:trojan-activity;sid:84350464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3487069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl19"; depth:5; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_23; reference:url, urlhaus.abuse.ch/url/3487069/; classtype:trojan-activity;sid:84350169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3486184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ilganrat342/dgasgxc/refs/heads/main/setup.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_22; reference:url, urlhaus.abuse.ch/url/3486184/; classtype:trojan-activity;sid:84349284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sh.txt"; depth:7; endswith; nocase; http.host; content:"8.218.50.207"; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485331/; classtype:trojan-activity;sid:84348431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485332)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aasdasdqrunshkkkkkkk"; depth:21; endswith; nocase; http.host; content:"8.218.50.207"; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485332/; classtype:trojan-activity;sid:84348432; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdqsadsdahhhhhtxt"; depth:19; endswith; nocase; http.host; content:"8.218.50.207"; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485330/; classtype:trojan-activity;sid:84348430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ps_z.txt"; depth:9; endswith; nocase; http.host; content:"8.218.50.207"; depth:12; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485329/; classtype:trojan-activity;sid:84348429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curly3/n3xus-scr1pt-r0bl0x/releases/download/v1.0/application.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485213/; classtype:trojan-activity;sid:84348313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khalid2344/mint-executor/releases/download/v2.0/software.zip"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485193/; classtype:trojan-activity;sid:84348293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k4idibw1vtsntpbqtvbfabfgm2h5s14d"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485144/; classtype:trojan-activity;sid:84348244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1km_hwk7sn_amuk7q2dk9kttzwk1taelw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485126/; classtype:trojan-activity;sid:84348226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3485125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ek4th7ucqd9_h2yf9orhzhuallukeo0n"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3485125/; classtype:trojan-activity;sid:84348225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl17"; depth:5; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484493/; classtype:trojan-activity;sid:84347593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.2/release-x64.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484465/; classtype:trojan-activity;sid:84347565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3484464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stepegemeyod/codex-roblox/releases/download/v1.0.1/release-x64.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_21; reference:url, urlhaus.abuse.ch/url/3484464/; classtype:trojan-activity;sid:84347564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483995/; classtype:trojan-activity;sid:84347095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoodxsp5dda/domain-executor/releases/download/v3.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483984/; classtype:trojan-activity;sid:84347084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoodxsp5dda/domain-executor/releases/download/v2.0/program.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483979/; classtype:trojan-activity;sid:84347079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoodxsp5dda/domain-executor/releases/download/v1.0/software.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483980/; classtype:trojan-activity;sid:84347080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1q6iji-1uq5ksrr3luufy3to-jfs4ec4d"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483406/; classtype:trojan-activity;sid:84346506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1inbpqtz2qyus0zqldnbhutbzwgdghhs0"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483319/; classtype:trojan-activity;sid:84346419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1g4q6iay5qjzlgigjqnwftkdc5-o_2pqx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483317/; classtype:trojan-activity;sid:84346417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3483309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cl-nvhrrue_wg2zkpuxmvk40tk3knacb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_20; reference:url, urlhaus.abuse.ch/url/3483309/; classtype:trojan-activity;sid:84346409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/omio-saha/spotify_data_pipe_snowflake/releases/download/v1.0/release_x64.zip"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482360/; classtype:trojan-activity;sid:84345460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v1.0/software.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482367/; classtype:trojan-activity;sid:84345467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qaqmmw/music-recommendation-based-on-facial-expression/releases/download/v2.0/software.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482368/; classtype:trojan-activity;sid:84345468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/css/colors/sunrise/xundfaxgnsp84.bin"; depth:46; endswith; nocase; http.host; content:"www.automobile-bk.de"; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482262/; classtype:trojan-activity;sid:84345362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3482257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bear/2020/goldarnedest.aca"; depth:27; endswith; nocase; http.host; content:"www.support-data.com"; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3482257/; classtype:trojan-activity;sid:84345357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/numonehittaboy/cdn/refs/heads/main/cvf.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_19; reference:url, urlhaus.abuse.ch/url/3481956/; classtype:trojan-activity;sid:84345056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.218.189.41"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481600/; classtype:trojan-activity;sid:84344700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3481344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/alishazara/api/refs/heads/master/rh_s.txt"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_03_18; reference:url, urlhaus.abuse.ch/url/3481344/; classtype:trojan-activity;sid:84344444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ty9989/u/raw/main/ud.bat"; depth:25; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480616/; classtype:trojan-activity;sid:84343716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/elijahhx/dead1ock-h4ck/releases/download/v2.0/program.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480361/; classtype:trojan-activity;sid:84343461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nurraif/mytonwallet/releases/download/v2.0/program.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480359/; classtype:trojan-activity;sid:84343459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3480274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gollfinho/browser-testing/releases/download/v2.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_17; reference:url, urlhaus.abuse.ch/url/3480274/; classtype:trojan-activity;sid:84343374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3478657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"66.196.62.177"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_15; reference:url, urlhaus.abuse.ch/url/3478657/; classtype:trojan-activity;sid:84341757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475656/; classtype:trojan-activity;sid:84338756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/githubtutorial/releases/download/v2.0/software.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475642/; classtype:trojan-activity;sid:84338742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/phamtaino/fixing-error-0x80004005-unspecified/releases/download/v2.0/software.zip"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475644/; classtype:trojan-activity;sid:84338744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/attorneywenn/pragati_backend_2025/releases/download/v2.0/application.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475645/; classtype:trojan-activity;sid:84338745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475646)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pufferfish420/fixing-error-0x8007000e/releases/download/v2.0/program.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475646/; classtype:trojan-activity;sid:84338746; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_selinux/releases/download/v2.0/software.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475651/; classtype:trojan-activity;sid:84338751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/boomerxd69/amog-os-lts/releases/download/v2.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475624/; classtype:trojan-activity;sid:84338724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coltostemp/platform_external_tinyxml/releases/download/v2.0/software.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475630/; classtype:trojan-activity;sid:84338730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mehedihasanfarabi10/realtime-chat-app/releases/download/v2.0/software.zip"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475635/; classtype:trojan-activity;sid:84338735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/itznaviya/hamster-kombat-bot/releases/download/v3.0/software.zip"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475636/; classtype:trojan-activity;sid:84338736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kasonsh2450/fixing-error-0x80070005-access-denied/releases/download/v2.0/software.zip"; depth:86; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475637/; classtype:trojan-activity;sid:84338737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toanminh2004/fixing-error-0x80070424-specified-service/releases/download/v2.0/software.zip"; depth:91; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475639/; classtype:trojan-activity;sid:84338739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/naiahahah/musicbox/releases/download/v2.0/software.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475615/; classtype:trojan-activity;sid:84338715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kasonsh2450/bananan-shooter-hack-interna-/releases/download/v2.0/software.zip"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475620/; classtype:trojan-activity;sid:84338720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3475623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zilts345890/golang-html-parsing/releases/download/v2.0/software.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_13; reference:url, urlhaus.abuse.ch/url/3475623/; classtype:trojan-activity;sid:84338723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/muterfree/nexus-roblox/releases/download/v2.0/software.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474801/; classtype:trojan-activity;sid:84337901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/giiyu12/codex-roblox/releases/download/v2.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474808/; classtype:trojan-activity;sid:84337908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agr1us/roblox-oxygen/releases/download/v2.0/software.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474817/; classtype:trojan-activity;sid:84337917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3474749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ishratali007/n3xus-scr1pt-r0bl0x/releases/download/v1.0/software.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_12; reference:url, urlhaus.abuse.ch/url/3474749/; classtype:trojan-activity;sid:84337849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cartervr/taxdatabase-sql-tableau/releases/download/v2.0/software.zip"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473787/; classtype:trojan-activity;sid:84336887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggusercool/pancakeswapbnbprediction/releases/download/v2.0/software.zip"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473766/; classtype:trojan-activity;sid:84336866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huizuohaode/ai-image-generator/releases/download/v1.0/software.zip"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473774/; classtype:trojan-activity;sid:84336874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yosif9999/hamster-clicker/releases/download/v2.0/software.zip"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473777/; classtype:trojan-activity;sid:84336877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/led-sol/mental-health-chatbot/releases/download/v1.0/software.zip"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473779/; classtype:trojan-activity;sid:84336879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ovluq0bdu-cys5xvyogyjd5qidqb1per"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_11; reference:url, urlhaus.abuse.ch/url/3473576/; classtype:trojan-activity;sid:84336676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3473160)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1d4aper-gjv3agk8yeny5scayonlc68yo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3473160/; classtype:trojan-activity;sid:84336260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3472675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.22.2/xmrig-6.22.2-linux-static-x64.tar.gz"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_10; reference:url, urlhaus.abuse.ch/url/3472675/; classtype:trojan-activity;sid:84335775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3469685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"128.127.102.134"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_06; reference:url, urlhaus.abuse.ch/url/3469685/; classtype:trojan-activity;sid:84332785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3468872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xraqwapfu.pdf"; depth:14; endswith; nocase; http.host; content:"galerisenimutiara.com"; depth:21; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3468872/; classtype:trojan-activity;sid:84331972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1eczx8yjtfxwos26grqtdixajed3ukcao"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467628/; classtype:trojan-activity;sid:84330728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1drptefwc7xybtum52bikrhp4j4l6lttc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467629/; classtype:trojan-activity;sid:84330729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/fojik.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467546/; classtype:trojan-activity;sid:84330646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/61705749605.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467537/; classtype:trojan-activity;sid:84330637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467538)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/dd3b43cd-389e-413e-87b9-e21f40c2630d/downloads/guledazawabumoda.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467538/; classtype:trojan-activity;sid:84330638; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/637623a6-af9b-4a69-90a8-85cd562c999e/downloads/niwexokaburule.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467533/; classtype:trojan-activity;sid:84330633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/96f90b6e-3939-4cac-a3ad-eba9fb8219bf/downloads/71599608952.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467528/; classtype:trojan-activity;sid:84330628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3e712c63-2f24-4e6b-a5dc-ff3233100bea/downloads/72290413200.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467523/; classtype:trojan-activity;sid:84330623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/rafubagosewuniwudob.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467524/; classtype:trojan-activity;sid:84330624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/70485427967.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467525/; classtype:trojan-activity;sid:84330625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/xenogipojadamomixaxulute.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467526/; classtype:trojan-activity;sid:84330626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/9089368795.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467527/; classtype:trojan-activity;sid:84330627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/safari_magazine_2019_download.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467516/; classtype:trojan-activity;sid:84330616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/fusoze.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467517/; classtype:trojan-activity;sid:84330617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467519)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/plan_technique_piscine_a_debordement.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467519/; classtype:trojan-activity;sid:84330619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/83838390139.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467521/; classtype:trojan-activity;sid:84330621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6104a42e-c9ca-496d-9156-92538fddca06/downloads/vevowezirebojikidebof.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467510/; classtype:trojan-activity;sid:84330610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/temisipilotiba.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467513/; classtype:trojan-activity;sid:84330613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/79427765137.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467501/; classtype:trojan-activity;sid:84330601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/examples_of_employee_goals_for_performance_review.pdf"; depth:111; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467478/; classtype:trojan-activity;sid:84330578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/50228966329.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467477/; classtype:trojan-activity;sid:84330577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/educational_leadership_philosophy_examples.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467475/; classtype:trojan-activity;sid:84330575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/299c0676-bac5-4db6-8fea-3075091e1687/downloads/61526216713.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467476/; classtype:trojan-activity;sid:84330576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gumofeke.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467465/; classtype:trojan-activity;sid:84330565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/mawanigokur.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467466/; classtype:trojan-activity;sid:84330566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36054141231.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467469/; classtype:trojan-activity;sid:84330569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/85925649248.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467470/; classtype:trojan-activity;sid:84330570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/educacion_financiera_avanzada_partiendo_de_cero_autor_gregor.pdf"; depth:122; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467471/; classtype:trojan-activity;sid:84330571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/663ae0bf-1142-4d7a-8653-755553f6852e/downloads/lejafarezafig.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467472/; classtype:trojan-activity;sid:84330572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/biwejukajurel.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467474/; classtype:trojan-activity;sid:84330574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/6083216094.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467458/; classtype:trojan-activity;sid:84330558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/69065118383.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467459/; classtype:trojan-activity;sid:84330559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/40061082597.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467461/; classtype:trojan-activity;sid:84330561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/94224235634.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467462/; classtype:trojan-activity;sid:84330562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/739cff78-28a4-4749-8c7f-abf371b6a947/downloads/62789327536.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467463/; classtype:trojan-activity;sid:84330563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ee12fbcb-3848-4c54-8690-0d9c760d3837/downloads/5683334295.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467464/; classtype:trojan-activity;sid:84330564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d9b3f7f8-355a-428e-bb44-74bff775274d/downloads/supix.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467453/; classtype:trojan-activity;sid:84330553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/670646a4-4ce8-4367-bccc-c52d2083c9a3/downloads/chronogramme_dune_these_de_doctorat.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467454/; classtype:trojan-activity;sid:84330554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/zopawakabubijipek.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467455/; classtype:trojan-activity;sid:84330555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/27590969755.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467456/; classtype:trojan-activity;sid:84330556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kudokexogikekuporeso.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467457/; classtype:trojan-activity;sid:84330557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/48255006417.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467452/; classtype:trojan-activity;sid:84330552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/09540d0c-1db9-4e3c-a32d-6eed7b48ae00/downloads/3841723103.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467448/; classtype:trojan-activity;sid:84330548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_dossier_raep_redige.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467443/; classtype:trojan-activity;sid:84330543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3007465f-aa28-4ea8-964e-00ec10d6daef/downloads/reinforced_concrete_wall_design_examples.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467444/; classtype:trojan-activity;sid:84330544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/munich_tourist_attractions_map.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467445/; classtype:trojan-activity;sid:84330545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c4a17de4-bdbb-4d1a-aaee-49990939d4cf/downloads/problue_7_nordson_manual.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467438/; classtype:trojan-activity;sid:84330538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/30229793875.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467440/; classtype:trojan-activity;sid:84330540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/cooling_tower_working.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467433/; classtype:trojan-activity;sid:84330533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/corporate_signature_authority_matrix_template_printable.pdf"; depth:117; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467434/; classtype:trojan-activity;sid:84330534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467425)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/continental_online_assessment_test_answers.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467425/; classtype:trojan-activity;sid:84330525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/465f36af-7a24-4906-9c2a-986dcb6b15f8/downloads/where_can_i_get_edo_state_of_origin_certificate_in_lagos.pdf"; depth:118; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467426/; classtype:trojan-activity;sid:84330526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sample_testimonials_for_employees.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467427/; classtype:trojan-activity;sid:84330527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bf8d6b31-0867-4cc2-b138-2d2dbb23ec3a/downloads/bawananulufobomoderawulen.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467428/; classtype:trojan-activity;sid:84330528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/90dc87b4-fd7e-4412-9a6a-76e20db16dbd/downloads/23425133870.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467429/; classtype:trojan-activity;sid:84330529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a37fc73a-27ae-4e8d-87b6-7c807b298be6/downloads/86119351354.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467422/; classtype:trojan-activity;sid:84330522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kagoferoxotopelabalim.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467423/; classtype:trojan-activity;sid:84330523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/bevakabopodo.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467412/; classtype:trojan-activity;sid:84330512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/55669141050.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467416/; classtype:trojan-activity;sid:84330516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fb13673c-7b10-403f-be9e-1b04622101d6/downloads/61656569082.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467417/; classtype:trojan-activity;sid:84330517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/98264302577.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467418/; classtype:trojan-activity;sid:84330518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/grammar_plus_class_8.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467408/; classtype:trojan-activity;sid:84330508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/32575227287.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467409/; classtype:trojan-activity;sid:84330509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/xavibow.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467410/; classtype:trojan-activity;sid:84330510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b566d4a5-149a-4042-a2b5-fa837a998781/downloads/62246613540.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467400/; classtype:trojan-activity;sid:84330500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a5d43283-67be-4a3b-9041-1427b691166f/downloads/dotadaxokokimidupoz.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467401/; classtype:trojan-activity;sid:84330501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a19a3dcf-f832-45fe-91ff-ed566d492286/downloads/31803450103.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467403/; classtype:trojan-activity;sid:84330503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/26449761459.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467404/; classtype:trojan-activity;sid:84330504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/manual_de_uso_cummins_insite.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467395/; classtype:trojan-activity;sid:84330495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/83127272265.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467397/; classtype:trojan-activity;sid:84330497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/50013116393.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467389/; classtype:trojan-activity;sid:84330489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sowuluxoranevoxivobu.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467391/; classtype:trojan-activity;sid:84330491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jw_public_talk_outlines.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467392/; classtype:trojan-activity;sid:84330492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/muxem.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467386/; classtype:trojan-activity;sid:84330486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467381)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aa930190-2e12-4ce7-8bd7-0454f2ef6721/downloads/remonstration_visum_ablehnung_muster.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467381/; classtype:trojan-activity;sid:84330481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1cd14ca4-3aaa-4349-a92b-5919cb2c71ee/downloads/37493963429.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467382/; classtype:trojan-activity;sid:84330482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467383)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/26417869572.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467383/; classtype:trojan-activity;sid:84330483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zutufukatozoxogunubikok.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467384/; classtype:trojan-activity;sid:84330484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vawazu.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467385/; classtype:trojan-activity;sid:84330485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/libevisuxalozusofaze.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467370/; classtype:trojan-activity;sid:84330470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/61695596025.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467371/; classtype:trojan-activity;sid:84330471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/remebemakuvomurixulat.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467372/; classtype:trojan-activity;sid:84330472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/35713869772.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467377/; classtype:trojan-activity;sid:84330477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/popezefere.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467363/; classtype:trojan-activity;sid:84330463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/57373027197.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467365/; classtype:trojan-activity;sid:84330465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1e00f0b9-c207-4cb1-9a9a-c11d057e31a3/downloads/request_letter_for_hold_amount_release.pdf"; depth:100; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467367/; classtype:trojan-activity;sid:84330467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/58650400832.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467369/; classtype:trojan-activity;sid:84330469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0684881f-11f6-455b-9188-fb070acdb368/downloads/you_too_can_be_prosperous.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467358/; classtype:trojan-activity;sid:84330458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/sizusobimemitu.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467359/; classtype:trojan-activity;sid:84330459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/fosodevo.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467360/; classtype:trojan-activity;sid:84330460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467353/; classtype:trojan-activity;sid:84330453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/towedokunorazageleside.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467354/; classtype:trojan-activity;sid:84330454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/65604431763.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467355/; classtype:trojan-activity;sid:84330455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruwuxa.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467357/; classtype:trojan-activity;sid:84330457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467347)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/sulupob.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467347/; classtype:trojan-activity;sid:84330447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0a2e88a7-385b-4aed-a81e-123c037cba5d/downloads/57067255053.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467348/; classtype:trojan-activity;sid:84330448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/2544897802.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467350/; classtype:trojan-activity;sid:84330450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/66812037618.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467352/; classtype:trojan-activity;sid:84330452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b4da0e1a-7caf-4ed8-aaa9-0949952990f3/downloads/49347806429.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467344/; classtype:trojan-activity;sid:84330444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467339)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7399f648-106b-4174-b8c0-6d6694895ad3/downloads/vakoxumem.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467339/; classtype:trojan-activity;sid:84330439; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gununemedusotojipime.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467340/; classtype:trojan-activity;sid:84330440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/92c7bb30-769c-4722-92cc-8b01b59910e0/downloads/36512394005.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467334/; classtype:trojan-activity;sid:84330434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7592d1e2-3dca-48f2-9f42-bb08c23dfb67/downloads/zutav.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467337/; classtype:trojan-activity;sid:84330437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8f97cb07-1cfa-4fca-b6d8-3f1bf47f56b3/downloads/dulerugufep.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467326/; classtype:trojan-activity;sid:84330426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467328)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nopurumonufulelu.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467328/; classtype:trojan-activity;sid:84330428; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467329)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2b44aaa8-926a-4cbd-9774-e30385fa65ac/downloads/zexesotusipedelew.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467329/; classtype:trojan-activity;sid:84330429; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/security_daily_activity_report_template.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467321/; classtype:trojan-activity;sid:84330421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a3d7189d-efc6-47e1-bbe5-dc5eeaf610a0/downloads/rtca_do-160g.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467312/; classtype:trojan-activity;sid:84330412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ac66f4da-754b-4df9-b080-4728fb201349/downloads/nimoma.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467313/; classtype:trojan-activity;sid:84330413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c877865a-29ce-446f-b8f8-42c8a2318eff/downloads/personal_loan_closure_letter_format_in_word.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467314/; classtype:trojan-activity;sid:84330414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11677680583.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467317/; classtype:trojan-activity;sid:84330417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/elkonin_boxes_word_list.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467318/; classtype:trojan-activity;sid:84330418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/zudelejanegine.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467320/; classtype:trojan-activity;sid:84330420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c3d6560-d229-4015-8af2-a70ad89bde0a/downloads/80071621679.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467307/; classtype:trojan-activity;sid:84330407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lapeke.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467305/; classtype:trojan-activity;sid:84330405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/kapabemirowajuzaxadirokef.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467303/; classtype:trojan-activity;sid:84330403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/modexad.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467304/; classtype:trojan-activity;sid:84330404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467298)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0bdc9896-149c-4815-8e37-9e55432c4120/downloads/bofugesugipufibutunida.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467298/; classtype:trojan-activity;sid:84330398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/xuguxupevubitutuzoju.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467300/; classtype:trojan-activity;sid:84330400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rubejemi.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467301/; classtype:trojan-activity;sid:84330401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atividades_de_concordancia_verbal_5o_ano_com_gabarito.pdf"; depth:115; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467286/; classtype:trojan-activity;sid:84330386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/45524925955.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467287/; classtype:trojan-activity;sid:84330387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/cyberark_psmp_admin_guide.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467292/; classtype:trojan-activity;sid:84330392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467295)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/kitab_shams_al_maarif.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467295/; classtype:trojan-activity;sid:84330395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3298be68-ecf2-4e6e-8fa7-1bf1d7657489/downloads/xagoje.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467283/; classtype:trojan-activity;sid:84330383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/83df8ca9-16c2-4244-8f9e-8be918c4b8a3/downloads/86611585002.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467279/; classtype:trojan-activity;sid:84330379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/41138401642.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467280/; classtype:trojan-activity;sid:84330380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467281)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/hepatorenales_syndrom.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467281/; classtype:trojan-activity;sid:84330381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467271)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/53744052149.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467271/; classtype:trojan-activity;sid:84330371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/nijalox.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467274/; classtype:trojan-activity;sid:84330374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/how_to_change_font_size_in_xchange_editor.pdf"; depth:103; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467275/; classtype:trojan-activity;sid:84330375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/limitorque_mx_ordering_guide.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467277/; classtype:trojan-activity;sid:84330377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/timex_expedition_indiglo_wr50m_manual.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467266/; classtype:trojan-activity;sid:84330366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/hitachi_cd_sem_operation_manual.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467269/; classtype:trojan-activity;sid:84330369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/87483152555.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467264/; classtype:trojan-activity;sid:84330364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/36672004653.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467259/; classtype:trojan-activity;sid:84330359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9dc6fd8e-b629-406d-be34-231dfc94d5e9/downloads/catia_v5_simulation_tutorial.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467260/; classtype:trojan-activity;sid:84330360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/vuzabovamipavowaseke.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467262/; classtype:trojan-activity;sid:84330362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/09077edc-9c07-4d95-9708-b2f62b12ca6a/downloads/jikiluwuruwewomurenix.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467254/; classtype:trojan-activity;sid:84330354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/weguma.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467258/; classtype:trojan-activity;sid:84330358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/attributes_of_a_good_research_topic_ppt.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467246/; classtype:trojan-activity;sid:84330346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1663535d-289f-4a17-902d-0bb53881ce69/downloads/kurupojofuxerixutalo.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467249/; classtype:trojan-activity;sid:84330349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467250)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/mizibatazikitawejubidodog.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467250/; classtype:trojan-activity;sid:84330350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/gibabasakofalulizuwa.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467251/; classtype:trojan-activity;sid:84330351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/meravinuvisudome.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467240/; classtype:trojan-activity;sid:84330340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/70815730326.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467241/; classtype:trojan-activity;sid:84330341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/86649529175.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467235/; classtype:trojan-activity;sid:84330335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/nims_703_b_answers.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467236/; classtype:trojan-activity;sid:84330336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/tojanigawexulametuzuk.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467237/; classtype:trojan-activity;sid:84330337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bc2ad79b-5832-4a2d-a335-92537db54849/downloads/pinestars_choice.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467230/; classtype:trojan-activity;sid:84330330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/vupegazezo.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467231/; classtype:trojan-activity;sid:84330331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/18985117210.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467221/; classtype:trojan-activity;sid:84330321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467223)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/03167ecf-a61c-49ea-b541-7a074a81e1da/downloads/6655537579.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467223/; classtype:trojan-activity;sid:84330323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/41957679215.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467225/; classtype:trojan-activity;sid:84330325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exemple_de_livret_2_vae_rempli.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467226/; classtype:trojan-activity;sid:84330326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f569f34e-b7af-41eb-9a21-0f9939c54b3f/downloads/64195657437.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467228/; classtype:trojan-activity;sid:84330328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/aspen_pims_manual.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467220/; classtype:trojan-activity;sid:84330320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/fivojudu.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467219/; classtype:trojan-activity;sid:84330319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/20019605198.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467210/; classtype:trojan-activity;sid:84330310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/45706940387.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467212/; classtype:trojan-activity;sid:84330312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xajuxe.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467213/; classtype:trojan-activity;sid:84330313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/81f7a7ad-d4fe-4147-943f-584c2d1e9bf5/downloads/because_of_mr_terupt_online.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467214/; classtype:trojan-activity;sid:84330314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/fajupip.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467215/; classtype:trojan-activity;sid:84330315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/minetest_wiki_commands.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467205/; classtype:trojan-activity;sid:84330305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/ohanian_physics_volume_1.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467206/; classtype:trojan-activity;sid:84330306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1c97d706-1093-417b-afec-0c60fc1d8547/downloads/74906999263.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467207/; classtype:trojan-activity;sid:84330307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/900d123a-2557-4fa9-92f6-1446b602b979/downloads/deporiramuga.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467208/; classtype:trojan-activity;sid:84330308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/traffic_light_risk_assessment_template_mental_health.pdf"; depth:114; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467209/; classtype:trojan-activity;sid:84330309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/suritotowid.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467202/; classtype:trojan-activity;sid:84330302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/41821413009.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467196/; classtype:trojan-activity;sid:84330296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/14312384720.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467200/; classtype:trojan-activity;sid:84330300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/37654458598.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467187/; classtype:trojan-activity;sid:84330287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/23776368177.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467188/; classtype:trojan-activity;sid:84330288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/eb8ff9f7-37bb-4420-bfa0-f018b38dcfa6/downloads/17065535031.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467190/; classtype:trojan-activity;sid:84330290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/41591669011.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467191/; classtype:trojan-activity;sid:84330291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/2634956565.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467193/; classtype:trojan-activity;sid:84330293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/437a989b-0a84-4105-b8c7-1870eb56af29/downloads/sbi_disbursement_request_form.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467177/; classtype:trojan-activity;sid:84330277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/27f26436-44ad-4647-8929-a76a4ea0ea67/downloads/sample_query_letter_for_negligence_of_duty.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467180/; classtype:trojan-activity;sid:84330280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/sapebufuj.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467181/; classtype:trojan-activity;sid:84330281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4365da4a-8d29-4708-8e67-b3b566794d83/downloads/fovizijazobupukototofosop.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467184/; classtype:trojan-activity;sid:84330284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/93759555539.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467186/; classtype:trojan-activity;sid:84330286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ligitove.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467175/; classtype:trojan-activity;sid:84330275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/62404701972.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467176/; classtype:trojan-activity;sid:84330276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/069f5eef-b21d-41b6-aaa6-569b53af1c5a/downloads/rawidesukusutalunug.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467171/; classtype:trojan-activity;sid:84330271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d102a54e-7197-4308-a937-d70c58240642/downloads/26442784020.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467172/; classtype:trojan-activity;sid:84330272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/83882971503.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467167/; classtype:trojan-activity;sid:84330267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/modelo_carta_entrega_de_inmueble_word.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467168/; classtype:trojan-activity;sid:84330268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467163)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/61905f2a-55dd-4144-8c7c-fce5e91063a8/downloads/british_army_all_arms_tactical_aide_memoire.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467163/; classtype:trojan-activity;sid:84330263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/rakotojifodonosanilorefa.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467166/; classtype:trojan-activity;sid:84330266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1ec2f808-78a9-4c99-aa80-be96e23bf450/downloads/gewikunobapizati.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467157/; classtype:trojan-activity;sid:84330257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7dda8154-e680-4c60-8651-19cf13768d49/downloads/jadol.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467158/; classtype:trojan-activity;sid:84330258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nojivurajojirezizi.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467154/; classtype:trojan-activity;sid:84330254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98571e96-4bd9-4ee2-bb76-481ac550907e/downloads/genebugutisevijuk.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467156/; classtype:trojan-activity;sid:84330256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/jiwekonuwokesarejibezan.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467148/; classtype:trojan-activity;sid:84330248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/159e5f7b-5078-45c9-9b36-63f21684101f/downloads/94962104148.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467149/; classtype:trojan-activity;sid:84330249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9483bc30-bb1c-4c04-9cf3-38d205924dab/downloads/jugilususosu.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467150/; classtype:trojan-activity;sid:84330250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/virapajoridubibakoxofa.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467151/; classtype:trojan-activity;sid:84330251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/319984769.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467152/; classtype:trojan-activity;sid:84330252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/makusikarubikowaxosop.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467142/; classtype:trojan-activity;sid:84330242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467143)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/gikuxuze.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467143/; classtype:trojan-activity;sid:84330243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/voxuba.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467146/; classtype:trojan-activity;sid:84330246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/wokaselu.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467147/; classtype:trojan-activity;sid:84330247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/velafeke.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467135/; classtype:trojan-activity;sid:84330235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/97fcff61-ad1b-4591-bfda-ed7d6d6690f0/downloads/49593663309.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467137/; classtype:trojan-activity;sid:84330237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/49103789197.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467138/; classtype:trojan-activity;sid:84330238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zafekupegagasaza.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467132/; classtype:trojan-activity;sid:84330232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/55585429936.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467133/; classtype:trojan-activity;sid:84330233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/siwevewedelo.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467125/; classtype:trojan-activity;sid:84330225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fedex_air_waybill_form.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467126/; classtype:trojan-activity;sid:84330226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d567d1b9-5a9f-4b97-a387-65a7c02f8ff4/downloads/barapinawowaja.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467127/; classtype:trojan-activity;sid:84330227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/44443741873.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467114/; classtype:trojan-activity;sid:84330214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/ravibopegaxipodek.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467115/; classtype:trojan-activity;sid:84330215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/haojue_chopper_road_150_manual.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467116/; classtype:trojan-activity;sid:84330216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/23c146af-6c5b-426f-944d-9bf55106e4d8/downloads/de_quien_es_hija_elisa_salinas.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467117/; classtype:trojan-activity;sid:84330217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rewekawejujawidubekafebur.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467118/; classtype:trojan-activity;sid:84330218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3425f1f9-2741-4cdd-9a85-f51cd8a77838/downloads/pyidaungsu_font_keyboard_layout.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467121/; classtype:trojan-activity;sid:84330221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/carte_du_voyage_d_ulysse.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467123/; classtype:trojan-activity;sid:84330223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/livro_domain_driven_design_portugues.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467109/; classtype:trojan-activity;sid:84330209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kulefenev.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467110/; classtype:trojan-activity;sid:84330210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/lobola_letter_example.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467111/; classtype:trojan-activity;sid:84330211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/acquisition_value_negative_in_area_01_aa617.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467108/; classtype:trojan-activity;sid:84330208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/widavizuxorig.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467101/; classtype:trojan-activity;sid:84330201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/chris_mccandless_travel_route.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467102/; classtype:trojan-activity;sid:84330202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467103)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/17ef1a7d-be6f-43bc-ac3a-a9c4fb65005e/downloads/powejavatunepoxaj.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467103/; classtype:trojan-activity;sid:84330203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/937a3a5d-28a9-4a6d-983b-63f9d4fe1460/downloads/90328489234.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467106/; classtype:trojan-activity;sid:84330206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/wurowujezodabod.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467098/; classtype:trojan-activity;sid:84330198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pubobagawu.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467099/; classtype:trojan-activity;sid:84330199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/forest_fire_causes_and_effects.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467100/; classtype:trojan-activity;sid:84330200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6b07c7a9-24ea-41b4-835a-7daa4871c250/downloads/16_personality_factors_by_cattell.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467086/; classtype:trojan-activity;sid:84330186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467087)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/725aea16-586d-4b26-8216-cd50b4981a76/downloads/wiley_organic_chemistry_solutions_manual.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467087/; classtype:trojan-activity;sid:84330187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/psicoweb_respuestas_2019.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467088/; classtype:trojan-activity;sid:84330188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8e32f5a5-6a1a-4ade-b57e-fa54871724ef/downloads/2040244551.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467091/; classtype:trojan-activity;sid:84330191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/koxisiranarigavod.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467092/; classtype:trojan-activity;sid:84330192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467093)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59d4bc6c-1e33-45d9-a430-f89e52f3f795/downloads/subazituwa.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467093/; classtype:trojan-activity;sid:84330193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/lettre_promesse_dembauche.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467094/; classtype:trojan-activity;sid:84330194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/971e893d-d96e-4c35-b8d0-897850ea3ce6/downloads/ice_quarterly_development_report_example.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467080/; classtype:trojan-activity;sid:84330180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/testigos_tablero_foton.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467081/; classtype:trojan-activity;sid:84330181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/how_to_get_gst_invoice_for_amazon_purchase.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467082/; classtype:trojan-activity;sid:84330182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/24365322622.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467083/; classtype:trojan-activity;sid:84330183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/91284214985.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467085/; classtype:trojan-activity;sid:84330185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c5dd25fc-7740-402b-aa70-862b15f3342c/downloads/8958005659.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467078/; classtype:trojan-activity;sid:84330178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wewofolivofometu.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467079/; classtype:trojan-activity;sid:84330179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/9665669589.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467072/; classtype:trojan-activity;sid:84330172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/konibaxixim.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467073/; classtype:trojan-activity;sid:84330173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/self_introduction_during_interview_example.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467074/; classtype:trojan-activity;sid:84330174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ff494cbe-9d2a-4ae4-802e-f50cfad48f0a/downloads/74334894285.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467075/; classtype:trojan-activity;sid:84330175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/55534301355.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467077/; classtype:trojan-activity;sid:84330177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/tevolutirasuvujivol.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467065/; classtype:trojan-activity;sid:84330165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/73100246338.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467066/; classtype:trojan-activity;sid:84330166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/earth_making_of_a_planet_national_geographic_worksheet.pdf"; depth:116; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467067/; classtype:trojan-activity;sid:84330167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/exercice_vitesse_6eme_physique.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467068/; classtype:trojan-activity;sid:84330168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rapport_de_stage_3eme_agence_immobiliere.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467069/; classtype:trojan-activity;sid:84330169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/bisebinalujivefiwugagabu.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467070/; classtype:trojan-activity;sid:84330170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/miludafat.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467064/; classtype:trojan-activity;sid:84330164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ea6e6a77-ad86-47ad-bec1-a500695628d4/downloads/66906319004.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467061/; classtype:trojan-activity;sid:84330161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b77102f9-1066-4a92-8a14-af011902d081/downloads/75162502331.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467062/; classtype:trojan-activity;sid:84330162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mapisirukuw.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467063/; classtype:trojan-activity;sid:84330163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/guzupuzuradadutov.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467058/; classtype:trojan-activity;sid:84330158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/teks_ratib_al_attas.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467059/; classtype:trojan-activity;sid:84330159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/49693757117.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467060/; classtype:trojan-activity;sid:84330160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/sabre_red_workspace_commands.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467050/; classtype:trojan-activity;sid:84330150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6702c9de-d943-4d22-b78e-7985c91f7713/downloads/84525111813.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467051/; classtype:trojan-activity;sid:84330151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/26bbb7e6-2f83-462e-b1a0-c9b7b5a50d38/downloads/training_needs_assessment_questionnaire_for_sales.pdf"; depth:111; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467052/; classtype:trojan-activity;sid:84330152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/najovozulubameto.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467053/; classtype:trojan-activity;sid:84330153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/225bb15f-2915-4639-a3a1-bcedb142b1ef/downloads/letter_format_for_reply_to_show_cause_notice.pdf"; depth:106; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467054/; classtype:trojan-activity;sid:84330154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c718f9e1-28ba-4c02-b434-4456f7af09a8/downloads/masizaz.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467055/; classtype:trojan-activity;sid:84330155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/51274200809.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467049/; classtype:trojan-activity;sid:84330149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/rolinejagogid.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467044/; classtype:trojan-activity;sid:84330144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/buxam.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467042/; classtype:trojan-activity;sid:84330142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/nokura.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467032/; classtype:trojan-activity;sid:84330132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/69da2f53-c229-4dc7-a889-7b67b52b1a78/downloads/nokejafowikazuvojoj.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467033/; classtype:trojan-activity;sid:84330133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e43067a0-6374-4a70-a00d-00ee3b01ce8d/downloads/93917384180.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467035/; classtype:trojan-activity;sid:84330135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0336533-680f-4ead-a55e-7e292796b70a/downloads/veteluruxoge.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467037/; classtype:trojan-activity;sid:84330137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sirijega.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467024/; classtype:trojan-activity;sid:84330124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5c2804a6-aa9c-48a0-92fa-b4e2830d3e94/downloads/ladakh_tourist_map.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467025/; classtype:trojan-activity;sid:84330125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cc5e3c0a-70ce-48cf-a48d-87f83c6b3256/downloads/major_problems_in_african_american_history.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467027/; classtype:trojan-activity;sid:84330127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d38d43db-37ad-45ec-b237-63ac8c84a196/downloads/latovin.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467029/; classtype:trojan-activity;sid:84330129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c10f3982-2d8c-41ef-9c88-95b9c7e0984b/downloads/exagrid_admin_guide.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467018/; classtype:trojan-activity;sid:84330118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/2880955338.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467019/; classtype:trojan-activity;sid:84330119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9f4350e3-635b-45ba-b69f-b1a7e95f309e/downloads/24638138520.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467020/; classtype:trojan-activity;sid:84330120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/54349718441.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467022/; classtype:trojan-activity;sid:84330122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/satyanarayan_puja_vidhi_in_sanskrit.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467023/; classtype:trojan-activity;sid:84330123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/sample_letter_to_be_excused_from_jury_service.pdf"; depth:107; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467016/; classtype:trojan-activity;sid:84330116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cf660a09-f805-468d-bb57-fa3593615f41/downloads/vumemaxexepemetesa.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467011/; classtype:trojan-activity;sid:84330111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/95493308607.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467012/; classtype:trojan-activity;sid:84330112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/91589198920.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467013/; classtype:trojan-activity;sid:84330113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/learn_korean_language_in_30_days.pdf"; depth:94; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467014/; classtype:trojan-activity;sid:84330114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/right_to_information_act_application_form_malayalam.pdf"; depth:113; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467015/; classtype:trojan-activity;sid:84330115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zesowafasunufezef.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467006/; classtype:trojan-activity;sid:84330106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8e46fb0c-8d21-4b8c-82fc-88315c96ddde/downloads/bevurusip.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467008/; classtype:trojan-activity;sid:84330108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/zanozibiwakixubunifelok.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467002/; classtype:trojan-activity;sid:84330102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/hbc_radiomatic_fse_727_manual.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467003/; classtype:trojan-activity;sid:84330103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e4335d81-d2e5-4638-9638-30640b1be91f/downloads/sofipidegib.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466999/; classtype:trojan-activity;sid:84330099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3467000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/54040f30-acd4-4a4c-a314-5c4c261b537d/downloads/printable_foods_high_in_uric_acid_chart.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3467000/; classtype:trojan-activity;sid:84330100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/15318963311.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466992/; classtype:trojan-activity;sid:84330092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c0f7f4ed-2d7c-4134-aa94-503b1eb6600b/downloads/pagulabomezex.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466993/; classtype:trojan-activity;sid:84330093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/katisugenifikipevas.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466996/; classtype:trojan-activity;sid:84330096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/xowawetavudazinomo.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466997/; classtype:trojan-activity;sid:84330097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7662afb9-5d02-4eb9-bd3b-6426a66215ee/downloads/2312138967.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466985/; classtype:trojan-activity;sid:84330085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/evaluation_geographie_6eme_habiter_une_metropole.pdf"; depth:110; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466986/; classtype:trojan-activity;sid:84330086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/kobumedigudopixemevuwef.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466987/; classtype:trojan-activity;sid:84330087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/vadigoxevujo.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466989/; classtype:trojan-activity;sid:84330089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/64414313920.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466991/; classtype:trojan-activity;sid:84330091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/mizoxuloniwi.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466979/; classtype:trojan-activity;sid:84330079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/66244318284.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466984/; classtype:trojan-activity;sid:84330084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/15247939327.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466971/; classtype:trojan-activity;sid:84330071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/example_of_a_lobola_letter_in_zulu.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466972/; classtype:trojan-activity;sid:84330072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ea25ddad-ebb0-4880-b714-a3f2cdadcbd9/downloads/notas_de_dinheiro_para_imprimir.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466973/; classtype:trojan-activity;sid:84330073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/606585da-2917-4da6-a9df-810ae6e7fbc1/downloads/asme_sec_8_div_1_appendix_8.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466975/; classtype:trojan-activity;sid:84330075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/segaxifalawanevake.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466976/; classtype:trojan-activity;sid:84330076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/3d_converter_for_autodesk_navisworks.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466968/; classtype:trojan-activity;sid:84330068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2c827e54-9a2c-449a-9d97-e20f9555c87a/downloads/pearson_iit_foundation_class_9_maths.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466969/; classtype:trojan-activity;sid:84330069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3d2c6212-591e-450b-b673-947709e569a9/downloads/jidikegegudafipi.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466970/; classtype:trojan-activity;sid:84330070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/gupira.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466966/; classtype:trojan-activity;sid:84330066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/79599984772.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466958/; classtype:trojan-activity;sid:84330058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/actaris_meter_manual.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466957/; classtype:trojan-activity;sid:84330057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/passaic_county_technical_institute_salary_guide.pdf"; depth:109; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466946/; classtype:trojan-activity;sid:84330046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0c2227e9-a807-4022-9307-9c68c8629142/downloads/59021495355.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466950/; classtype:trojan-activity;sid:84330050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3abea8f6-1776-4586-b4e6-47b414d29e30/downloads/mozosadoboligemuwisuwet.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466951/; classtype:trojan-activity;sid:84330051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466952)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/malaysia_company_employee_handbook.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466952/; classtype:trojan-activity;sid:84330052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/988c0021-e131-496b-8725-ae310052894b/downloads/berakigevep.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466937/; classtype:trojan-activity;sid:84330037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/87631223928.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466938/; classtype:trojan-activity;sid:84330038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/majisumilorenanevivo.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466941/; classtype:trojan-activity;sid:84330041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/risukepidupapa.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466944/; classtype:trojan-activity;sid:84330044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c272bee0-a4e4-45f4-a8ce-0b066973e0cb/downloads/gateman_wk_20_english_manual.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466933/; classtype:trojan-activity;sid:84330033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/koxid.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466934/; classtype:trojan-activity;sid:84330034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/sasufazovosonufowam.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466935/; classtype:trojan-activity;sid:84330035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6554737977.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466929/; classtype:trojan-activity;sid:84330029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/42942412664.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466931/; classtype:trojan-activity;sid:84330031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/43589756342.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466928/; classtype:trojan-activity;sid:84330028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/juporuko.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466923/; classtype:trojan-activity;sid:84330023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1d231bc1-15b8-4d3d-b451-c05909392126/downloads/71014366481.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466924/; classtype:trojan-activity;sid:84330024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/29389545569.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466920/; classtype:trojan-activity;sid:84330020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/jebagokapinezax.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466915/; classtype:trojan-activity;sid:84330015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/85747587751.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466916/; classtype:trojan-activity;sid:84330016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/ending_a_lease_letter_to_landlord.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466919/; classtype:trojan-activity;sid:84330019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/possession_letter_format_from_builder.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466909/; classtype:trojan-activity;sid:84330009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/mopuma.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466910/; classtype:trojan-activity;sid:84330010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a618ca0f-2608-47c2-ab22-bbc2ca127bb7/downloads/saziva.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466911/; classtype:trojan-activity;sid:84330011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/229e00b6-6232-4273-bd27-55f919ca28b8/downloads/financas_corporativas_teoria_e_pratica.pdf"; depth:100; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466912/; classtype:trojan-activity;sid:84330012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/76c40511-888a-4b14-bb65-87429974a9ff/downloads/gemotukuwitawusagulobez.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466913/; classtype:trojan-activity;sid:84330013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vupenamubow.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466903/; classtype:trojan-activity;sid:84330003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/10269055308.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466904/; classtype:trojan-activity;sid:84330004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/21711123451.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466905/; classtype:trojan-activity;sid:84330005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/14203617612.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466900/; classtype:trojan-activity;sid:84330000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e4ad6e04-69d1-4aa9-ba9f-c194e0ac5eef/downloads/lotavawofasopupe.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466902/; classtype:trojan-activity;sid:84330002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/mental_state_examination_checklist.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466898/; classtype:trojan-activity;sid:84329998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e5728c18-e5b3-4c69-bf59-a4be42aea8ac/downloads/22515332125.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466893/; classtype:trojan-activity;sid:84329993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/metso_neles_positioner_manual.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466894/; classtype:trojan-activity;sid:84329994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/9840498620.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466895/; classtype:trojan-activity;sid:84329995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3fffd8a4-4d1d-42f8-a3e8-f124f6724c06/downloads/kejawisenukasi.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466897/; classtype:trojan-activity;sid:84329997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72065953692.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466885/; classtype:trojan-activity;sid:84329985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1ecb10a4-49e9-4fe5-a6bc-f0f227949dd2/downloads/60627448414.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466890/; classtype:trojan-activity;sid:84329990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/ramevedasap.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466881/; classtype:trojan-activity;sid:84329981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fbb7d95c-19ce-4e6b-832c-1ccce7746b31/downloads/67882203250.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466882/; classtype:trojan-activity;sid:84329982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/df312c7d-f650-4c0e-a98f-02aee1a43694/downloads/77125885812.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466877/; classtype:trojan-activity;sid:84329977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/27721436213.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466864/; classtype:trojan-activity;sid:84329964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6abf7f7e-d12c-48f3-aa9a-703f4ccff8d7/downloads/81403469667.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466866/; classtype:trojan-activity;sid:84329966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466869)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zikirifusotuxusomel.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466869/; classtype:trojan-activity;sid:84329969; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/antibiotic_sensitivity_chart_sanford_guide.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466870/; classtype:trojan-activity;sid:84329970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9c8a6489-894f-4446-8722-19ef31b6a173/downloads/26803015720.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466872/; classtype:trojan-activity;sid:84329972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4d2b55bf-cda3-4071-bf2e-8c27282b789f/downloads/chambre_de_tirage_telecom.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466873/; classtype:trojan-activity;sid:84329973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/10387443769.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466875/; classtype:trojan-activity;sid:84329975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/zasuporuxumuza.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466876/; classtype:trojan-activity;sid:84329976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/77235011630.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466861/; classtype:trojan-activity;sid:84329961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/luvuges.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466863/; classtype:trojan-activity;sid:84329963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tovidesukowoxam.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466858/; classtype:trojan-activity;sid:84329958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a5a93100-d349-4291-8bce-18547efeb268/downloads/14773335318.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466859/; classtype:trojan-activity;sid:84329959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62bebe3a-24c2-4a56-9b26-65d7a4a8233d/downloads/xijawef.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466845/; classtype:trojan-activity;sid:84329945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a6301bc9-fbf1-4861-936b-8ce401d46d09/downloads/non_renewal_of_contract_letter_sample.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466846/; classtype:trojan-activity;sid:84329946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/75925905792.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466847/; classtype:trojan-activity;sid:84329947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/561eb1da-cbac-4811-84b8-e841d63e56cb/downloads/fomogivazugararux.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466848/; classtype:trojan-activity;sid:84329948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3ccd9234-721c-480b-91a1-84bae34c2069/downloads/votudomafuze.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466849/; classtype:trojan-activity;sid:84329949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ed3e7e73-6deb-4ec1-95e4-868a6659fe93/downloads/manning_guide_hotel_sample.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466851/; classtype:trojan-activity;sid:84329951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/45596981954.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466852/; classtype:trojan-activity;sid:84329952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tilovapexof.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466853/; classtype:trojan-activity;sid:84329953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/najufijirubedejalu.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466838/; classtype:trojan-activity;sid:84329938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/ludejawirusoxodofe.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466839/; classtype:trojan-activity;sid:84329939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/4959938645.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466843/; classtype:trojan-activity;sid:84329943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/98085965001.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466832/; classtype:trojan-activity;sid:84329932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dasuxugolod.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466833/; classtype:trojan-activity;sid:84329933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/attestation_de_non_affiliation_cnas_algerie.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466827/; classtype:trojan-activity;sid:84329927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/vw_gehaltstabelle_2022.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466828/; classtype:trojan-activity;sid:84329928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nidugapageru.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466830/; classtype:trojan-activity;sid:84329930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f6f33080-7dde-4e51-88ef-59c9fd931fca/downloads/latoletevuwogerovug.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466831/; classtype:trojan-activity;sid:84329931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/40119004199.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466818/; classtype:trojan-activity;sid:84329918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/talivejo.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466822/; classtype:trojan-activity;sid:84329922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/ansul_piranha_system_installation_manual.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466824/; classtype:trojan-activity;sid:84329924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/scada_system_architecture.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466813/; classtype:trojan-activity;sid:84329913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/63541235931.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466814/; classtype:trojan-activity;sid:84329914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/gaylord_texan_hotel_map.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466802/; classtype:trojan-activity;sid:84329902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/laxokuzigurebudisinatonu.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466803/; classtype:trojan-activity;sid:84329903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/09d72da9-ee58-43de-9ce0-8696fa874a10/downloads/kojutaz.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466805/; classtype:trojan-activity;sid:84329905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/civil_engineer_experience_certificate_word_format.pdf"; depth:111; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466808/; classtype:trojan-activity;sid:84329908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/55d28ff0-9d0b-42b4-8190-887f90038148/downloads/gimisomogaro.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466799/; classtype:trojan-activity;sid:84329899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/how_to_write_a_letter_to_society_for_car_parking.pdf"; depth:110; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466800/; classtype:trojan-activity;sid:84329900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/78dac1c1-e6f9-4066-ad39-7cbcdc39e651/downloads/93448099882.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466801/; classtype:trojan-activity;sid:84329901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/payment_under_protest_letter_sample.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466794/; classtype:trojan-activity;sid:84329894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/43447829480.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466797/; classtype:trojan-activity;sid:84329897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/97374790135.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466798/; classtype:trojan-activity;sid:84329898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/71423402684.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466788/; classtype:trojan-activity;sid:84329888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5c9ed0ab-abf7-4895-9a79-d81e87aed60a/downloads/nezumizegorazulamalit.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466790/; classtype:trojan-activity;sid:84329890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a4c519f1-5301-485e-9e9c-56d1397df289/downloads/79371210580.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466791/; classtype:trojan-activity;sid:84329891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kekososiwixokaz.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466792/; classtype:trojan-activity;sid:84329892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/14889765830.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466778/; classtype:trojan-activity;sid:84329878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rikisiwudepelapopazi.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466779/; classtype:trojan-activity;sid:84329879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/boriwivamafegujiser.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466781/; classtype:trojan-activity;sid:84329881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/seaworld_donation_request_orlando.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466782/; classtype:trojan-activity;sid:84329882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/schumacher_battery_charger_parts_se-4022.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466786/; classtype:trojan-activity;sid:84329886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d83328cf-50de-409a-9bf6-de7a48f66ed6/downloads/40650293844.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466787/; classtype:trojan-activity;sid:84329887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/ap_cm_relief_fund_application_process.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466777/; classtype:trojan-activity;sid:84329877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/narigokukeminozitema.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466768/; classtype:trojan-activity;sid:84329868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/32231114245.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466770/; classtype:trojan-activity;sid:84329870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fa0b65d5-8cfc-4875-922a-b490488b42be/downloads/schmersal_de-_42279_datasheet.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466771/; classtype:trojan-activity;sid:84329871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/checklist_format_for_housekeeping_in_hospital.pdf"; depth:107; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466772/; classtype:trojan-activity;sid:84329872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/91812224211.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466773/; classtype:trojan-activity;sid:84329873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/rizepigarebovubugebo.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466774/; classtype:trojan-activity;sid:84329874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466775)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/kawopixar.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466775/; classtype:trojan-activity;sid:84329875; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/58311665155.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466767/; classtype:trojan-activity;sid:84329867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/93503353547.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466763/; classtype:trojan-activity;sid:84329863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6974f1eb-71bf-4f90-8572-d8ac4e4f765d/downloads/wazakovefonetak.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466764/; classtype:trojan-activity;sid:84329864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9978fe41-dbcb-4b88-8a80-a839de3f86b5/downloads/42576721881.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466758/; classtype:trojan-activity;sid:84329858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466759)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/73769466656.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466759/; classtype:trojan-activity;sid:84329859; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/suvuraxelikubok.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466761/; classtype:trojan-activity;sid:84329861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3e09336e-0817-489c-96db-d43d5fd51fc4/downloads/i9_birth_certificate_example.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466762/; classtype:trojan-activity;sid:84329862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/stromer_st1_owners_manual.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466750/; classtype:trojan-activity;sid:84329850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/7215421885.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466753/; classtype:trojan-activity;sid:84329853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/37979647215.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466754/; classtype:trojan-activity;sid:84329854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/tejovejujepotobafoba.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466755/; classtype:trojan-activity;sid:84329855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/43947647531.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466756/; classtype:trojan-activity;sid:84329856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/97640682614.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466747/; classtype:trojan-activity;sid:84329847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466748)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2ec5b631-127b-4a5e-84ff-7de19674a208/downloads/daxukipavibipukoj.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466748/; classtype:trojan-activity;sid:84329848; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/66a9f463-0ae0-4403-bef2-3061bb9e36ef/downloads/rate_list_of_test_in_dr.lal_pathlabs.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466740/; classtype:trojan-activity;sid:84329840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c8939508-8a93-4f90-8b11-ddca3342e83a/downloads/4803379677.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466742/; classtype:trojan-activity;sid:84329842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/taski_procarpet_45_manual.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466745/; classtype:trojan-activity;sid:84329845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gomik.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466738/; classtype:trojan-activity;sid:84329838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ef27ce0e-c911-4d37-baad-bea065e796b8/downloads/kirekafusofo.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466736/; classtype:trojan-activity;sid:84329836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wiremabodopigotaf.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466732/; classtype:trojan-activity;sid:84329832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/67856105857.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466733/; classtype:trojan-activity;sid:84329833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466734)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/af0be9d0-b995-4f2a-8f66-25f04f50db42/downloads/rubetugetafapojopodibom.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466734/; classtype:trojan-activity;sid:84329834; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/3048437595.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466724/; classtype:trojan-activity;sid:84329824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cc370600-8080-4216-8e6c-52a7f34eeccf/downloads/iso_weld_symbols_chart.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466726/; classtype:trojan-activity;sid:84329826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/47b969d8-0664-43a5-a1cb-4ec8411e9eef/downloads/powerflex_755_user_manual_espanol.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466728/; classtype:trojan-activity;sid:84329828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7539d3e4-198a-4c91-addc-38e6066bfe55/downloads/2305786492.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466729/; classtype:trojan-activity;sid:84329829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/kangwon_land_inc_annual_report.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466730/; classtype:trojan-activity;sid:84329830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/wanigukanewalew.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466731/; classtype:trojan-activity;sid:84329831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/watiwime.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466715/; classtype:trojan-activity;sid:84329815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/638993752.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466716/; classtype:trojan-activity;sid:84329816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/milagetuxinofu.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466717/; classtype:trojan-activity;sid:84329817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/51295545026.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466719/; classtype:trojan-activity;sid:84329819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xezumiriruko.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466720/; classtype:trojan-activity;sid:84329820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/cleavage_front_row_amy_measurements.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466721/; classtype:trojan-activity;sid:84329821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/diamond_sieve_chart.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466708/; classtype:trojan-activity;sid:84329808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/09b152c4-bf66-44a7-8224-2992cea3ed0a/downloads/sample_indian_renunciation_form.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466710/; classtype:trojan-activity;sid:84329810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/pelebesepasirokirefukew.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466711/; classtype:trojan-activity;sid:84329811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/455fd801-8453-4cfe-b6ee-1af9e2a627f6/downloads/7558215776.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466712/; classtype:trojan-activity;sid:84329812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/50787175728.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466713/; classtype:trojan-activity;sid:84329813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/rotem_sigma_user_manual.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466706/; classtype:trojan-activity;sid:84329806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/lista_de_verbos_em_italiano.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466705/; classtype:trojan-activity;sid:84329805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a580c741-29a0-435a-a011-6aa538a5edae/downloads/25870917787.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466702/; classtype:trojan-activity;sid:84329802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/siwetofulugo.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466694/; classtype:trojan-activity;sid:84329794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0739216d-b619-42bb-83b4-7432b4331862/downloads/26798739628.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466695/; classtype:trojan-activity;sid:84329795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/23513409250.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466696/; classtype:trojan-activity;sid:84329796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/the_long_dark_crumbling_highway_map.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466697/; classtype:trojan-activity;sid:84329797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2eabcd0a-1fbf-48aa-8399-71392232a891/downloads/92332863676.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466698/; classtype:trojan-activity;sid:84329798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4c633c3b-7c73-43a9-a161-0e7459f617b4/downloads/popajuzokovuluboz.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466682/; classtype:trojan-activity;sid:84329782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4b7c63a1-8c4d-413e-83dc-2db6954011c6/downloads/6759358871.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466684/; classtype:trojan-activity;sid:84329784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/gelumoxosudasikaxo.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466686/; classtype:trojan-activity;sid:84329786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/47722224691.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466687/; classtype:trojan-activity;sid:84329787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/57326063662.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466689/; classtype:trojan-activity;sid:84329789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8aa13dbf-c0c5-4fe7-ae15-62e5c33a20e4/downloads/hewlett-packard_18e7_motherboard_specs.pdf"; depth:100; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466690/; classtype:trojan-activity;sid:84329790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/porebejotenojudud.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466691/; classtype:trojan-activity;sid:84329791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/duff_and_phelps_size_premium_2022.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466681/; classtype:trojan-activity;sid:84329781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pass_the_pigs_scoring_sheet.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466674/; classtype:trojan-activity;sid:84329774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6ae40ccb-f0fa-4b6b-bfcc-06032a30498c/downloads/logical_thinking_worksheets_for_kindergarten.pdf"; depth:106; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466679/; classtype:trojan-activity;sid:84329779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cb46680e-64d4-4308-8a44-9926381d0750/downloads/151743582.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466670/; classtype:trojan-activity;sid:84329770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/13792310994.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466671/; classtype:trojan-activity;sid:84329771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/cessna_172_instrument_panel_layout.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466666/; classtype:trojan-activity;sid:84329766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/24459864622.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466667/; classtype:trojan-activity;sid:84329767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4c0bdcf4-6f9c-40c3-8219-8cbbbcfb4026/downloads/10451479360.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466658/; classtype:trojan-activity;sid:84329758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/sap_fico_cutover_activities.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466659/; classtype:trojan-activity;sid:84329759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/98444125074.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466662/; classtype:trojan-activity;sid:84329762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/686c0a2e-9a90-4936-9f96-7d72f3c65f03/downloads/54960661120.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466663/; classtype:trojan-activity;sid:84329763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/3262231356.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466664/; classtype:trojan-activity;sid:84329764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/livro_pesquisa_bibliografica.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466648/; classtype:trojan-activity;sid:84329748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/37ff6e83-e399-4f09-b7f3-13b9438039c2/downloads/54456550535.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466650/; classtype:trojan-activity;sid:84329750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/request_letter_format_in_marathi_language.pdf"; depth:103; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466652/; classtype:trojan-activity;sid:84329752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5809a244-7d90-46f4-9de4-ee86dda3a2de/downloads/evaluation_emc_6eme_devenir_collegien.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466645/; classtype:trojan-activity;sid:84329745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/dd809168-aa55-4437-9a0e-42447fbc16fd/downloads/22731947285.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466640/; classtype:trojan-activity;sid:84329740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/hypothecation_cancellation_request_letter_format.pdf"; depth:110; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466641/; classtype:trojan-activity;sid:84329741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/182ae1b8-0b64-4790-be7b-698d5e8b3d57/downloads/gidatigexapufalumiwolagad.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466642/; classtype:trojan-activity;sid:84329742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/aocs_official_method_ce_1b_89.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466634/; classtype:trojan-activity;sid:84329734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pigogini.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466635/; classtype:trojan-activity;sid:84329735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ab158387-fd14-4136-be83-18d2feafd209/downloads/regonadafufosofujerijasur.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466639/; classtype:trojan-activity;sid:84329739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/xewegemodigu.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466625/; classtype:trojan-activity;sid:84329725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f9b61407-e9a0-4bfb-ac42-6ba811f07eed/downloads/daycare_reference_letter_template.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466626/; classtype:trojan-activity;sid:84329726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/displayport_1.4_spec.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466629/; classtype:trojan-activity;sid:84329729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0a49e03e-1cf9-44ed-ac44-c378f90fa5f8/downloads/63521883486.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466632/; classtype:trojan-activity;sid:84329732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/262ea410-a887-458b-b5ec-65748ef01e57/downloads/75258476975.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466633/; classtype:trojan-activity;sid:84329733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9441f8ad-6e79-4d4a-9602-3585b1269b7e/downloads/dajagunowe.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466619/; classtype:trojan-activity;sid:84329719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/432a6cf0-f63b-4132-8b03-52615cd2c1c3/downloads/hypochondria_ielts_reading_answers.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466620/; classtype:trojan-activity;sid:84329720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/migolijidawononavez.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466622/; classtype:trojan-activity;sid:84329722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6286d8b4-6ffa-4d84-aeea-f2a9bc58a594/downloads/hotel_courtesy_call_template.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466623/; classtype:trojan-activity;sid:84329723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/48cf8ef6-fe89-47b6-9b8e-43119a3d3833/downloads/89759746182.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466617/; classtype:trojan-activity;sid:84329717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/poquito_mas_nutrition_facts.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466613/; classtype:trojan-activity;sid:84329713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/luxutevosevuke.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466610/; classtype:trojan-activity;sid:84329710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/vamiralu.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466611/; classtype:trojan-activity;sid:84329711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bonunorovekofa.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466605/; classtype:trojan-activity;sid:84329705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/657a2269-1311-41bc-be7f-365fba299599/downloads/36407415595.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466606/; classtype:trojan-activity;sid:84329706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/82707682561.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466607/; classtype:trojan-activity;sid:84329707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a0620227-6f33-427f-8ac7-1fb80d24bd78/downloads/loxabafefomukewizirefa.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466608/; classtype:trojan-activity;sid:84329708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/metric_bolt_specification_chart.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466609/; classtype:trojan-activity;sid:84329709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/22305465780.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466597/; classtype:trojan-activity;sid:84329697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/efeaa59e-2423-41d8-b482-9a37e80979c7/downloads/ge_disconnect_switch.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466598/; classtype:trojan-activity;sid:84329698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7518eff6-349e-4445-8380-e1c43aacea7b/downloads/gemudewefedevovep.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466600/; classtype:trojan-activity;sid:84329700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/41809607-5bd4-4a52-8a62-530dfb6fcdd7/downloads/tugojokuru.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466601/; classtype:trojan-activity;sid:84329701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/hadoop_notes_by_durgasoft_ramakrishna.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466602/; classtype:trojan-activity;sid:84329702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/compassionate_leave_letter_examples.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466603/; classtype:trojan-activity;sid:84329703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2294c0f6-d737-4b16-8fca-94076227dda5/downloads/garrison_carbon_monoxide_and_gas_detector_manual.pdf"; depth:110; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466604/; classtype:trojan-activity;sid:84329704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/kuradorug.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466593/; classtype:trojan-activity;sid:84329693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/38053692779.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466594/; classtype:trojan-activity;sid:84329694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c4240411-5b76-4ebe-95b9-c00242399cf6/downloads/26107131918.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466595/; classtype:trojan-activity;sid:84329695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tozivagal.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466587/; classtype:trojan-activity;sid:84329687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1b026e03-5af6-461d-a832-b5e23f93b19f/downloads/rojumedevunez.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466591/; classtype:trojan-activity;sid:84329691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nefusajoxepisajejod.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466585/; classtype:trojan-activity;sid:84329685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tubewerapip.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466581/; classtype:trojan-activity;sid:84329681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/18645484853.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466583/; classtype:trojan-activity;sid:84329683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/4850921377.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466584/; classtype:trojan-activity;sid:84329684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/basimonuje.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466567/; classtype:trojan-activity;sid:84329667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4490da21-0774-43c2-8f10-26fe1384ffab/downloads/convention_collective_ucanss_mutatio.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466568/; classtype:trojan-activity;sid:84329668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2f6bcf3c-4b23-42e7-95db-7e5e3070b630/downloads/29680644903.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466569/; classtype:trojan-activity;sid:84329669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e297ab99-26f3-4763-8aa9-4b5ba8336826/downloads/61556440139.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466571/; classtype:trojan-activity;sid:84329671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/93a7eb93-9eef-4244-8f20-7f48de1f8294/downloads/rikeleneliteta.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466572/; classtype:trojan-activity;sid:84329672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dupibutemuxubezukexe.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466559/; classtype:trojan-activity;sid:84329659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/58f82e37-5723-4fc5-be87-1ca34da7fc9c/downloads/ladovarudugusujo.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466561/; classtype:trojan-activity;sid:84329661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/93623530863.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466562/; classtype:trojan-activity;sid:84329662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f4482b02-adbc-4511-a01d-8f5a32444a75/downloads/31982364803.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466563/; classtype:trojan-activity;sid:84329663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/manually_update_officescan_server.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466564/; classtype:trojan-activity;sid:84329664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/meligofat.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466565/; classtype:trojan-activity;sid:84329665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pibajusapasadasizuvabo.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466566/; classtype:trojan-activity;sid:84329666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/vuguvukopipokimukunoju.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466552/; classtype:trojan-activity;sid:84329652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/vmware_horizon_not_loading.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466553/; classtype:trojan-activity;sid:84329653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/gekepozokenaxaketojakoj.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466556/; classtype:trojan-activity;sid:84329656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xekinozu.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466557/; classtype:trojan-activity;sid:84329657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/tanaber.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466558/; classtype:trojan-activity;sid:84329658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466546)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lokodemerukezabakexa.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466546/; classtype:trojan-activity;sid:84329646; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wijigezafububofelib.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466547/; classtype:trojan-activity;sid:84329647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1a64ed17-85a2-4cee-b266-878ed957a17a/downloads/wezixipusafa.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466548/; classtype:trojan-activity;sid:84329648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6ed9a7df-8325-4b88-b206-4975011bd8d3/downloads/73303046927.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466551/; classtype:trojan-activity;sid:84329651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vafibezesixura.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466544/; classtype:trojan-activity;sid:84329644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466542)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cdf9b72e-240a-4a41-ac28-e187be75db3e/downloads/10008295817.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466542/; classtype:trojan-activity;sid:84329642; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466539)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/35017680871.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466539/; classtype:trojan-activity;sid:84329639; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b5346c1d-c474-4a92-9b4c-cbf0eee37189/downloads/jamupipenimewuroveg.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466534/; classtype:trojan-activity;sid:84329634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ddc49093-0792-428b-8073-6170b30113a2/downloads/ritiwuga.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466523/; classtype:trojan-activity;sid:84329623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/98558988287.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466524/; classtype:trojan-activity;sid:84329624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3d8c405e-d09a-43e6-b2b9-f8bbfe0e4b05/downloads/japifitakudisudupuweb.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466525/; classtype:trojan-activity;sid:84329625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b7519557-5091-4de7-b104-8e86c3953c5d/downloads/66697702965.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466527/; classtype:trojan-activity;sid:84329627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466528)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c4d8863b-da23-437d-86ed-df2351a23265/downloads/sazodaxorega.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466528/; classtype:trojan-activity;sid:84329628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/36655168913.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466512/; classtype:trojan-activity;sid:84329612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/wevularaboxurewugawe.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466513/; classtype:trojan-activity;sid:84329613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/rubizegelolulagexarunup.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466514/; classtype:trojan-activity;sid:84329614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466515)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c29905cb-cab1-47d6-9263-d073f5bcab67/downloads/pipe_fittings_surface_area_chart.pdf"; depth:94; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466515/; classtype:trojan-activity;sid:84329615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/ludirov.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466517/; classtype:trojan-activity;sid:84329617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/jedibam.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466521/; classtype:trojan-activity;sid:84329621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c2f5ec0b-52d8-40cb-8fa6-a66f6f891fa9/downloads/64630520522.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466522/; classtype:trojan-activity;sid:84329622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/19f0e93a-8f01-4f21-8964-dcc990dea571/downloads/honeywell_dc3002_manual.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466506/; classtype:trojan-activity;sid:84329606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30963207670.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466507/; classtype:trojan-activity;sid:84329607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/963d457e-5dea-4a7e-aae8-47aada2a7cc0/downloads/36202936872.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466508/; classtype:trojan-activity;sid:84329608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/738cd3ca-10f0-4f1e-865e-c0932904fbb2/downloads/28412734415.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466509/; classtype:trojan-activity;sid:84329609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/wepepuv.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466510/; classtype:trojan-activity;sid:84329610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/atpco_fare_filing_manual_s.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466503/; classtype:trojan-activity;sid:84329603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gartner_magic_quadrant_ips.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466504/; classtype:trojan-activity;sid:84329604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/xawegifurixikinixi.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466505/; classtype:trojan-activity;sid:84329605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nolovafitavire.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466501/; classtype:trojan-activity;sid:84329601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9f11cc6f-a645-4f71-bee4-e3848f35abf2/downloads/mojijodexiv.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466495/; classtype:trojan-activity;sid:84329595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/64114a94-94a3-4f5d-866a-beee254b955f/downloads/xipefodefanotare.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466497/; classtype:trojan-activity;sid:84329597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/gekulafemidafalijuw.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466498/; classtype:trojan-activity;sid:84329598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/types_of_lines_in_construction_drawings.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466489/; classtype:trojan-activity;sid:84329589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/psa_birth_certificate_authorization_letter.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466490/; classtype:trojan-activity;sid:84329590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/libububodanusakamarad.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466492/; classtype:trojan-activity;sid:84329592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/41202776349.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466480/; classtype:trojan-activity;sid:84329580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/dc583f51-62de-45fb-b9c6-f152dd4c2594/downloads/combining_like_terms_pyramid_worksheet_answers.pdf"; depth:108; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466481/; classtype:trojan-activity;sid:84329581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1dc2c198-09f6-4966-96bb-2e160c7d78e2/downloads/55840145977.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466482/; classtype:trojan-activity;sid:84329582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/puzenesariwalez.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466484/; classtype:trojan-activity;sid:84329584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c0eb552d-3ccf-4b3e-a340-0e3717106147/downloads/kalozarisi.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466485/; classtype:trojan-activity;sid:84329585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/wilikof.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466486/; classtype:trojan-activity;sid:84329586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/geruzirejexexani.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466487/; classtype:trojan-activity;sid:84329587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/de9d9f96-a289-4877-85d4-e6d2d4cc419c/downloads/minerva_t2000_manual.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466476/; classtype:trojan-activity;sid:84329576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/siemens_pcs_7_full_training_manual.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466474/; classtype:trojan-activity;sid:84329574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sojawamiluredowad.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466472/; classtype:trojan-activity;sid:84329572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/add57eeb-0480-4d3e-871c-79d9b8fe2772/downloads/lozataroziwukurejigax.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466462/; classtype:trojan-activity;sid:84329562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/capacitor_bank_preventive_maintenance_checklist.pdf"; depth:109; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466463/; classtype:trojan-activity;sid:84329563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/jesafi.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466464/; classtype:trojan-activity;sid:84329564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wofewipawo.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466465/; classtype:trojan-activity;sid:84329565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/58423586845.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466468/; classtype:trojan-activity;sid:84329568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466469)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89849145142.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466469/; classtype:trojan-activity;sid:84329569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4c26a93a-50bb-4104-895b-059e3fc9a02c/downloads/zoxinigexozojadidara.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466460/; classtype:trojan-activity;sid:84329560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/96b6a2f4-8317-413b-a7e3-44adb2eb81f5/downloads/demande_d_allocation_chomage_pole_emploi.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466454/; classtype:trojan-activity;sid:84329554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tutorialspoint_sap_pp.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466459/; classtype:trojan-activity;sid:84329559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/lafebokoz.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466449/; classtype:trojan-activity;sid:84329549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/advance_payment_request_letter_format_word.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466450/; classtype:trojan-activity;sid:84329550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466452)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/boilermaker_drawings_and_developments.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466452/; classtype:trojan-activity;sid:84329552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8532eb1d-13c2-4756-9d41-225750b056f4/downloads/litimuwabu.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466453/; classtype:trojan-activity;sid:84329553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/telcordia_sr_332_issue_4.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466444/; classtype:trojan-activity;sid:84329544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466445)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d89879dd-a0f6-4cd8-8b66-99c2d6e48b2c/downloads/stopaq_application_manual_2018.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466445/; classtype:trojan-activity;sid:84329545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3daad7b2-98c5-4dc1-b37a-5570afcba267/downloads/40472163846.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466447/; classtype:trojan-activity;sid:84329547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/89247847196.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466439/; classtype:trojan-activity;sid:84329539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/72993487295.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466440/; classtype:trojan-activity;sid:84329540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/de9155fa-7173-4766-94c3-9e400d4aed58/downloads/def_stan_91-91.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466441/; classtype:trojan-activity;sid:84329541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/42d6a3b4-bbc0-47ab-bf86-c3ddb806b2ed/downloads/rafadaduveputev.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466443/; classtype:trojan-activity;sid:84329543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466429)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3924d65b-e08d-4f21-8d71-a0b15eb654bb/downloads/63720952596.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466429/; classtype:trojan-activity;sid:84329529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/woleb.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466417/; classtype:trojan-activity;sid:84329517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dururotilonid.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466418/; classtype:trojan-activity;sid:84329518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/150_dialogues_en_francais.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466419/; classtype:trojan-activity;sid:84329519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/88031585580.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466420/; classtype:trojan-activity;sid:84329520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466423)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/dollar_general_cbl_answers_robbery_prevention.pdf"; depth:107; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466423/; classtype:trojan-activity;sid:84329523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4e8158-a082-4b1f-960e-1d82a946a72b/downloads/76239393989.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466424/; classtype:trojan-activity;sid:84329524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/51c1105d-a687-468d-b1aa-293ca9578a34/downloads/giwuroganapedokozijave.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466414/; classtype:trojan-activity;sid:84329514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/50e5aae7-a15c-4d74-a4ed-a8edfca980c4/downloads/atividades_adaptadas_de_ingles_para_deficientes_intelectuais.pdf"; depth:122; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466406/; classtype:trojan-activity;sid:84329506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/24465842333.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466407/; classtype:trojan-activity;sid:84329507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2d664301-7b5e-474d-97a1-1305c7ece601/downloads/35905190672.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466409/; classtype:trojan-activity;sid:84329509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/12922543008.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466410/; classtype:trojan-activity;sid:84329510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/804274b4-5f10-4c26-9de6-df56f38aac7c/downloads/20643132370.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466412/; classtype:trojan-activity;sid:84329512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/95435099570.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466413/; classtype:trojan-activity;sid:84329513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2bb4e8cb-ec7e-44c1-a645-d94d4534f3a4/downloads/far_from_you_tess_sharpe.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466401/; classtype:trojan-activity;sid:84329501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87076889980.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466403/; classtype:trojan-activity;sid:84329503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/40331451843.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466396/; classtype:trojan-activity;sid:84329496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/sumitomo_f50_compressor_manual.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466397/; classtype:trojan-activity;sid:84329497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tusosexukitut.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466398/; classtype:trojan-activity;sid:84329498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/chambre_de_tirage_telecom.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466387/; classtype:trojan-activity;sid:84329487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d45c0d9d-8581-471d-bee0-51d1b9891f05/downloads/nisisot.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466389/; classtype:trojan-activity;sid:84329489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tojabuka.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466390/; classtype:trojan-activity;sid:84329490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/16219919996.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466391/; classtype:trojan-activity;sid:84329491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/famous_athletes_banned_for_drug_use.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466392/; classtype:trojan-activity;sid:84329492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/31075581028.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466393/; classtype:trojan-activity;sid:84329493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/table_trigonometrique_complet.pdf"; depth:91; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466394/; classtype:trojan-activity;sid:84329494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f20719e2-319c-4f10-aabc-5dffb4a98912/downloads/45233279752.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466385/; classtype:trojan-activity;sid:84329485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/10e01255-b324-4a54-ae63-f4e28a319147/downloads/how_to_make_authorization_letter_to_claim_money_in_palawan.pdf"; depth:120; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466376/; classtype:trojan-activity;sid:84329476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/baropuzijavalerivotenujop.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466378/; classtype:trojan-activity;sid:84329478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466379)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15135097712.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466379/; classtype:trojan-activity;sid:84329479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4831e354-44dc-4759-9d14-0dd6cfda589f/downloads/demag_ac_350_dwg.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466366/; classtype:trojan-activity;sid:84329466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466370)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f6479094-5bf7-4b46-9ced-d0f3d0d49751/downloads/63982701040.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466370/; classtype:trojan-activity;sid:84329470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e35dded4-68df-49bc-a9b0-aad8c63628c2/downloads/polipuzikiwelines.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466371/; classtype:trojan-activity;sid:84329471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/jakirezimukixinirivuvizuw.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466372/; classtype:trojan-activity;sid:84329472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c4bf44b4-a39c-49f8-89f5-4b487ef61751/downloads/safety_precautions_during_rainy_season_ppt.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466373/; classtype:trojan-activity;sid:84329473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/gasanon.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466358/; classtype:trojan-activity;sid:84329458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/87218120165.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466359/; classtype:trojan-activity;sid:84329459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6c9fdcec-b167-4620-b064-54b8917c32b8/downloads/57211354597.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466364/; classtype:trojan-activity;sid:84329464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9927c1c5-c61c-4f5e-807e-67bd1833b3e4/downloads/2687436544.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466355/; classtype:trojan-activity;sid:84329455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/astonishment_report_example_template_free.pdf"; depth:103; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466356/; classtype:trojan-activity;sid:84329456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4454ad30-3f6f-488a-b5e6-19e7bcca2146/downloads/duzinijilufixikedaluw.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466353/; classtype:trojan-activity;sid:84329453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/47a03532-4838-4d3f-b185-a29c87fa882c/downloads/24511080679.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466340/; classtype:trojan-activity;sid:84329440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/35512569741.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466341/; classtype:trojan-activity;sid:84329441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/fiselarodinolapin.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466344/; classtype:trojan-activity;sid:84329444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/fonuferin.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466348/; classtype:trojan-activity;sid:84329448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/59681288373.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466349/; classtype:trojan-activity;sid:84329449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9db526fb-d62a-447a-9766-8665158ad47a/downloads/skf_linear_bearing_catalogue.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466350/; classtype:trojan-activity;sid:84329450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/45838770375.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466351/; classtype:trojan-activity;sid:84329451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466336)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98a1791f-f3a9-4ef2-ac34-41b3393c3d1d/downloads/original_documents_handover_letter_format.pdf"; depth:103; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466336/; classtype:trojan-activity;sid:84329436; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/60272662631.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466337/; classtype:trojan-activity;sid:84329437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aa44ab49-4d64-4d64-8bfd-2dfce545052f/downloads/limitations_act_2004_nigeria.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466338/; classtype:trojan-activity;sid:84329438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466331)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/72cc53f9-3bf4-447c-963a-353f48ad8500/downloads/puwutokok.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466331/; classtype:trojan-activity;sid:84329431; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/emdr_cognitive_interweaves.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466333/; classtype:trojan-activity;sid:84329433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/15715958975.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466325/; classtype:trojan-activity;sid:84329425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466326)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/sanugesijeviwo.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466326/; classtype:trojan-activity;sid:84329426; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466327)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/167862b3-31e9-4984-90e5-30766e3a7fa8/downloads/20740408467.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466327/; classtype:trojan-activity;sid:84329427; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/22914289512.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466316/; classtype:trojan-activity;sid:84329416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f842cd9f-c67c-4749-ba01-22d7c1ea502c/downloads/93070455772.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466317/; classtype:trojan-activity;sid:84329417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/61240910211.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466319/; classtype:trojan-activity;sid:84329419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/33251318472.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466320/; classtype:trojan-activity;sid:84329420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/84098559127.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466321/; classtype:trojan-activity;sid:84329421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kaxajopisojurivo.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466322/; classtype:trojan-activity;sid:84329422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/vehicle_sale_agreement_format_in_word_kerala_online_applicat.pdf"; depth:122; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466324/; classtype:trojan-activity;sid:84329424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/everstart_750_amp_jump_starter_manual.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466312/; classtype:trojan-activity;sid:84329412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/manual_ppap_4_edicao.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466313/; classtype:trojan-activity;sid:84329413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/3703775959.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466314/; classtype:trojan-activity;sid:84329414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466305)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3f5ecf8d-ba74-430f-ac11-9eb6ace92d02/downloads/womirojepu.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466305/; classtype:trojan-activity;sid:84329405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/lord_of_the_flies_script.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466307/; classtype:trojan-activity;sid:84329407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3d0a6e54-c95b-4e67-871e-882f39f9c203/downloads/38102271043.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466309/; classtype:trojan-activity;sid:84329409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/depo_provera_osteoporosis_guidelines.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466304/; classtype:trojan-activity;sid:84329404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/397fbc33-145f-44ec-a774-e1fa1b866d82/downloads/fekesijurada.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466301/; classtype:trojan-activity;sid:84329401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1e222df8-d197-4254-b90b-be3d3b023ef4/downloads/78299826683.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466293/; classtype:trojan-activity;sid:84329393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466294)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bc2da57a-5cad-4b1e-b658-8efa7e30bee5/downloads/como_transferir_saldo_de_dados_unitel.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466294/; classtype:trojan-activity;sid:84329394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/billetes_didacticos_mexicanos_para_imprimir.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466283/; classtype:trojan-activity;sid:84329383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466284)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/xutodorimalibavexididoson.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466284/; classtype:trojan-activity;sid:84329384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/vatalikuxigepiwu.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466285/; classtype:trojan-activity;sid:84329385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466286)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2fda8269-9b7e-4008-b093-ed7dc0bde9d7/downloads/zinivegosejuriwevagowu.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466286/; classtype:trojan-activity;sid:84329386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466288)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/dotuxomolomorapitome.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466288/; classtype:trojan-activity;sid:84329388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/541a1d8b-7a21-4c1f-8013-03406bd1a8ad/downloads/mevuxurike.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466289/; classtype:trojan-activity;sid:84329389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9c30937d-c8da-4e7b-9f7a-432344b46400/downloads/jubomumifekomu.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466291/; classtype:trojan-activity;sid:84329391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aa25c895-a966-4265-aeb1-bc094284554e/downloads/jifig.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466279/; classtype:trojan-activity;sid:84329379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/90378982159.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466280/; classtype:trojan-activity;sid:84329380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/jodegemotekuseve.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466282/; classtype:trojan-activity;sid:84329382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466268)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/46578941429.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466268/; classtype:trojan-activity;sid:84329368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466269)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/elenco_corsi_vam_viterbo.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466269/; classtype:trojan-activity;sid:84329369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/17714436684.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466259/; classtype:trojan-activity;sid:84329359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466260)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/planet_fitness_membership_cancellation_letter.pdf"; depth:107; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466260/; classtype:trojan-activity;sid:84329360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466261)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/af067739-2dfe-40f3-ae00-a758e587d7d3/downloads/61105974714.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466261/; classtype:trojan-activity;sid:84329361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466266)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/933c3405-1572-4648-b39e-d98567eb5bee/downloads/for_your_kind_perusal_and_necessary_action_meaning.pdf"; depth:112; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466266/; classtype:trojan-activity;sid:84329366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/119d5b03-e78f-4725-87b7-ed496b267f6d/downloads/scrubber_design_calculation_excel.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466267/; classtype:trojan-activity;sid:84329367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6787db73-833d-4393-867e-1b786eb5e101/downloads/60859753638.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466249/; classtype:trojan-activity;sid:84329349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/why_is_annexure_d_required_for_minor_passport.pdf"; depth:107; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466252/; classtype:trojan-activity;sid:84329352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/574284889.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466253/; classtype:trojan-activity;sid:84329353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9e5b6b40-f934-4273-a65f-cbaee9aa4b00/downloads/xikapataxofako.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466254/; classtype:trojan-activity;sid:84329354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466255)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lobigexapi.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466255/; classtype:trojan-activity;sid:84329355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466256)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2470d53e-fef7-4646-9c8b-919894e66d18/downloads/72646482584.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466256/; classtype:trojan-activity;sid:84329356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/46429707192.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466257/; classtype:trojan-activity;sid:84329357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466245)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7153ec40-cd7f-411a-a08b-66d173a33455/downloads/standards_australia_handbook_197.pdf"; depth:94; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466245/; classtype:trojan-activity;sid:84329345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/55745505506.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466247/; classtype:trojan-activity;sid:84329347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/43311556781.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466241/; classtype:trojan-activity;sid:84329341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/80691091889.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466244/; classtype:trojan-activity;sid:84329344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sewuxazomuwara.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466238/; classtype:trojan-activity;sid:84329338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ce549e8-3051-428a-a71b-b48f204ac3cd/downloads/rapid_router_level_43_solution.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466231/; classtype:trojan-activity;sid:84329331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0620bed2-a9d8-4f06-ab8c-173ea1a60a70/downloads/jijegarazomimubusawogam.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466232/; classtype:trojan-activity;sid:84329332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/matunekuv.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466233/; classtype:trojan-activity;sid:84329333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/53202951-38c7-4c35-8280-6cefaf47915f/downloads/statsafe_3000_msds.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466230/; classtype:trojan-activity;sid:84329330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/82647770508.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466221/; classtype:trojan-activity;sid:84329321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ee3e2894-0337-41f6-9371-caecf7034a22/downloads/26991821255.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466222/; classtype:trojan-activity;sid:84329322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/gesuzodekutiz.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466226/; classtype:trojan-activity;sid:84329326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62a7895e-5f81-4049-920b-e70e38d29e37/downloads/how_to_register_in_upstox.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466227/; classtype:trojan-activity;sid:84329327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/exercises_for_trigger_thumb.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466228/; classtype:trojan-activity;sid:84329328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/132d13c5-3f89-41bf-85b4-d1a24ddcf61c/downloads/nosiwevixina.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466229/; classtype:trojan-activity;sid:84329329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a56a106f-21b9-46c2-b5bc-12461919334c/downloads/vurarufa.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466215/; classtype:trojan-activity;sid:84329315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_get_a_wire_transfer_receipt_chase.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466217/; classtype:trojan-activity;sid:84329317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/3175972790.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466219/; classtype:trojan-activity;sid:84329319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/apex_sl_vibration_controller_manual.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466213/; classtype:trojan-activity;sid:84329313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466214)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/nakozixuwelafi.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466214/; classtype:trojan-activity;sid:84329314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mobesapovasag.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466205/; classtype:trojan-activity;sid:84329305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466206)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fae029f6-27b1-4578-94bc-ae0bbaeebde4/downloads/imperial_vernier_caliper_worksheet.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466206/; classtype:trojan-activity;sid:84329306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e2ab423c-1813-4cd0-becb-6a8adbf01641/downloads/ribafimimeriledok.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466207/; classtype:trojan-activity;sid:84329307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/62228929609.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466208/; classtype:trojan-activity;sid:84329308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/91a706e9-d066-47d7-89af-69535d865c3d/downloads/carteirinha_de_estudante_falsa_em.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466209/; classtype:trojan-activity;sid:84329309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/80e9e7c7-d97b-4b5a-96c4-9a83854a3065/downloads/35740879646.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466196/; classtype:trojan-activity;sid:84329296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f2d42ffe-779b-4107-ac42-7f36375aab37/downloads/zeneliginuboripiriza.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466201/; classtype:trojan-activity;sid:84329301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6bb5c8cf-e89d-49c0-aeeb-7278d39f6b32/downloads/fiche_grcf_bts_gpme.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466202/; classtype:trojan-activity;sid:84329302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/77724997403.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466193/; classtype:trojan-activity;sid:84329293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/xinunivigaxelifujukedo.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466181/; classtype:trojan-activity;sid:84329281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/pidipaxiworoguvosifap.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466182/; classtype:trojan-activity;sid:84329282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rent_receipt_format_in_ms_word.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466183/; classtype:trojan-activity;sid:84329283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/nipipuk.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466184/; classtype:trojan-activity;sid:84329284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/081e0348-3bf0-4a3e-a723-749adc1aa630/downloads/67271829455.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466185/; classtype:trojan-activity;sid:84329285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c0325f5e-ab4f-48af-8631-8757a310624e/downloads/57390845107.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466186/; classtype:trojan-activity;sid:84329286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/45659404876.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466187/; classtype:trojan-activity;sid:84329287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/80200009732.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466189/; classtype:trojan-activity;sid:84329289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3a657e0c-a872-4028-94b8-811aea249c49/downloads/shl_general_ability_test_answers_reddit.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466190/; classtype:trojan-activity;sid:84329290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06823f9b-45c4-43cb-a44f-1f9f645cebcf/downloads/32406777299.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466175/; classtype:trojan-activity;sid:84329275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/7694747911.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466177/; classtype:trojan-activity;sid:84329277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/danokubiwen.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466178/; classtype:trojan-activity;sid:84329278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466179)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62128af0-82d0-4bae-b967-d393a4304003/downloads/xibuvajuxaluvotom.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466179/; classtype:trojan-activity;sid:84329279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466180)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0a0c7596-8583-4967-abed-67d8d1ffd610/downloads/8393439781.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466180/; classtype:trojan-activity;sid:84329280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/redoripedigi.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466170/; classtype:trojan-activity;sid:84329270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/how_to_cancel_print_job_on_zebra_gk420d.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466172/; classtype:trojan-activity;sid:84329272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b83dcfc0-bbe6-4498-b356-e365ec2ed396/downloads/zofafiba.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466169/; classtype:trojan-activity;sid:84329269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466161)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a37e9011-77af-43eb-9e7b-dd6853450512/downloads/les_jours_de_la_semaine_exercices.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466161/; classtype:trojan-activity;sid:84329261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/90213521835.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466162/; classtype:trojan-activity;sid:84329262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/28725733968.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466154/; classtype:trojan-activity;sid:84329254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7aa15cc-b2d1-4fef-8a47-8d7810090a9c/downloads/jenuwegipujodunoj.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466149/; classtype:trojan-activity;sid:84329249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/dowuvibatekijutajuvavu.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466151/; classtype:trojan-activity;sid:84329251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466152)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/14196656823.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466152/; classtype:trojan-activity;sid:84329252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466153)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/44a9091e-2134-47ec-8037-250483142ad3/downloads/kenmore_elite_665.12783_k311_service_manual.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466153/; classtype:trojan-activity;sid:84329253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/50362295282.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466144/; classtype:trojan-activity;sid:84329244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/navy_uic_code_list.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466145/; classtype:trojan-activity;sid:84329245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9f2acd38-413e-47a5-ac42-d6305581bfab/downloads/logerafanekox.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466147/; classtype:trojan-activity;sid:84329247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/zakojamoderuvovu.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466140/; classtype:trojan-activity;sid:84329240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b2a026b5-555a-437c-867f-3969f62b48d7/downloads/successfactors_recruiting_implementation_guide.pdf"; depth:108; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466133/; classtype:trojan-activity;sid:84329233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/97474238027.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466134/; classtype:trojan-activity;sid:84329234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ddcbbbab-f8a6-4067-a450-a2f971a66e79/downloads/daikin_ac_remote_control_guide.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466135/; classtype:trojan-activity;sid:84329235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/lebuk.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466138/; classtype:trojan-activity;sid:84329238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/71642361311.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466139/; classtype:trojan-activity;sid:84329239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466128)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kumujadirifokekikivexe.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466128/; classtype:trojan-activity;sid:84329228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/2818265442.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466130/; classtype:trojan-activity;sid:84329230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e262bb3c-3205-4bb6-954b-f565479d59e0/downloads/examenes_psicometricos_pruebas_psicometricas_gratis_para_imp.pdf"; depth:122; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466132/; classtype:trojan-activity;sid:84329232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466122)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4252a31f-7a57-4ac8-a31e-ee71b2361194/downloads/61162239689.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466122/; classtype:trojan-activity;sid:84329222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/43b3ecff-25d4-4371-99a8-6df485cf4fd5/downloads/amoeba_sisters_classification_worksheet.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466125/; classtype:trojan-activity;sid:84329225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/fundamentals_of_power_supply_design_book.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466115/; classtype:trojan-activity;sid:84329215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/her_yonuyle_modern_almanca_dursun_zengin.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466116/; classtype:trojan-activity;sid:84329216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/15938565950.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466117/; classtype:trojan-activity;sid:84329217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d5271715-d4c2-447f-bd8c-804dbc17722c/downloads/experience_certificate_format_for_quality_control_engineer.pdf"; depth:120; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466107/; classtype:trojan-activity;sid:84329207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1b7f80b5-fb34-497d-8072-447feb44da09/downloads/lewamagoromizesa.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466109/; classtype:trojan-activity;sid:84329209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466110)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/courier_declaration_format.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466110/; classtype:trojan-activity;sid:84329210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466104)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/ruripumefenezalizaf.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466104/; classtype:trojan-activity;sid:84329204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/32a18e69-8d9d-488c-b50f-45023ca24343/downloads/87353354077.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466101/; classtype:trojan-activity;sid:84329201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20305303180.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466092/; classtype:trojan-activity;sid:84329192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466099)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/kutapodisub.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466099/; classtype:trojan-activity;sid:84329199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0919b7e4-2541-44dd-b945-9d5e6d22eaf1/downloads/xibegakibojonabawaz.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466100/; classtype:trojan-activity;sid:84329200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466083)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/doxuwiponubagexotabos.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466083/; classtype:trojan-activity;sid:84329183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/54308720858.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466084/; classtype:trojan-activity;sid:84329184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/gomanelakog.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466085/; classtype:trojan-activity;sid:84329185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/nx_nastran_element_library_reference_manual.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466089/; classtype:trojan-activity;sid:84329189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/collibra_expert_i_certification_answers_sheet_download_2017.pdf"; depth:121; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466074/; classtype:trojan-activity;sid:84329174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4ec11559-69c0-4903-84a6-3240babfcfe7/downloads/lapagikevipewijumodoru.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466075/; classtype:trojan-activity;sid:84329175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/formulaire_virement_international_banque_postale.pdf"; depth:110; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466076/; classtype:trojan-activity;sid:84329176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/96273346643.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466078/; classtype:trojan-activity;sid:84329178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1feaf4a2-3a85-48bd-b975-ab8d5bcee640/downloads/30816276176.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466079/; classtype:trojan-activity;sid:84329179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d8f5bd9b-2c75-4c1f-8d4d-84a7de1d3443/downloads/rent_brokerage_receipt_format_word.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466070/; classtype:trojan-activity;sid:84329170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8439ca10-a5ac-4299-aa09-54ab615a2090/downloads/bozagororaxurivir.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466071/; classtype:trojan-activity;sid:84329171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/54016191818.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466072/; classtype:trojan-activity;sid:84329172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f0d27cad-ce96-47a4-a6b6-d00149677212/downloads/87562723190.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466073/; classtype:trojan-activity;sid:84329173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/swot_analysis_for_poultry_farming.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466066/; classtype:trojan-activity;sid:84329166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/bosokoxa.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466067/; classtype:trojan-activity;sid:84329167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/69034861186.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466063/; classtype:trojan-activity;sid:84329163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466065)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/14962502915.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466065/; classtype:trojan-activity;sid:84329165; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466060)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/42589334771.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466060/; classtype:trojan-activity;sid:84329160; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/banksman_hand_signals.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466054/; classtype:trojan-activity;sid:84329154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6cdacb6d-7fbf-4d09-a986-56cdfa4edeb2/downloads/5985868832.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466055/; classtype:trojan-activity;sid:84329155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d258c0c8-b9d9-4d64-b965-01378617d9c6/downloads/voter_list_delhi_2018.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466056/; classtype:trojan-activity;sid:84329156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99737319160.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466058/; classtype:trojan-activity;sid:84329158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1bfc168f-d0df-43cb-a73e-d0c80e42fe5c/downloads/71653623394.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466045/; classtype:trojan-activity;sid:84329145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/testing_and_commissioning_of_electrical_equipment.pdf"; depth:111; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466047/; classtype:trojan-activity;sid:84329147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/1ffc09a0-c9a4-4762-8145-43798f2fda71/downloads/back_to_work_from_maternity_leave_email.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466048/; classtype:trojan-activity;sid:84329148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/xepaxijaniwitofoxipoja.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466049/; classtype:trojan-activity;sid:84329149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/de43da9e-bc77-4e56-a909-0e72ba746cf9/downloads/electricity_bill_name_change_noc_format.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466051/; classtype:trojan-activity;sid:84329151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2ad58263-1b5c-4da7-bc4a-7b8f99e22218/downloads/formulaire_ordre_de_virement_banque_postale.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466052/; classtype:trojan-activity;sid:84329152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/76135669664.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466053/; classtype:trojan-activity;sid:84329153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/23ec0b56-0ae7-4e41-8565-08e517b0b386/downloads/gatamalepuberik.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466039/; classtype:trojan-activity;sid:84329139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466040)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/97106569323.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466040/; classtype:trojan-activity;sid:84329140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466041)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3e3d230e-4918-4f4b-8a10-8ee933aabcaf/downloads/99772344048.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466041/; classtype:trojan-activity;sid:84329141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466037)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/wapurexep.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466037/; classtype:trojan-activity;sid:84329137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/19668bf7-0111-4cbb-8050-06562ac08bba/downloads/steps_to_create_template_instance_in_tosca.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466032/; classtype:trojan-activity;sid:84329132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/bidoxefemoduxunirez.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466033/; classtype:trojan-activity;sid:84329133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/88817028453.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466034/; classtype:trojan-activity;sid:84329134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/job_work_challan_format_in_excel.pdf"; depth:94; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466027/; classtype:trojan-activity;sid:84329127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466028)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/34794329-fa5b-49f8-8f60-fb0720b1e556/downloads/14476765670.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466028/; classtype:trojan-activity;sid:84329128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/resignation_letter_template_family_reasons.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466015/; classtype:trojan-activity;sid:84329115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8c16f145-4fc0-4af7-a4db-de4acd818fe4/downloads/14431999044.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466016/; classtype:trojan-activity;sid:84329116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/21303726077.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466017/; classtype:trojan-activity;sid:84329117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/minupawuferogu.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466018/; classtype:trojan-activity;sid:84329118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b071d266-376f-40c9-bb70-11ca77d8051b/downloads/36008974689.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466020/; classtype:trojan-activity;sid:84329120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466021)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/60919645191.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466021/; classtype:trojan-activity;sid:84329121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/424b0398-579a-4717-a17a-ffb972bf5819/downloads/audit_professional_clearance_letter_template.pdf"; depth:106; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466022/; classtype:trojan-activity;sid:84329122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466023)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/30072850819.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466023/; classtype:trojan-activity;sid:84329123; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/75213021290.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466024/; classtype:trojan-activity;sid:84329124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/law-making_process_in_zimbabwe.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466025/; classtype:trojan-activity;sid:84329125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/363b8b8c-bdd6-4ad7-ac6c-ba65cd60171b/downloads/abaqus_user_subroutine_reference_guide.pdf"; depth:100; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466011/; classtype:trojan-activity;sid:84329111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/85845004614.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466014/; classtype:trojan-activity;sid:84329114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/genuwafazapibiwinowafal.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466005/; classtype:trojan-activity;sid:84329105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/20322886839.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466006/; classtype:trojan-activity;sid:84329106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/gagibipawuzepakan.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466008/; classtype:trojan-activity;sid:84329108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/sample_authorization_letter_to_get_psa_marriage_certificate.pdf"; depth:121; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466002/; classtype:trojan-activity;sid:84329102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/8517821794.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465993/; classtype:trojan-activity;sid:84329093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/padanad.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465994/; classtype:trojan-activity;sid:84329094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9971747c-d991-46ae-b932-5ba73958e604/downloads/fojajexuretimototatoles.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465995/; classtype:trojan-activity;sid:84329095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465996)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/mosodekasaxozebopajebibe.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465996/; classtype:trojan-activity;sid:84329096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6be9a470-c465-4776-ab76-53713c51537a/downloads/30164245456.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465997/; classtype:trojan-activity;sid:84329097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f264223f-22e7-47f1-947d-9e365a75e217/downloads/96358679127.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465999/; classtype:trojan-activity;sid:84329099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3466000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f65856df-6ee2-426f-901a-fbcb5106e767/downloads/22057173676.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3466000/; classtype:trojan-activity;sid:84329100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465984)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/butterfly_roof_construction_detail.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465984/; classtype:trojan-activity;sid:84329084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7ebcf742-ccb2-4edb-bbc1-6f67ead5b604/downloads/baxejatoxenidomixidedax.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465985/; classtype:trojan-activity;sid:84329085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465986)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/17465496427.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465986/; classtype:trojan-activity;sid:84329086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465989)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/zabefenakozevopesomewazi.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465989/; classtype:trojan-activity;sid:84329089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/48283c5b-b198-4860-9bf9-7f30a2f8146b/downloads/zoromipubadijivonexon.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465990/; classtype:trojan-activity;sid:84329090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8df58291-e0db-425a-9cda-a9882386ada6/downloads/jaladimurefasetuzukiwaxit.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465991/; classtype:trojan-activity;sid:84329091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wofalobomosotanavuze.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465992/; classtype:trojan-activity;sid:84329092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465980)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0d21a9d5-01df-4a9e-9327-883996b2f71d/downloads/ansi_electrical_symbols_standards.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465980/; classtype:trojan-activity;sid:84329080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a435afa7-bc93-481f-8a35-ce503cc8a972/downloads/sri_rudram_namakam_chamakam_tamil.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465974/; classtype:trojan-activity;sid:84329074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/tumiwujuluxuwaxi.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465975/; classtype:trojan-activity;sid:84329075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/denutetoraditut.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465977/; classtype:trojan-activity;sid:84329077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9569c183-65dc-4f14-a45e-e7944584cb65/downloads/bifidetogatovotuwideki.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465961/; classtype:trojan-activity;sid:84329061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/baroque_guitar_tab.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465962/; classtype:trojan-activity;sid:84329062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7f34267e-2563-449a-82e3-60f19988c45d/downloads/lic_jeevan_saral_plan_165_chart.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465963/; classtype:trojan-activity;sid:84329063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/69187265192.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465965/; classtype:trojan-activity;sid:84329065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465968)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d551812a-3c47-48f1-bc1d-3ac42c3f246c/downloads/rigumudusogepivana.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465968/; classtype:trojan-activity;sid:84329068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/5528845131.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465969/; classtype:trojan-activity;sid:84329069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/34a417cb-7930-4ae3-8428-8420716ba08a/downloads/74129229699.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465971/; classtype:trojan-activity;sid:84329071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/cancionero_catolico_jesed.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465972/; classtype:trojan-activity;sid:84329072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7a3b63b5-3e6a-48ac-8e49-14ed0037cbc4/downloads/historietas_del_medio_ambiente_largas.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465957/; classtype:trojan-activity;sid:84329057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/62049175170.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465955/; classtype:trojan-activity;sid:84329055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465949)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/10908647555.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465949/; classtype:trojan-activity;sid:84329049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465951)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/maxabamuxixotabevifutiw.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465951/; classtype:trojan-activity;sid:84329051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/downgrade_oracle_database_from_19c_to_11g.pdf"; depth:103; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465953/; classtype:trojan-activity;sid:84329053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ba9b549d-a804-4d13-a818-3c55b3524acd/downloads/75189909272.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465942/; classtype:trojan-activity;sid:84329042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/individual_development_plan_powerpoint_template.pdf"; depth:109; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465945/; classtype:trojan-activity;sid:84329045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/64954946228.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465946/; classtype:trojan-activity;sid:84329046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/bapozujipo.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465939/; classtype:trojan-activity;sid:84329039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4872c6d8-aa46-4e32-b809-43d741337793/downloads/74841624584.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465931/; classtype:trojan-activity;sid:84329031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3a90d4c9-f215-49ec-8178-8e50febf5250/downloads/tedutogonisijetinikiw.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465932/; classtype:trojan-activity;sid:84329032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/wipofuta.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465933/; classtype:trojan-activity;sid:84329033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4cb1e8a7-0f1a-4c3a-ae4d-65ac09f78b80/downloads/fenekipejivatoxeni.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465935/; classtype:trojan-activity;sid:84329035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465937)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/445dfc81-a427-4468-a541-314294ee0cbb/downloads/wolarodipuxusisug.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465937/; classtype:trojan-activity;sid:84329037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465938)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c3be0091-4534-4191-a72e-570acc745d3e/downloads/attestation_de_prise_en_charge_tlscontact.pdf"; depth:103; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465938/; classtype:trojan-activity;sid:84329038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fa4295b9-8c98-4187-bbf8-91c9d7ce5f9e/downloads/89606848887.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465924/; classtype:trojan-activity;sid:84329024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465926)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/44d0963d-ba71-4620-abdb-e3c6631b392b/downloads/balance_confirmation_letter_format_in_word.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465926/; classtype:trojan-activity;sid:84329026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/rollo_tomassi_the_rational_male_turkce.pdf"; depth:100; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465912/; classtype:trojan-activity;sid:84329012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465914)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/800bda9c-ed1b-45a1-a7d5-702e4e14f980/downloads/pmp_42_processes_chart.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465914/; classtype:trojan-activity;sid:84329014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/86917927693.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465915/; classtype:trojan-activity;sid:84329015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465916)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/methodologie_du_commentaire_compose_francais.pdf"; depth:106; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465916/; classtype:trojan-activity;sid:84329016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gauss_elimination_method_example_with_solution.pdf"; depth:108; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465919/; classtype:trojan-activity;sid:84329019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5f03ee03-a319-4a1e-a052-a99710c59365/downloads/bujulodipesotixugakujup.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465910/; classtype:trojan-activity;sid:84329010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/hsbc_bank_statement.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465906/; classtype:trojan-activity;sid:84329006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/94e1955e-c7d2-4e11-a6ac-7a5ec652d6cd/downloads/suzuki_dt4_owners_manual.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465909/; classtype:trojan-activity;sid:84329009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8f5eeb54-04ec-4a30-bb55-41e413d1f3ed/downloads/open_pit_mine_planning_and_design.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465903/; classtype:trojan-activity;sid:84329003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465904)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ceb9a026-f6c4-4e26-a968-d8e0e8d06aaa/downloads/tevedowopalugafaxoro.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465904/; classtype:trojan-activity;sid:84329004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/adb32098-1c7a-4519-9e53-ced990fc5d88/downloads/kuniwuzujujurejovewo.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465905/; classtype:trojan-activity;sid:84329005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/88933df5-ca10-43b5-b140-6aa02868b89c/downloads/76236294804.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465896/; classtype:trojan-activity;sid:84328996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6ab86f22-a419-4e4f-91d4-5a654823f744/downloads/pamolitix.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465897/; classtype:trojan-activity;sid:84328997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/697088a1-6c9a-496e-9a4d-922308cd97be/downloads/42508658220.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465898/; classtype:trojan-activity;sid:84328998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/sotax_at_xtend_user_manual.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465885/; classtype:trojan-activity;sid:84328985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5d8bfe2e-b91e-431f-9bdc-3f0ea97e388e/downloads/wovivesapo.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465886/; classtype:trojan-activity;sid:84328986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06792788-ebeb-4570-893a-70dafae2a105/downloads/sample_consent_letter_from_husband_for_wife_to_travel.pdf"; depth:115; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465888/; classtype:trojan-activity;sid:84328988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/formulaire_renouvellement_titre_de_sejour_yvelines.pdf"; depth:112; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465889/; classtype:trojan-activity;sid:84328989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/71d9f42f-0bad-4406-8a48-95c698e57e68/downloads/98599689697.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465891/; classtype:trojan-activity;sid:84328991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/92007305293.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465892/; classtype:trojan-activity;sid:84328992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d07e2353-3643-42fe-ba11-ffa772b1a28d/downloads/duff_phelps_size_premium.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465893/; classtype:trojan-activity;sid:84328993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9213334f-b8c6-41b2-903d-dc8cc5791a0a/downloads/49429599069.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465881/; classtype:trojan-activity;sid:84328981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/22187922858.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465882/; classtype:trojan-activity;sid:84328982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/nafexasu.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465876/; classtype:trojan-activity;sid:84328976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/99401481523.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465878/; classtype:trojan-activity;sid:84328978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/harry_potter_ea_camara_secreta_ilustrado.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465879/; classtype:trojan-activity;sid:84328979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465870)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/800cff82-04ba-4c47-9f8b-d21367acb04d/downloads/all_gujarati_magazine.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465870/; classtype:trojan-activity;sid:84328970; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/34103705134.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465871/; classtype:trojan-activity;sid:84328971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465872)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9a32841c-0d54-4ad0-8acd-a5b15c41cae1/downloads/nagpur_metro_phase_2_dpr.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465872/; classtype:trojan-activity;sid:84328972; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/99406712648.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465873/; classtype:trojan-activity;sid:84328973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/96d7062c-715f-4c9e-82c2-ac322bf04d1a/downloads/fawafep.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465874/; classtype:trojan-activity;sid:84328974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/51e053ea-8122-46e3-bee6-6c00a935619c/downloads/28185631859.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465875/; classtype:trojan-activity;sid:84328975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/renamotoxuxesike.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465865/; classtype:trojan-activity;sid:84328965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/wixutazavadupiruzani.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465866/; classtype:trojan-activity;sid:84328966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/vixodamev.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465864/; classtype:trojan-activity;sid:84328964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pulse_secure_network_error_1329.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465852/; classtype:trojan-activity;sid:84328952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465853)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8fc62093-f93e-447d-8e21-b1e235f4d9cc/downloads/cibse_psychrometric_chart.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465853/; classtype:trojan-activity;sid:84328953; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465857)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/citrix_adc_vpx_datasheet.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465857/; classtype:trojan-activity;sid:84328957; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cac64821-2205-4248-abd9-55e775312c94/downloads/rosigamosusen.pdf"; depth:75; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465847/; classtype:trojan-activity;sid:84328947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465848)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/fosofiboma.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465848/; classtype:trojan-activity;sid:84328948; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/600b6853-9b14-40c4-b9d1-c0a10f9ad1eb/downloads/mathematics_core_topics_sl.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465850/; classtype:trojan-activity;sid:84328950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/6e0acf5f-e652-447e-8a3a-90dcb81c48ee/downloads/loan_cancellation_letter.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465843/; classtype:trojan-activity;sid:84328943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98fd26ea-5c50-4ebf-945e-7ed158ebe1b6/downloads/workplace_printable_hurt_feelings_report.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465844/; classtype:trojan-activity;sid:84328944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465845)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/zalekebi.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465845/; classtype:trojan-activity;sid:84328945; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/58616986475.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465833/; classtype:trojan-activity;sid:84328933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465835)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/one_of_us_is_lying_character_quotes.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465835/; classtype:trojan-activity;sid:84328935; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/jewuzikilodejosowar.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465839/; classtype:trojan-activity;sid:84328939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465825)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/72fc6eb8-20de-4439-bced-6bfc7eecaa8e/downloads/bogev.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465825/; classtype:trojan-activity;sid:84328925; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/58b13a51-176b-4b7e-ab1e-a0c84e7a5487/downloads/currency_market_mechanics_bmc_answers.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465826/; classtype:trojan-activity;sid:84328926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/018aefd4-3541-4598-a5c3-d0911ca60a82/downloads/asce_7-05_espanol_gratis.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465827/; classtype:trojan-activity;sid:84328927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tifunakarexefeguwitoda.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465828/; classtype:trojan-activity;sid:84328928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/06a2cc2e-f4bb-4ca4-a0d9-71e2fc8b7812/downloads/molaxoxekex.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465829/; classtype:trojan-activity;sid:84328929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/iata_airport_handling_manual_2019_full.pdf"; depth:100; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465830/; classtype:trojan-activity;sid:84328930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c1bf3ae2-f6cc-4078-b639-2ff1ca0b62be/downloads/1172286111.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465831/; classtype:trojan-activity;sid:84328931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/euchre_score_sheets_for_16_players.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465832/; classtype:trojan-activity;sid:84328932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/dungeon_crawl_classics.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465820/; classtype:trojan-activity;sid:84328920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bb45e14d-29c5-4287-b67f-843105f3b091/downloads/69904656893.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465804/; classtype:trojan-activity;sid:84328904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465806)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/emmaus_walk_letters_of_encouragement.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465806/; classtype:trojan-activity;sid:84328906; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fc635392-61de-40bc-86f0-c9844fcf30fd/downloads/gramatica_portugues_brasil.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465809/; classtype:trojan-activity;sid:84328909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/647bfca3-c5f6-48a0-9ec3-35afde17c6e3/downloads/gamokul.pdf"; depth:69; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465814/; classtype:trojan-activity;sid:84328914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fa284320-69aa-45db-92e2-86468d4beaf0/downloads/53174458267.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465815/; classtype:trojan-activity;sid:84328915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/72502959-bd3f-431c-9582-055fb0eb9e9d/downloads/nike_employee_benefits.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465795/; classtype:trojan-activity;sid:84328895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/97767745983.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465798/; classtype:trojan-activity;sid:84328898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/country_of_origin_letter_template.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465799/; classtype:trojan-activity;sid:84328899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/39834772333.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465802/; classtype:trojan-activity;sid:84328902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rofaruzev.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465790/; classtype:trojan-activity;sid:84328890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/990799bc-d23a-46ce-a09a-3161937bf907/downloads/verismo_701_service_manual.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465791/; classtype:trojan-activity;sid:84328891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/rodudiniruzawame.pdf"; depth:78; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465792/; classtype:trojan-activity;sid:84328892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3c8f7a45-f68c-4369-8f63-be6429599400/downloads/butulanimirovubeve.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465785/; classtype:trojan-activity;sid:84328885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c725aa89-ce3b-4b0b-861e-e7c40702153d/downloads/gisewonivikamadoliwozuv.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465786/; classtype:trojan-activity;sid:84328886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d1335ae9-6401-4997-a89d-ffce5d766eb7/downloads/44332900662.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465787/; classtype:trojan-activity;sid:84328887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b6f72d87-e560-495a-a5bd-684e976b53e4/downloads/nagano_keiki_km10.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465779/; classtype:trojan-activity;sid:84328879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/76488986948.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465781/; classtype:trojan-activity;sid:84328881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465782)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ac62f849-5623-435a-93ad-86e4d8edc83e/downloads/90625111849.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465782/; classtype:trojan-activity;sid:84328882; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/72445144906.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465772/; classtype:trojan-activity;sid:84328872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0e65d320-97ed-47cb-9ca0-bcd7400824c9/downloads/wrightbus_streetlite_manual.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465773/; classtype:trojan-activity;sid:84328873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5a9e93e0-0f17-4e5e-a00c-88e3958ec770/downloads/waste_management_in_dubai.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465776/; classtype:trojan-activity;sid:84328876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/chevening_scholarship_reference_letter_sample.pdf"; depth:107; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465777/; classtype:trojan-activity;sid:84328877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/14409296375.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465778/; classtype:trojan-activity;sid:84328878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465766)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d128fcda-7fcc-4d89-85b3-e79c54d4414e/downloads/unit_conversion_practice_problems.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465766/; classtype:trojan-activity;sid:84328866; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/11197801286.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465768/; classtype:trojan-activity;sid:84328868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/50ab7773-f1d2-4be6-a8e2-1065b2477787/downloads/41229957036.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465769/; classtype:trojan-activity;sid:84328869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/950f7924-fa6b-44be-bda3-22eaf526f43f/downloads/konujidav.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465771/; classtype:trojan-activity;sid:84328871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/burijuterapudupelirebi.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465760/; classtype:trojan-activity;sid:84328860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a85f54ee-11f7-4ab3-9970-dabd8f52d583/downloads/vowivovabafases.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465761/; classtype:trojan-activity;sid:84328861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465762)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/acb19439-02ad-48ae-a6e4-8c3bfce04694/downloads/32470708569.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465762/; classtype:trojan-activity;sid:84328862; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/xikesoxabafubuwepof.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465763/; classtype:trojan-activity;sid:84328863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/2251478862.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465764/; classtype:trojan-activity;sid:84328864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9d0d7648-4006-4e9a-bf4e-cd4f5c534844/downloads/socomec_ups_service_manual.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465765/; classtype:trojan-activity;sid:84328865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/6098867423.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465757/; classtype:trojan-activity;sid:84328857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_write_an_introduction_letter_to_an_embassy.pdf"; depth:111; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465758/; classtype:trojan-activity;sid:84328858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/41780010-2245-4f59-96ea-abe2bb04704f/downloads/38265042738.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465755/; classtype:trojan-activity;sid:84328855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/183feb73-c001-4172-a9c4-8aedcbb9c085/downloads/nosasasoxanuxoxazefuz.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465747/; classtype:trojan-activity;sid:84328847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/gibekewelodi.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465749/; classtype:trojan-activity;sid:84328849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/16395777837.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465752/; classtype:trojan-activity;sid:84328852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/710760ab-5054-4fd2-86ee-e72953d604bd/downloads/jspdf_autotable_x_position.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465753/; classtype:trojan-activity;sid:84328853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/cerere_demisie_fara_preaviz.pdf"; depth:89; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465739/; classtype:trojan-activity;sid:84328839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/0fde6049-38a2-402e-8604-5a56fc977486/downloads/request_letter_for_construction_bond_refund.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465740/; classtype:trojan-activity;sid:84328840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cdd5ea6e-1f6b-4417-9fad-928f6d1c8a68/downloads/50_verbes_irreguliers_en_anglais.pdf"; depth:94; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465741/; classtype:trojan-activity;sid:84328841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465742)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7a69ed85-566a-4d22-8bd3-47a8a314b3bf/downloads/molecular_mass_of_elements_list.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465742/; classtype:trojan-activity;sid:84328842; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/69278806631.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465744/; classtype:trojan-activity;sid:84328844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e060217f-3d1d-4ed1-921e-8372b49c873f/downloads/nonisenokedevesuxumuk.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465735/; classtype:trojan-activity;sid:84328835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/mesoduwegotujowokikurixo.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465729/; classtype:trojan-activity;sid:84328829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2b383d2d-2b5a-4b4f-949f-124c21f71183/downloads/how_to_fill_up_deed_of_sale_of_motor_vehicle.pdf"; depth:106; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465731/; classtype:trojan-activity;sid:84328831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/33d2c907-2bf6-4426-875f-30dcfdd2ea6c/downloads/takeshi_amemiya_advanced_econometrics.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465724/; classtype:trojan-activity;sid:84328824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/paxakuvenu.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465725/; classtype:trojan-activity;sid:84328825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/51d0d552-51a2-4187-835e-597cbad426c9/downloads/astm_e2500.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465715/; classtype:trojan-activity;sid:84328815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465716)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/ce6ffbd8-735a-4087-afcd-48ff437b91ba/downloads/16407212514.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465716/; classtype:trojan-activity;sid:84328816; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f2215a6c-0436-4d82-8033-c5d079398259/downloads/mewivisonixapolivifit.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465717/; classtype:trojan-activity;sid:84328817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5778216d-14df-4dd7-ac4c-aefbb7c07c24/downloads/kugaduvekujewotaz.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465718/; classtype:trojan-activity;sid:84328818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/tafanavevimewom.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465719/; classtype:trojan-activity;sid:84328819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/lemowegigusazisalelupo.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465721/; classtype:trojan-activity;sid:84328821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5add4dbc-ec7d-4010-9077-0d95eef82ba1/downloads/64293794102.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465722/; classtype:trojan-activity;sid:84328822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a7c970be-6487-407b-ae67-0318aa6bed96/downloads/19932307165.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465723/; classtype:trojan-activity;sid:84328823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465709)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/lowasa.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465709/; classtype:trojan-activity;sid:84328809; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/8014aeaa-17b8-4bcd-a9d7-094ad1ff7644/downloads/19999334835.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465710/; classtype:trojan-activity;sid:84328810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/921a43a6-1495-4d95-bdb1-69b79162b826/downloads/13397059696.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465711/; classtype:trojan-activity;sid:84328811; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b3cb2fd2-80cf-4497-9966-46f7699e136d/downloads/kovajive.pdf"; depth:70; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465714/; classtype:trojan-activity;sid:84328814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/49bbfdeb-576f-4f20-b756-96ff9c705013/downloads/96422280236.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465707/; classtype:trojan-activity;sid:84328807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/c7a293a1-0904-42a6-9de6-afc19e585d66/downloads/imo_dangerous_goods_declaration_example.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465708/; classtype:trojan-activity;sid:84328808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/bd6582d9-c54a-4b0b-ad89-3fd92efb45aa/downloads/88847399269.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465703/; classtype:trojan-activity;sid:84328803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cdb9e382-acbe-48dd-9722-c531572d81a1/downloads/pugalisamelifakebage.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465704/; classtype:trojan-activity;sid:84328804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/89463890604.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465697/; classtype:trojan-activity;sid:84328797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/lotumajufinunixine.pdf"; depth:80; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465699/; classtype:trojan-activity;sid:84328799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d9951c46-77aa-4ac5-b843-be02d4be2067/downloads/50826134191.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465701/; classtype:trojan-activity;sid:84328801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/kasupobuwomubafujos.pdf"; depth:81; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465702/; classtype:trojan-activity;sid:84328802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7219dffe-e0ab-4b31-b3e7-77acd35b52f5/downloads/jotepebuzixulelomizo.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465691/; classtype:trojan-activity;sid:84328791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e51c42a2-48a1-43ea-b124-a034de3679a6/downloads/83320615193.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465692/; classtype:trojan-activity;sid:84328792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/78c14b69-39ed-4d94-8d63-a7b29776e43c/downloads/radix_temperature_controller_x_48_manual.pdf"; depth:102; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465693/; classtype:trojan-activity;sid:84328793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/24a9af23-a9c8-45b6-80f8-335651f17510/downloads/96094090900.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465694/; classtype:trojan-activity;sid:84328794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/22a15b49-22b8-4edf-a855-4e76194b4aaf/downloads/97812412729.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465695/; classtype:trojan-activity;sid:84328795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0c7674b-f7b5-484b-aa64-84014ad9ac8c/downloads/lizaputasu.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465685/; classtype:trojan-activity;sid:84328785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/boxikijefedajexufesibul.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465679/; classtype:trojan-activity;sid:84328779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/11012613986.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465680/; classtype:trojan-activity;sid:84328780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/bucharest_grill_nutrition_information.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465682/; classtype:trojan-activity;sid:84328782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465683)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3844a76d-a274-4a3a-ad7f-2943a29e37b3/downloads/lezopidigusaraten.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465683/; classtype:trojan-activity;sid:84328783; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e9dc005a-39e6-474d-bf2f-ef67b812a261/downloads/guia_para_ingresar_al_bachillerato_conamat.pdf"; depth:104; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465675/; classtype:trojan-activity;sid:84328775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465678)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/robaziromumeborumapix.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465678/; classtype:trojan-activity;sid:84328778; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/52e9408f-c536-4a35-bd81-6078a5dce549/downloads/5252998215.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465671/; classtype:trojan-activity;sid:84328771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/36758652154.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465672/; classtype:trojan-activity;sid:84328772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/82f97436-460c-45aa-bd9b-74a87c48e9b0/downloads/73577237968.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465673/; classtype:trojan-activity;sid:84328773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/db112521-e536-400b-b453-631e78951ba0/downloads/louison_et_monsieur_moliere_resume.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465657/; classtype:trojan-activity;sid:84328757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a03fd264-622c-49da-819e-92c49cdd5e2b/downloads/xovifubakuforij.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465660/; classtype:trojan-activity;sid:84328760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/rupesiduvunimekesozo.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465663/; classtype:trojan-activity;sid:84328763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3209f3eb-a43c-41d3-a7ba-73b4af438585/downloads/special_forces_knife_techniques.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465664/; classtype:trojan-activity;sid:84328764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b298ce5b-3c11-48f0-9704-0e059e7cfa1a/downloads/90645579432.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465665/; classtype:trojan-activity;sid:84328765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7eafcf9d-33bd-4fd4-8489-654d240ab2f3/downloads/6130931006.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465666/; classtype:trojan-activity;sid:84328766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/e0319bbe-78e1-4446-90fc-2b4b4cc85a3e/downloads/camp_green_lake.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465667/; classtype:trojan-activity;sid:84328767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/478a916a-56a8-445d-9eb0-b1a280ba537b/downloads/27628335796.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465668/; classtype:trojan-activity;sid:84328768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/eating_questionnaire-_a_ede-a_scoring.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465655/; classtype:trojan-activity;sid:84328755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465652)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/myer_victor_sewing_machine_manual.pdf"; depth:95; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465652/; classtype:trojan-activity;sid:84328752; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/3131d044-1bdb-4fdc-8ed0-764e724b86a8/downloads/jorejujavupu.pdf"; depth:74; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465647/; classtype:trojan-activity;sid:84328747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/41fa09f3-79bd-43c0-909a-d1a20c3cb7f6/downloads/attestation_sur_l_honneur_de_non_ressources.pdf"; depth:105; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465648/; classtype:trojan-activity;sid:84328748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/eb7f2f0c-e896-4e47-abeb-a05a47b6dcff/downloads/37569138292.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465649/; classtype:trojan-activity;sid:84328749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f36019eb-f077-446f-b5b6-39b8eacedf97/downloads/98482064700.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465630/; classtype:trojan-activity;sid:84328730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/83364999300.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465631/; classtype:trojan-activity;sid:84328731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465632)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/records_of_declaration_disbursements_division.pdf"; depth:107; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465632/; classtype:trojan-activity;sid:84328732; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f6084bd9-50ce-4d5f-82c5-bb685cd57a0d/downloads/mdsap_audit_checklist.pdf"; depth:83; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465633/; classtype:trojan-activity;sid:84328733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/jaziz.pdf"; depth:67; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465635/; classtype:trojan-activity;sid:84328735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a74441e7-424c-4454-9bc5-28c3682f6c16/downloads/jupifevaperoziput.pdf"; depth:79; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465636/; classtype:trojan-activity;sid:84328736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f778edfd-e481-47d7-9553-9364d433dcaf/downloads/morningstar_andex_chart_2022.pdf"; depth:90; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465637/; classtype:trojan-activity;sid:84328737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/cabcb3ce-a861-487f-a172-56f4b47cbc63/downloads/nilefovidigutozezosanuz.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465638/; classtype:trojan-activity;sid:84328738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/39892598323.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465640/; classtype:trojan-activity;sid:84328740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/00810c7d-a901-42bd-b2e3-20945a4ad8cb/downloads/wimorawezabizu.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465641/; classtype:trojan-activity;sid:84328741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/552d21dd-b338-4bf6-8541-a1e81cff5ed8/downloads/viduwe.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465642/; classtype:trojan-activity;sid:84328742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a1b48068-f219-4487-b633-0ea4f25dfa5f/downloads/57025089155.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465643/; classtype:trojan-activity;sid:84328743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/00490ec0-0f24-4e25-91e3-8e5bedec5e60/downloads/woxudinawonetunogidubi.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465625/; classtype:trojan-activity;sid:84328725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2224247e-29ce-4f8d-b838-abfcbdf269c0/downloads/16984198490.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465626/; classtype:trojan-activity;sid:84328726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/33bb6cfc-294d-4317-8afb-5d34ed60ffe6/downloads/20222176664.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465622/; classtype:trojan-activity;sid:84328722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/72454635563.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465618/; classtype:trojan-activity;sid:84328718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/pisaxafubavofi.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465621/; classtype:trojan-activity;sid:84328721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/catastrophic_disaster_area_property_inspection_report.pdf"; depth:115; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465613/; classtype:trojan-activity;sid:84328713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/citadel_document_solutions_lawsuit.pdf"; depth:96; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465615/; classtype:trojan-activity;sid:84328715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/fumaxogufav.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465607/; classtype:trojan-activity;sid:84328707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/kigepobesewizijipakusafal.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465610/; classtype:trojan-activity;sid:84328710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/f7748e26-2d27-4aa6-89fb-b263de90f421/downloads/tabuas_sumerias_traduzidas.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465600/; classtype:trojan-activity;sid:84328700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/17054728623.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465603/; classtype:trojan-activity;sid:84328703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465604)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/678cd2ef-32fa-4621-9c35-e4f34096b4ea/downloads/airbus_cml.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465604/; classtype:trojan-activity;sid:84328704; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/4402180a-d4b9-4c2e-b606-353fcb7d5a18/downloads/3730146334.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465605/; classtype:trojan-activity;sid:84328705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465606)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/36770579775.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465606/; classtype:trojan-activity;sid:84328706; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a0b0ee5f-47ab-407d-8f2e-b86a71eb1b80/downloads/luxodebapiruwuneragomugef.pdf"; depth:87; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465594/; classtype:trojan-activity;sid:84328694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/87554570559.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465598/; classtype:trojan-activity;sid:84328698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/fff11fc4-91ee-4c26-ab94-6b71630d2bb1/downloads/resignation_letter_sample_for_bpo_company.pdf"; depth:103; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465599/; classtype:trojan-activity;sid:84328699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5102464b-373a-4f87-829a-69343208c6ac/downloads/84675915071.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465586/; classtype:trojan-activity;sid:84328686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/17a8127f-1a20-4f1c-a234-ba1b1a8873f5/downloads/90572854820.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465588/; classtype:trojan-activity;sid:84328688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465589)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/78534035283.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465589/; classtype:trojan-activity;sid:84328689; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/wudofe.pdf"; depth:68; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465590/; classtype:trojan-activity;sid:84328690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/glassman_high_voltage_series_eq_manual.pdf"; depth:100; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465592/; classtype:trojan-activity;sid:84328692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/57653563602.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465593/; classtype:trojan-activity;sid:84328693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/343166b6-b38d-45a3-a768-806295759a1d/downloads/vatemunubiserotogurozem.pdf"; depth:85; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465585/; classtype:trojan-activity;sid:84328685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/simamutozudolejezeze.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465582/; classtype:trojan-activity;sid:84328682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/a8a7b266-73df-492a-af50-f7d9f90e0e6d/downloads/salesforce_community_developer_guide.pdf"; depth:98; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465583/; classtype:trojan-activity;sid:84328683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/047c717c-7bd8-4cec-b09f-8a9648ff740c/downloads/zepojekowokevi.pdf"; depth:76; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465572/; classtype:trojan-activity;sid:84328672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/2cd8ef37-3f02-4d83-b132-5400b0b21173/downloads/can_sins_be_forgiven_in_hinduism.pdf"; depth:94; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465573/; classtype:trojan-activity;sid:84328673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/9390f2de-e8f5-48e5-8f1b-3aa5affb2913/downloads/ra_to_surface_finish.pdf"; depth:82; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465574/; classtype:trojan-activity;sid:84328674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/holman_enterprises_annual_report.pdf"; depth:94; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465577/; classtype:trojan-activity;sid:84328677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/chiller_factory_acceptance_test_checklist_template.pdf"; depth:112; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465551/; classtype:trojan-activity;sid:84328651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7913e2d4-0776-44f0-af91-53eb35e22f50/downloads/broken_sous_ta_peau_2_ekladata.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465552/; classtype:trojan-activity;sid:84328652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d37a9b24-bc42-4cb1-ab3b-3d1b21b01aec/downloads/lujipipatemajipurozurile.pdf"; depth:86; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465553/; classtype:trojan-activity;sid:84328653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/20a6346a-1701-43f8-be7d-6426912a09c2/downloads/sottoindicato_o_sotto_indicato_treccani.pdf"; depth:101; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465554/; classtype:trojan-activity;sid:84328654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/62fde782-5483-4905-a6da-12e04ab1250b/downloads/38559734752.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465555/; classtype:trojan-activity;sid:84328655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/dfa50dfd-b675-4866-b542-d79684ac1045/downloads/28769720040.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465556/; classtype:trojan-activity;sid:84328656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/formato_st-4_imss_para_imprimir.pdf"; depth:93; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465557/; classtype:trojan-activity;sid:84328657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/adfd48e6-08dc-41dd-a2a1-45489e329c75/downloads/attestation_de_non_affiliation_cnas.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465558/; classtype:trojan-activity;sid:84328658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/tosca_automation_specialist_level_2_certification_questions_.pdf"; depth:122; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465559/; classtype:trojan-activity;sid:84328659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/aabc5eee-c1de-4817-92b9-f9e17352a5c7/downloads/how_to_factory_reset_verifone_mx915.pdf"; depth:97; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465560/; classtype:trojan-activity;sid:84328660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/5e489076-b026-43ca-95da-8c6fe49f6d00/downloads/frm_part_2_schweser_quicksheet.pdf"; depth:92; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465561/; classtype:trojan-activity;sid:84328661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/incucyte_s3_user_guide.pdf"; depth:84; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465562/; classtype:trojan-activity;sid:84328662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/671d8571-de15-47bb-8cd8-b624751dbe0e/downloads/lean_visual_management_board_examples.pdf"; depth:99; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465563/; classtype:trojan-activity;sid:84328663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/98e3e4d1-65d1-414f-a2f4-24701527da4a/downloads/1567746722.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465564/; classtype:trojan-activity;sid:84328664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465565)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/b6875802-d83d-45fa-a01c-dd9f30c53739/downloads/xujudodavudejeb.pdf"; depth:77; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465565/; classtype:trojan-activity;sid:84328665; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465566)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/59062828-6c5e-403a-ae88-14483438a1b6/downloads/situation_denonciation_coupe_ou_ancre_exercices_corriges.pdf"; depth:118; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465566/; classtype:trojan-activity;sid:84328666; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/7c4463e3-109c-48af-b9be-98e22cdf2116/downloads/wikuzidip.pdf"; depth:71; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465567/; classtype:trojan-activity;sid:84328667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/d5e97205-d745-471d-94c2-4bc94f943a29/downloads/87185669225.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465568/; classtype:trojan-activity;sid:84328668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/abfe7a1b-25f4-4ff2-8fb5-155a264c8ce4/downloads/likibixeve.pdf"; depth:72; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465569/; classtype:trojan-activity;sid:84328669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/356923eb-d23c-4b0c-808e-e9b58fb291da/downloads/exsilentia_4._0_user_guide.pdf"; depth:88; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465570/; classtype:trojan-activity;sid:84328670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465571)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blobby/go/586b3ef6-c9db-4d1a-a9eb-303f942e21fa/downloads/55359157176.pdf"; depth:73; endswith; nocase; http.host; content:"img1.wsimg.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_05; reference:url, urlhaus.abuse.ch/url/3465571/; classtype:trojan-activity;sid:84328671; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3465210)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kjjvh1muhjrkrzbajjlzjfawyi0zvxc1"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_03_04; reference:url, urlhaus.abuse.ch/url/3465210/; classtype:trojan-activity;sid:84328310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3464706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/wupiao.3987.com.rar"; depth:25; endswith; nocase; http.host; content:"forspeed.onlinedown.net"; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_03; reference:url, urlhaus.abuse.ch/url/3464706/; classtype:trojan-activity;sid:84327806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/up/"; depth:4; endswith; nocase; http.host; content:"blessdayservices.org"; depth:20; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463509/; classtype:trojan-activity;sid:84326609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v/"; depth:3; endswith; nocase; http.host; content:"jessespridecharters.com"; depth:23; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463513/; classtype:trojan-activity;sid:84326613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"admin.gestroom.it"; depth:17; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463480/; classtype:trojan-activity;sid:84326580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"test.peperoncinochepassione.it"; depth:30; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463481/; classtype:trojan-activity;sid:84326581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"first-security-verden.de"; depth:24; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463482/; classtype:trojan-activity;sid:84326582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"www.first-security-verden.de"; depth:28; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463470/; classtype:trojan-activity;sid:84326570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463472)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"zamilgroups.com"; depth:15; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463472/; classtype:trojan-activity;sid:84326572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"www.website.mypetapp.co.za"; depth:26; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463459/; classtype:trojan-activity;sid:84326559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463446)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"www.bratusferramentas.grupomoltz.com.br"; depth:39; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463446/; classtype:trojan-activity;sid:84326546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"website.mypetapp.co.za"; depth:22; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463437/; classtype:trojan-activity;sid:84326537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"bmdcompany.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463426/; classtype:trojan-activity;sid:84326526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"www.zamilgroups.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463430/; classtype:trojan-activity;sid:84326530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463422)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"www.test.peperoncinochepassione.it"; depth:34; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463422/; classtype:trojan-activity;sid:84326522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463367)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"82.146.62.232"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463367/; classtype:trojan-activity;sid:84326467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3463364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"82.146.62.232"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_02; reference:url, urlhaus.abuse.ch/url/3463364/; classtype:trojan-activity;sid:84326464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.mips64n32"; depth:23; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462395/; classtype:trojan-activity;sid:84325495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.powerpce500mc"; depth:27; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462396/; classtype:trojan-activity;sid:84325496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.i686"; depth:18; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462397/; classtype:trojan-activity;sid:84325497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.powerpc440fp"; depth:26; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462398/; classtype:trojan-activity;sid:84325498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.arcle750d"; depth:23; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462399/; classtype:trojan-activity;sid:84325499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.powerpc64e5500"; depth:28; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462400/; classtype:trojan-activity;sid:84325500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.powerpce300c3"; depth:27; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462401/; classtype:trojan-activity;sid:84325501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.arclehs38"; depth:23; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462402/; classtype:trojan-activity;sid:84325502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.armv7"; depth:19; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462403/; classtype:trojan-activity;sid:84325503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.riscv32"; depth:21; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462404/; classtype:trojan-activity;sid:84325504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.powerpc64power8"; depth:29; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462405/; classtype:trojan-activity;sid:84325505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.powerpc64lepower8"; depth:31; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462406/; classtype:trojan-activity;sid:84325506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.sh4"; depth:17; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462407/; classtype:trojan-activity;sid:84325507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462408)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.sparc64"; depth:21; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462408/; classtype:trojan-activity;sid:84325508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.aarch64"; depth:21; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462409/; classtype:trojan-activity;sid:84325509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.riscv64"; depth:21; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462410/; classtype:trojan-activity;sid:84325510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462411)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dl1001"; depth:7; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462411/; classtype:trojan-activity;sid:84325511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462412)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.sparc"; depth:19; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462412/; classtype:trojan-activity;sid:84325512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462413)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.armv6"; depth:19; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462413/; classtype:trojan-activity;sid:84325513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462414)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.armv4"; depth:19; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462414/; classtype:trojan-activity;sid:84325514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.powerpc64e6500"; depth:28; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462415/; classtype:trojan-activity;sid:84325515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.aarch64be"; depth:23; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462416/; classtype:trojan-activity;sid:84325516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.mips64len32"; depth:25; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462417/; classtype:trojan-activity;sid:84325517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.m68k"; depth:18; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462418/; classtype:trojan-activity;sid:84325518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3462419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.armv5"; depth:19; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3462419/; classtype:trojan-activity;sid:84325519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/plugin2.plg"; depth:16; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461771/; classtype:trojan-activity;sid:84324871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/plugin1.plg"; depth:16; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461769/; classtype:trojan-activity;sid:84324869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/plugin2.dll"; depth:16; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461770/; classtype:trojan-activity;sid:84324870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/plugin3.plg"; depth:16; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461768/; classtype:trojan-activity;sid:84324868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461767)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/plugin1.dll"; depth:16; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461767/; classtype:trojan-activity;sid:84324867; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/new/plugin3.dll"; depth:16; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461763/; classtype:trojan-activity;sid:84324863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robertdavidgraham/masscan/zip/refs/heads/master"; depth:48; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461663/; classtype:trojan-activity;sid:84324763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3461661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robertdavidgraham/masscan/archive/refs/heads/master.zip"; depth:56; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_03_01; reference:url, urlhaus.abuse.ch/url/3461661/; classtype:trojan-activity;sid:84324761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"112.4.110.28"; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460167/; classtype:trojan-activity;sid:84323267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.89.62.19"; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460149/; classtype:trojan-activity;sid:84323249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3460000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uxmu02r04iaslsrsh9quahzfsvq3tozm"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_02_27; reference:url, urlhaus.abuse.ch/url/3460000/; classtype:trojan-activity;sid:84323100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3452200)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"95.62.202.150"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3452200/; classtype:trojan-activity;sid:84315300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3451827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jqueryui.js"; depth:12; endswith; nocase; http.host; content:"webcstore.pw"; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_25; reference:url, urlhaus.abuse.ch/url/3451827/; classtype:trojan-activity;sid:84314927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/temp/putty.exe"; depth:15; endswith; nocase; http.host; content:"book.rollingvideogames.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450176/; classtype:trojan-activity;sid:84313276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loveryajenja/lwafmwoafmw11/raw/refs/heads/main/install.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450147/; classtype:trojan-activity;sid:84313247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3450048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/continue/45.ps1"; depth:16; endswith; nocase; http.host; content:"www.benshamcentre.co.uk"; depth:23; isdataat:!1,relative; metadata:created_at 2025_02_23; reference:url, urlhaus.abuse.ch/url/3450048/; classtype:trojan-activity;sid:84313148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447679)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.mips64le"; depth:22; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447679/; classtype:trojan-activity;sid:84310779; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.87.42.154"; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447681/; classtype:trojan-activity;sid:84310781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.i586"; depth:18; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447670/; classtype:trojan-activity;sid:84310770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.arm8x64_be"; depth:24; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447671/; classtype:trojan-activity;sid:84310771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.arm7"; depth:18; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447672/; classtype:trojan-activity;sid:84310772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.arm8x64"; depth:21; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447673/; classtype:trojan-activity;sid:84310773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.mipsle"; depth:20; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447674/; classtype:trojan-activity;sid:84310774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.mips"; depth:18; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447675/; classtype:trojan-activity;sid:84310775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447676)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.mips64"; depth:20; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447676/; classtype:trojan-activity;sid:84310776; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/whisper.x64"; depth:17; endswith; nocase; http.host; content:"31.170.22.205"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447677/; classtype:trojan-activity;sid:84310777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/laurenxss/36b18f37163aaa04654bd21e98d1b842/raw/dca82ba88fae8788a48ffb529f9610a0cc209781/x"; depth:90; endswith; nocase; http.host; content:"gist.githubusercontent.com"; depth:26; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447466/; classtype:trojan-activity;sid:84310566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sena1.png"; depth:10; endswith; nocase; http.host; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447458/; classtype:trojan-activity;sid:84310558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manga1.png"; depth:11; endswith; nocase; http.host; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447456/; classtype:trojan-activity;sid:84310556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3447457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/colheita1.png"; depth:14; endswith; nocase; http.host; content:"leindisncieamrocea-1341831283.cos.sa-saopaulo.myqcloud.com"; depth:58; isdataat:!1,relative; metadata:created_at 2025_02_21; reference:url, urlhaus.abuse.ch/url/3447457/; classtype:trojan-activity;sid:84310557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img001.exe"; depth:11; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446661/; classtype:trojan-activity;sid:84309761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"116.171.106.3"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446653/; classtype:trojan-activity;sid:84309753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446649)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446649/; classtype:trojan-activity;sid:84309749; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3446415)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"206.214.35.106"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3446415/; classtype:trojan-activity;sid:84309515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coracion1.png"; depth:14; endswith; nocase; http.host; content:"vaamsmgfreocmroe-1342087530.cos.sa-saopaulo.myqcloud.com"; depth:56; isdataat:!1,relative; metadata:created_at 2025_02_20; reference:url, urlhaus.abuse.ch/url/3445854/; classtype:trojan-activity;sid:84308954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445431)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/df4a3196-accc-423a-a43b-6768f1aafd3e.pdf"; depth:46; endswith; nocase; http.host; content:"hotelembuguacu.blob.core.windows.net"; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445431/; classtype:trojan-activity;sid:84308531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445438)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/f6416fd0-71f3-45de-8c79-3d0e7281f124.pdf"; depth:46; endswith; nocase; http.host; content:"hotelembuguacu.blob.core.windows.net"; depth:36; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445438/; classtype:trojan-activity;sid:84308538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445304)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.83.158.46"; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445304/; classtype:trojan-activity;sid:84308404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3445302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.91.204.178"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_19; reference:url, urlhaus.abuse.ch/url/3445302/; classtype:trojan-activity;sid:84308402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leinchchanceleinch/jik/refs/heads/main/d.msi"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444507/; classtype:trojan-activity;sid:84307607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3444267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leinchchanceleinch/jik/raw/refs/heads/main/d.msi"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_18; reference:url, urlhaus.abuse.ch/url/3444267/; classtype:trojan-activity;sid:84307367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"179.248.3.202.ll.sta.mana.pf"; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443355/; classtype:trojan-activity;sid:84306455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.248.3.202.ll.sta.mana.pf"; depth:28; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443354/; classtype:trojan-activity;sid:84306454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99-118-215-24.lightspeed.irvnca.sbcglobal.net"; depth:45; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443353/; classtype:trojan-activity;sid:84306453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"host-95-230-215-65.business.telecomitalia.it"; depth:44; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443350/; classtype:trojan-activity;sid:84306450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3443193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"172.250.238.27"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3443193/; classtype:trojan-activity;sid:84306293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output0/client/cabalmain.exe"; depth:29; endswith; nocase; http.host; content:"168.138.162.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442712/; classtype:trojan-activity;sid:84305812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442701)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output0/client/cabal.exe"; depth:25; endswith; nocase; http.host; content:"168.138.162.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442701/; classtype:trojan-activity;sid:84305801; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output/client/cabalmain.exe"; depth:28; endswith; nocase; http.host; content:"168.138.162.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_17; reference:url, urlhaus.abuse.ch/url/3442616/; classtype:trojan-activity;sid:84305716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442198)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xxxx"; depth:5; endswith; nocase; http.host; content:"47.89.173.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442198/; classtype:trojan-activity;sid:84305298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ffff"; depth:5; endswith; nocase; http.host; content:"47.89.173.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442196/; classtype:trojan-activity;sid:84305296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asdf"; depth:5; endswith; nocase; http.host; content:"47.89.173.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442197/; classtype:trojan-activity;sid:84305297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3442195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/libmod_hellocpp_42.so"; depth:22; endswith; nocase; http.host; content:"47.89.173.214"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3442195/; classtype:trojan-activity;sid:84305295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.55.122.229"; depth:12; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441890/; classtype:trojan-activity;sid:84304990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3441724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/output/client/cabal.exe"; depth:24; endswith; nocase; http.host; content:"168.138.162.78"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_16; reference:url, urlhaus.abuse.ch/url/3441724/; classtype:trojan-activity;sid:84304824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l/rls"; depth:11; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440974/; classtype:trojan-activity;sid:84304074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64/rls"; depth:11; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440971/; classtype:trojan-activity;sid:84304071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64/rld"; depth:11; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440972/; classtype:trojan-activity;sid:84304072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l/kthreadrm"; depth:17; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440969/; classtype:trojan-activity;sid:84304069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440970)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64/kthreadrm"; depth:17; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440970/; classtype:trojan-activity;sid:84304070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aarch64"; depth:8; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440930/; classtype:trojan-activity;sid:84304030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arm7"; depth:5; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440931/; classtype:trojan-activity;sid:84304031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/x86_64"; depth:7; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440932/; classtype:trojan-activity;sid:84304032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3440934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"198.166.72.242"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_15; reference:url, urlhaus.abuse.ch/url/3440934/; classtype:trojan-activity;sid:84304034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438591)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.11.36.4"; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438591/; classtype:trojan-activity;sid:84301691; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.11.36.4"; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438594/; classtype:trojan-activity;sid:84301694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3438572)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.9.25.206"; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_13; reference:url, urlhaus.abuse.ch/url/3438572/; classtype:trojan-activity;sid:84301672; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/adonis/pure_adonis"; depth:32; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437118/; classtype:trojan-activity;sid:84300218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/jnd/pure_jnd"; depth:26; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437119/; classtype:trojan-activity;sid:84300219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/adonis/all_adonis"; depth:31; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437116/; classtype:trojan-activity;sid:84300216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/mr_bean/pure_bean"; depth:31; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437117/; classtype:trojan-activity;sid:84300217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/mr_bean/all_bean"; depth:30; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437115/; classtype:trojan-activity;sid:84300215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3437114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/jnd/jnd_all"; depth:25; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_12; reference:url, urlhaus.abuse.ch/url/3437114/; classtype:trojan-activity;sid:84300214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435170)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neo23x0/signature-base/archive/master.zip"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435170/; classtype:trojan-activity;sid:84298270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"85.204.104.159"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435084/; classtype:trojan-activity;sid:84298184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3435075)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.158.88.156"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_10; reference:url, urlhaus.abuse.ch/url/3435075/; classtype:trojan-activity;sid:84298175; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.204.104.159"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432311/; classtype:trojan-activity;sid:84295411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3432127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.136.145.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3432127/; classtype:trojan-activity;sid:84295227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/mr_bean/all_bean"; depth:30; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431851/; classtype:trojan-activity;sid:84294951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/test/cgi-bin/mr_bean/pure_bean"; depth:31; endswith; nocase; http.host; content:"upchemicals.co.in"; depth:17; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431850/; classtype:trojan-activity;sid:84294950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bljysvhw/info.zip"; depth:18; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431687/; classtype:trojan-activity;sid:84294787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431686)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bljysvhw/img001.exe"; depth:20; endswith; nocase; http.host; content:"200.14.250.72"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_08; reference:url, urlhaus.abuse.ch/url/3431686/; classtype:trojan-activity;sid:84294786; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3431378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.136.145.238"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_07; reference:url, urlhaus.abuse.ch/url/3431378/; classtype:trojan-activity;sid:84294478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1/test.jpg"; depth:11; endswith; nocase; http.host; content:"ofice365.github.io"; depth:18; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429885/; classtype:trojan-activity;sid:84292985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429793)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/static/files/bootstrappernew.exe"; depth:42; endswith; nocase; http.host; content:"d2314eac.solaraweb-alj.pages.dev"; depth:32; isdataat:!1,relative; metadata:created_at 2025_02_06; reference:url, urlhaus.abuse.ch/url/3429793/; classtype:trojan-activity;sid:84292893; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3429311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.159.221.33"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_05; reference:url, urlhaus.abuse.ch/url/3429311/; classtype:trojan-activity;sid:84292411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3428055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"116.72.2.83"; depth:11; isdataat:!1,relative; metadata:created_at 2025_02_04; reference:url, urlhaus.abuse.ch/url/3428055/; classtype:trojan-activity;sid:84291155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.147.196.138"; depth:14; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424485/; classtype:trojan-activity;sid:84287585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3424483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"46.175.139.20"; depth:13; isdataat:!1,relative; metadata:created_at 2025_02_02; reference:url, urlhaus.abuse.ch/url/3424483/; classtype:trojan-activity;sid:84287583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xsh/xsh.exe"; depth:12; endswith; nocase; http.host; content:"101.126.11.168"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421183/; classtype:trojan-activity;sid:84284283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sigmaplus/4.exe"; depth:16; endswith; nocase; http.host; content:"ny.lshdw.cc"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421027/; classtype:trojan-activity;sid:84284127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3421020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ftp/emmetprod.exe"; depth:18; endswith; nocase; http.host; content:"141.147.43.219"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_31; reference:url, urlhaus.abuse.ch/url/3421020/; classtype:trojan-activity;sid:84284120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419560/; classtype:trojan-activity;sid:84282660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419570/; classtype:trojan-activity;sid:84282670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419477/; classtype:trojan-activity;sid:84282577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3419368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/17793058/lg246dre.txt"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_30; reference:url, urlhaus.abuse.ch/url/3419368/; classtype:trojan-activity;sid:84282468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3418042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cab/launcherloader.exe"; depth:23; endswith; nocase; http.host; content:"www.newkey.co.kr"; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_29; reference:url, urlhaus.abuse.ch/url/3418042/; classtype:trojan-activity;sid:84281142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417840)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.109.0.22"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417840/; classtype:trojan-activity;sid:84280940; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3417095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1t9mwfr1azhmksosp19tomch5dyi3hb2n"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2025_01_28; reference:url, urlhaus.abuse.ch/url/3417095/; classtype:trojan-activity;sid:84280195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416671)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.165.237.62"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416671/; classtype:trojan-activity;sid:84279771; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416673)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.165.237.61"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416673/; classtype:trojan-activity;sid:84279773; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3416674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.165.237.60"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_27; reference:url, urlhaus.abuse.ch/url/3416674/; classtype:trojan-activity;sid:84279774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.165.237.59"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415308/; classtype:trojan-activity;sid:84278408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loginanticheat.dll"; depth:19; endswith; nocase; http.host; content:"43.226.39.44"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415209/; classtype:trojan-activity;sid:84278309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3415207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loginanticheat4.dll"; depth:20; endswith; nocase; http.host; content:"43.226.39.44"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_26; reference:url, urlhaus.abuse.ch/url/3415207/; classtype:trojan-activity;sid:84278307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412918)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"119.206.216.132"; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412918/; classtype:trojan-activity;sid:84276018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3412921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"222.165.237.58"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_24; reference:url, urlhaus.abuse.ch/url/3412921/; classtype:trojan-activity;sid:84276021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackhatethicalhacking/fud/blob/master/access.exe|3f|raw=true"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410864/; classtype:trojan-activity;sid:84273964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackhatethicalhacking/fud/raw/refs/heads/master/access.exe"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_23; reference:url, urlhaus.abuse.ch/url/3410865/; classtype:trojan-activity;sid:84273965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3410375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.11.36.4"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3410375/; classtype:trojan-activity;sid:84273475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blackhatethicalhacking/fud/refs/heads/master/access.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_22; reference:url, urlhaus.abuse.ch/url/3409838/; classtype:trojan-activity;sid:84272938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3409421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.11.94.15"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_21; reference:url, urlhaus.abuse.ch/url/3409421/; classtype:trojan-activity;sid:84272521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"182.109.0.22"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405330/; classtype:trojan-activity;sid:84268430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.66.30.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405320/; classtype:trojan-activity;sid:84268420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.66.30.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405323/; classtype:trojan-activity;sid:84268423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.66.30.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405324/; classtype:trojan-activity;sid:84268424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405319)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.66.30.68"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405319/; classtype:trojan-activity;sid:84268419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.247.101.185"; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405187/; classtype:trojan-activity;sid:84268287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"84.15.147.5"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405134/; classtype:trojan-activity;sid:84268234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.215.129.223"; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405140/; classtype:trojan-activity;sid:84268240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3405120)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.20.19.72"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_18; reference:url, urlhaus.abuse.ch/url/3405120/; classtype:trojan-activity;sid:84268220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3403380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lehila05/pdc/refs/heads/main/payload.bin"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_17; reference:url, urlhaus.abuse.ch/url/3403380/; classtype:trojan-activity;sid:84266480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adobepdf-reader/pdf-reader/raw/refs/heads/main/pdf%20reader.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402741/; classtype:trojan-activity;sid:84265841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3402154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.6.203"; depth:11; isdataat:!1,relative; metadata:created_at 2025_01_16; reference:url, urlhaus.abuse.ch/url/3402154/; classtype:trojan-activity;sid:84265254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/wpr-addons/forms/code1.png"; depth:46; endswith; nocase; http.host; content:"107.180.89.159"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401644/; classtype:trojan-activity;sid:84264744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3401362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fxserver.exe"; depth:13; endswith; nocase; http.host; content:"198.50.242.157"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_15; reference:url, urlhaus.abuse.ch/url/3401362/; classtype:trojan-activity;sid:84264462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ox2fa/justnow/refs/heads/main/1.sh"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_13; reference:url, urlhaus.abuse.ch/url/3398629/; classtype:trojan-activity;sid:84261729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3398195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"186.121.239.114"; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_12; reference:url, urlhaus.abuse.ch/url/3398195/; classtype:trojan-activity;sid:84261295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3397531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.168.227.130"; depth:15; isdataat:!1,relative; metadata:created_at 2025_01_11; reference:url, urlhaus.abuse.ch/url/3397531/; classtype:trojan-activity;sid:84260631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3395055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/arvendrachhonkar/todo/releases/download/macosandwindows/install_setup_v1.2.0.dmg"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3395055/; classtype:trojan-activity;sid:84258155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trismagi/daemon/raw/main/watchdog"; depth:34; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_09; reference:url, urlhaus.abuse.ch/url/3394507/; classtype:trojan-activity;sid:84257607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"62.56.225.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394121/; classtype:trojan-activity;sid:84257221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3394115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"62.56.225.99"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3394115/; classtype:trojan-activity;sid:84257215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roukistl/ud/refs/heads/main/ud.bat"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393662/; classtype:trojan-activity;sid:84256762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393596)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thomson101/xhp/releases/download/release/steanings.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_08; reference:url, urlhaus.abuse.ch/url/3393596/; classtype:trojan-activity;sid:84256696; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thomson101/xhp/releases/download/release/steanings.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393047/; classtype:trojan-activity;sid:84256147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.8.112.156"; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393011/; classtype:trojan-activity;sid:84256111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3393013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.8.112.155"; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_07; reference:url, urlhaus.abuse.ch/url/3393013/; classtype:trojan-activity;sid:84256113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3391592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.8.112.154"; depth:13; isdataat:!1,relative; metadata:created_at 2025_01_06; reference:url, urlhaus.abuse.ch/url/3391592/; classtype:trojan-activity;sid:84254692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kusaka.php|3f|call=av"; depth:22; endswith; nocase; http.host; content:"cpofficial.com"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390789/; classtype:trojan-activity;sid:84253889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3390749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kusaka.php|3f|call=smp"; depth:23; endswith; nocase; http.host; content:"mx9x.com"; depth:8; isdataat:!1,relative; metadata:created_at 2025_01_05; reference:url, urlhaus.abuse.ch/url/3390749/; classtype:trojan-activity;sid:84253849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngrokc/ctc/raw/main/ctc64.dll"; depth:30; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389403/; classtype:trojan-activity;sid:84252503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3389404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ngrokc/ctc/main/ctc64.dll"; depth:26; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3389404/; classtype:trojan-activity;sid:84252504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.83.78"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388907/; classtype:trojan-activity;sid:84252007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/static/files/solara.dir.zip"; depth:37; endswith; nocase; http.host; content:"c0e5b87c.solaraweb-alj.pages.dev"; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388858/; classtype:trojan-activity;sid:84251958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3388859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/static/files/bootstrappernew.exe"; depth:42; endswith; nocase; http.host; content:"c0e5b87c.solaraweb-alj.pages.dev"; depth:32; isdataat:!1,relative; metadata:created_at 2025_01_04; reference:url, urlhaus.abuse.ch/url/3388859/; classtype:trojan-activity;sid:84251959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3387720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2025_01_03; reference:url, urlhaus.abuse.ch/url/3387720/; classtype:trojan-activity;sid:84250820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file-32bit.elf"; depth:15; endswith; nocase; http.host; content:"34.45.47.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386507/; classtype:trojan-activity;sid:84249607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.elf"; depth:9; endswith; nocase; http.host; content:"34.45.47.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386508/; classtype:trojan-activity;sid:84249608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file-arm.elf"; depth:13; endswith; nocase; http.host; content:"34.45.47.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386509/; classtype:trojan-activity;sid:84249609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3386510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file-64bit.elf"; depth:15; endswith; nocase; http.host; content:"34.45.47.180"; depth:12; isdataat:!1,relative; metadata:created_at 2025_01_02; reference:url, urlhaus.abuse.ch/url/3386510/; classtype:trojan-activity;sid:84249610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3385167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft_hair/ultravnc.ini"; depth:23; endswith; nocase; http.host; content:"support.clz.kr"; depth:14; isdataat:!1,relative; metadata:created_at 2025_01_01; reference:url, urlhaus.abuse.ch/url/3385167/; classtype:trojan-activity;sid:84248267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"45.116.68.12"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378993/; classtype:trojan-activity;sid:84242093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"84.1.110.226"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378964/; classtype:trojan-activity;sid:84242064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3378974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.142.63.8"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_28; reference:url, urlhaus.abuse.ch/url/3378974/; classtype:trojan-activity;sid:84242074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"90.45.15.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373486/; classtype:trojan-activity;sid:84236586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"90.45.15.114"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_23; reference:url, urlhaus.abuse.ch/url/3373487/; classtype:trojan-activity;sid:84236587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.84.39.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373071/; classtype:trojan-activity;sid:84236171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.164.191.74"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373074/; classtype:trojan-activity;sid:84236174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373080)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.160.109.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373080/; classtype:trojan-activity;sid:84236180; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.136.225.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373063/; classtype:trojan-activity;sid:84236163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"94.244.113.217"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373067/; classtype:trojan-activity;sid:84236167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3373050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.216.107.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3373050/; classtype:trojan-activity;sid:84236150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.93.83.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372979/; classtype:trojan-activity;sid:84236079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372964)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"139.255.97.116"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372964/; classtype:trojan-activity;sid:84236064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372953)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"47.49.114.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372953/; classtype:trojan-activity;sid:84236053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.110.204.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372954/; classtype:trojan-activity;sid:84236054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.129.177.162"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372956/; classtype:trojan-activity;sid:84236056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"111.74.21.155"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372903/; classtype:trojan-activity;sid:84236003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372902/; classtype:trojan-activity;sid:84236002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372900/; classtype:trojan-activity;sid:84236000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372891)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372891/; classtype:trojan-activity;sid:84235991; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372892/; classtype:trojan-activity;sid:84235992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372893/; classtype:trojan-activity;sid:84235993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372896/; classtype:trojan-activity;sid:84235996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372898/; classtype:trojan-activity;sid:84235998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372883/; classtype:trojan-activity;sid:84235983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372884)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372884/; classtype:trojan-activity;sid:84235984; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372885/; classtype:trojan-activity;sid:84235985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372886/; classtype:trojan-activity;sid:84235986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.141.62.238"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372887/; classtype:trojan-activity;sid:84235987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372890/; classtype:trojan-activity;sid:84235990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.247.101.63"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372876/; classtype:trojan-activity;sid:84235976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372878/; classtype:trojan-activity;sid:84235978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372879/; classtype:trojan-activity;sid:84235979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"117.240.155.245"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372880/; classtype:trojan-activity;sid:84235980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.34.102.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372704/; classtype:trojan-activity;sid:84235804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.34.102.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372705/; classtype:trojan-activity;sid:84235805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.34.102.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372684/; classtype:trojan-activity;sid:84235784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.88.190"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372657/; classtype:trojan-activity;sid:84235757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.88.216"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372658/; classtype:trojan-activity;sid:84235758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.34.102.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372654/; classtype:trojan-activity;sid:84235754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.34.102.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372651/; classtype:trojan-activity;sid:84235751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372645)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"79.124.72.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372645/; classtype:trojan-activity;sid:84235745; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.88.189"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372625/; classtype:trojan-activity;sid:84235725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"2.54.88.115"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372627/; classtype:trojan-activity;sid:84235727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.34.102.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372639/; classtype:trojan-activity;sid:84235739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.210.109.1"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372621/; classtype:trojan-activity;sid:84235721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3372615)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"195.34.102.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_22; reference:url, urlhaus.abuse.ch/url/3372615/; classtype:trojan-activity;sid:84235715; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3366263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"93.87.31.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_19; reference:url, urlhaus.abuse.ch/url/3366263/; classtype:trojan-activity;sid:84229363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef/ef.bin"; depth:10; endswith; nocase; http.host; content:"www.tdejb.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356912/; classtype:trojan-activity;sid:84220012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef/skifterne.sea"; depth:17; endswith; nocase; http.host; content:"www.tdejb.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356911/; classtype:trojan-activity;sid:84220011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356909)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ef/ef.vbs"; depth:10; endswith; nocase; http.host; content:"www.astenterprises.com.pk"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356909/; classtype:trojan-activity;sid:84220009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yn5og-40i6-9gu-9hjf.html"; depth:25; endswith; nocase; http.host; content:"bj5y6-0f-9h4-9fgg4-1324992141.cos.ap-bangkok.myqcloud.com"; depth:57; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356803/; classtype:trojan-activity;sid:84219903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/futon"; depth:6; endswith; nocase; http.host; content:"weco2.oss-me-east-1.aliyuncs.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356768/; classtype:trojan-activity;sid:84219868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356769)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qq%e5%8d%8e%e5%a4%8f%e6%9b%b4%e6%96%b0%e6%96%87%e4%bb%b6/%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e8%be%85%e5%8a%a9%e7%a8%8b%e5%ba%8f.exe"; depth:134; endswith; nocase; http.host; content:"kuakuawenjian.oss-cn-hangzhou.aliyuncs.com"; depth:42; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356769/; classtype:trojan-activity;sid:84219869; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/smiple_4yue"; depth:12; endswith; nocase; http.host; content:"weco2.oss-me-east-1.aliyuncs.com"; depth:32; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356761/; classtype:trojan-activity;sid:84219861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/36hg-04ik6-9j4-9h5.html"; depth:24; endswith; nocase; http.host; content:"f3i5-0g49bgn-3h95-1324992141.cos.ap-jakarta.myqcloud.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356758/; classtype:trojan-activity;sid:84219858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/35-0350gh9v-39yh5g.html"; depth:24; endswith; nocase; http.host; content:"j-0-09g-9bh-h-ggf-1324992141.cos.ap-bangkok.myqcloud.com"; depth:56; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356750/; classtype:trojan-activity;sid:84219850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xevioo/xeviohub/refs/heads/main/critscript.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356162/; classtype:trojan-activity;sid:84219262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff245185/payload/refs/heads/main/fast%20download.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356145/; classtype:trojan-activity;sid:84219245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356134)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr0xylife/asyncrat/refs/heads/main/asyncrat_09.02.2022.txt"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356134/; classtype:trojan-activity;sid:84219234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grozniy1/folder/refs/heads/main/444.exe"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356133/; classtype:trojan-activity;sid:84219233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3356118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deroxs/powerrat-leak/refs/heads/main/powerrat.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_18; reference:url, urlhaus.abuse.ch/url/3356118/; classtype:trojan-activity;sid:84219218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rookievip/xx/main/loader.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353957/; classtype:trojan-activity;sid:84217057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fericarr/newky/refs/heads/main/prueba.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353403/; classtype:trojan-activity;sid:84216503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fengjixuchui/cve-2022-26810/refs/heads/main/shellcode.bin"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353372/; classtype:trojan-activity;sid:84216472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353348)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deroxs/powerrat-leak/raw/refs/heads/main/powerrat.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353348/; classtype:trojan-activity;sid:84216448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resources/js/info2r.txt/"; depth:25; endswith; nocase; http.host; content:"188.81.134.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353349/; classtype:trojan-activity;sid:84216449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pr0xylife/asyncrat/raw/refs/heads/main/asyncrat_09.02.2022.txt"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353345/; classtype:trojan-activity;sid:84216445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dlc_update.data"; depth:16; endswith; nocase; http.host; content:"8.138.96.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353333/; classtype:trojan-activity;sid:84216433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353251)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/master.exe"; depth:11; endswith; nocase; http.host; content:"92.127.156.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353251/; classtype:trojan-activity;sid:84216351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353246)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//google.exe"; depth:12; endswith; nocase; http.host; content:"85.25.72.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353246/; classtype:trojan-activity;sid:84216346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//chromesetup.exe"; depth:17; endswith; nocase; http.host; content:"85.25.72.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353216/; classtype:trojan-activity;sid:84216316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353204)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp.ps1"; depth:7; endswith; nocase; http.host; content:"92.127.156.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353204/; classtype:trojan-activity;sid:84216304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3353123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cqhack/ddos-script/refs/heads/master/cqhack.pl"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_17; reference:url, urlhaus.abuse.ch/url/3353123/; classtype:trojan-activity;sid:84216223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3352821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaijiorder/cert/2a.hta"; depth:23; endswith; nocase; http.host; content:"182.92.99.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3352821/; classtype:trojan-activity;sid:84215921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351932)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12jgde-soib4liipbdhs55vkz7ek8_ua6"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351932/; classtype:trojan-activity;sid:84215032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ijeuwaesika/nna/raw/refs/heads/main/ifiinms.txt"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351478/; classtype:trojan-activity;sid:84214578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fsabxh/sfdawsdawdaw/raw/refs/heads/main/serials_checker.exe"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351477/; classtype:trojan-activity;sid:84214577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xevioo/xeviohub/raw/refs/heads/main/critscript.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351430/; classtype:trojan-activity;sid:84214530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grozniy1/folder/raw/refs/heads/main/444.exe"; depth:44; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351428/; classtype:trojan-activity;sid:84214528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff245185/payload/raw/refs/heads/main/fast%20download.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351377/; classtype:trojan-activity;sid:84214477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fericarr/newky/raw/refs/heads/main/prueba.exe"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351320/; classtype:trojan-activity;sid:84214420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351297)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/rust-reverse-shell/raw/refs/heads/main/shellcode.bin"; depth:67; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351297/; classtype:trojan-activity;sid:84214397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3351259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fengjixuchui/cve-2022-26810/raw/refs/heads/main/shellcode.bin"; depth:62; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_16; reference:url, urlhaus.abuse.ch/url/3351259/; classtype:trojan-activity;sid:84214359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3348000)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|id=1ydcoow9tkyo5_qfbdzcaqkd9hzdoug7o"; depth:43; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3348000/; classtype:trojan-activity;sid:84211100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3347308)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/component/vc2005sp1redist_x86.exe"; depth:34; endswith; nocase; http.host; content:"windriversfiles.imeitools.com"; depth:29; isdataat:!1,relative; metadata:created_at 2024_12_13; reference:url, urlhaus.abuse.ch/url/3347308/; classtype:trojan-activity;sid:84210408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346530)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whoafg/problemonfmech/refs/heads/main/client.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346530/; classtype:trojan-activity;sid:84209630; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3346026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaijiorder/cert/41a1111.hta"; depth:28; endswith; nocase; http.host; content:"182.92.99.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_12; reference:url, urlhaus.abuse.ch/url/3346026/; classtype:trojan-activity;sid:84209126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n00b69/woasetup/releases/download/installers/dxwebsetup.exe"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345089/; classtype:trojan-activity;sid:84208189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3345076)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaijiorder/cert/2a.hta"; depth:23; endswith; nocase; http.host; content:"182.92.99.95"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_11; reference:url, urlhaus.abuse.ch/url/3345076/; classtype:trojan-activity;sid:84208176; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.x86"; depth:16; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344216/; classtype:trojan-activity;sid:84207316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm5"; depth:17; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344177/; classtype:trojan-activity;sid:84207277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm7"; depth:17; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344172/; classtype:trojan-activity;sid:84207272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.ppc"; depth:16; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344116/; classtype:trojan-activity;sid:84207216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mpsl"; depth:17; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344054/; classtype:trojan-activity;sid:84207154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3344015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.sh4"; depth:16; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3344015/; classtype:trojan-activity;sid:84207115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm6"; depth:17; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343939/; classtype:trojan-activity;sid:84207039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.arm"; depth:16; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343827/; classtype:trojan-activity;sid:84206927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.m68k"; depth:17; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343814/; classtype:trojan-activity;sid:84206914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3343669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ab4g5/josho.mips"; depth:17; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3343669/; classtype:trojan-activity;sid:84206769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.arm"; depth:13; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340580/; classtype:trojan-activity;sid:84203680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.spc"; depth:13; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340578/; classtype:trojan-activity;sid:84203678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.m68k"; depth:14; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340577/; classtype:trojan-activity;sid:84203677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.arm7"; depth:14; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340567/; classtype:trojan-activity;sid:84203667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.x86"; depth:13; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340568/; classtype:trojan-activity;sid:84203668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.mips"; depth:14; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340569/; classtype:trojan-activity;sid:84203669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.arm5"; depth:14; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340570/; classtype:trojan-activity;sid:84203670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.ppc"; depth:13; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340573/; classtype:trojan-activity;sid:84203673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.arm6"; depth:14; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340574/; classtype:trojan-activity;sid:84203674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340575)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.sh4"; depth:13; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340575/; classtype:trojan-activity;sid:84203675; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bins/hax.mpsl"; depth:14; endswith; nocase; http.host; content:"74.48.34.10"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340576/; classtype:trojan-activity;sid:84203676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dis3j/wagnerhook/releases/download/release/loader.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340440/; classtype:trojan-activity;sid:84203540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/xbest%20v1.exe"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340399/; classtype:trojan-activity;sid:84203499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/complexo%20v4.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340398/; classtype:trojan-activity;sid:84203498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/box3d.dll"; depth:28; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340395/; classtype:trojan-activity;sid:84203495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/lkwan.dll"; depth:28; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340396/; classtype:trojan-activity;sid:84203496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/flunix9.dll"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340397/; classtype:trojan-activity;sid:84203497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340392)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/elzhas%20pannel.dll"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340392/; classtype:trojan-activity;sid:84203492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340393)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/morovip.dll"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340393/; classtype:trojan-activity;sid:84203493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/hazaxd.dll"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340394/; classtype:trojan-activity;sid:84203494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/xbest.dll"; depth:28; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340391/; classtype:trojan-activity;sid:84203491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xbest11/ddl1/main/blue_and_white.dll"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340390/; classtype:trojan-activity;sid:84203490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3340363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/huuuuggga/aaaaa1/refs/heads/main/srtware.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_10; reference:url, urlhaus.abuse.ch/url/3340363/; classtype:trojan-activity;sid:84203463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339252)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.136.225.254"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339252/; classtype:trojan-activity;sid:84202352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.93.83.124"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339221/; classtype:trojan-activity;sid:84202321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.110.204.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339168/; classtype:trojan-activity;sid:84202268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.216.107.99"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339121/; classtype:trojan-activity;sid:84202221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339124)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"93.87.31.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339124/; classtype:trojan-activity;sid:84202224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339116)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.225.179.160"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339116/; classtype:trojan-activity;sid:84202216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3339109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.84.39.181"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3339109/; classtype:trojan-activity;sid:84202209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kabot/unix-privilege-escalation-exploits-pack/master/2012/vmsplice-local-root-exploit"; depth:86; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338656/; classtype:trojan-activity;sid:84201756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ga13372/jv/main/javaw.exe"; depth:26; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338560/; classtype:trojan-activity;sid:84201660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nicxlau/alfa-shell/master/alfa-obfuscated.php"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338548/; classtype:trojan-activity;sid:84201648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aissardp/payload/main/payload.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338507/; classtype:trojan-activity;sid:84201607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cracker1337uwu/rrr/main/bypass.exe"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338505/; classtype:trojan-activity;sid:84201605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/g1vi/cve-2023-2640-cve-2023-32629/main/exploit.sh"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338499/; classtype:trojan-activity;sid:84201599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nguyenmanmkt/repo1/main/exploit-2"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338493/; classtype:trojan-activity;sid:84201593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leetcipher/malware.development/main/self-injection/self-injection.exe"; depth:70; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338492/; classtype:trojan-activity;sid:84201592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338487)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cyberhunter00/remote_hijack/master/uac_bypass.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338487/; classtype:trojan-activity;sid:84201587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cocomelonc/2022-01-14-malware-injection-13/master/hack.exe"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338475/; classtype:trojan-activity;sid:84201575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fxtazz/injection/main/index.js"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338467/; classtype:trojan-activity;sid:84201567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leetcipher/malware.development/main/process-injection/process-injection.exe"; depth:76; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338471/; classtype:trojan-activity;sid:84201571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sixaknow/uac_bypass_/main/module_377498327498dcxvc32434.dll"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338451/; classtype:trojan-activity;sid:84201551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3338443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pistacchietto/win-python-backdoor/master/standalone_payload.exe"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3338443/; classtype:trojan-activity;sid:84201543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ty9989/f/zip/refs/heads/main"; depth:29; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337794/; classtype:trojan-activity;sid:84200894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ty9989/c/zip/refs/heads/main"; depth:29; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337795/; classtype:trojan-activity;sid:84200895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ty9989/u/zip/refs/heads/main"; depth:29; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337796/; classtype:trojan-activity;sid:84200896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ty9989/i/zip/refs/heads/main"; depth:29; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_09; reference:url, urlhaus.abuse.ch/url/3337797/; classtype:trojan-activity;sid:84200897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rahmoundll/kak/main/glew64.dll"; depth:31; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337035/; classtype:trojan-activity;sid:84200135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nkaslq1/ankrnl/refs/heads/main/alphatweaks.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337026/; classtype:trojan-activity;sid:84200126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337032)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haa15/driver-shitty/main/kdmapper_release.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337032/; classtype:trojan-activity;sid:84200132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v0lt/virtualdub2/releases/download/2.1.3/virtualdub2_v2.1.3.667_win32.7z"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337015/; classtype:trojan-activity;sid:84200115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337012)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgmb/update.exe"; depth:16; endswith; nocase; http.host; content:"update.cg100iii.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337012/; classtype:trojan-activity;sid:84200112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgpro/update.exe"; depth:17; endswith; nocase; http.host; content:"update.cg100iii.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337010/; classtype:trojan-activity;sid:84200110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3337004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/skibidixelaina/wuselaina/raw/refs/heads/main/build.exe"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3337004/; classtype:trojan-activity;sid:84200104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygroup777-ransomware/downloader/refs/heads/main/taskmoder.exe"; depth:64; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336992/; classtype:trojan-activity;sid:84200092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336993)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/z-beam/movaflag/releases/download/1.0.2/mova.exe"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336993/; classtype:trojan-activity;sid:84200093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygroup777-ransomware/downloader/refs/heads/main/cssgo.exe"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336990/; classtype:trojan-activity;sid:84200090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygroup777-ransomware/downloader/raw/refs/heads/main/black.exe"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336983/; classtype:trojan-activity;sid:84200083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stubgenerator/stub/main/stub.exe"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336095/; classtype:trojan-activity;sid:84199195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nikolaevich23/make-pkg-bat/master/setup.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336077/; classtype:trojan-activity;sid:84199177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eirxne/valorant-axeprime/main/axeprime.dll"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336072/; classtype:trojan-activity;sid:84199172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stephenfewer/reflectivedllinjection/refs/heads/master/bin/reflective_dll.dll"; depth:77; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336068/; classtype:trojan-activity;sid:84199168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336058)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anessdev/talha/main/talha.dll"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336058/; classtype:trojan-activity;sid:84199158; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3336049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqrtzeroknowledge/xworm-trojan/zip/refs/heads/main"; depth:51; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_08; reference:url, urlhaus.abuse.ch/url/3336049/; classtype:trojan-activity;sid:84199149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335208)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barrigudinha157/barrigudinha/master/rage.dll"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335208/; classtype:trojan-activity;sid:84198308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/2018-11/20181122103207926164.doc"; depth:38; endswith; nocase; http.host; content:"xww.bucea.edu.cn"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335149/; classtype:trojan-activity;sid:84198249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/statement/ul397wfyb/"; depth:29; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335154/; classtype:trojan-activity;sid:84198254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/hl8-8w4cs-6325/"; depth:24; endswith; nocase; http.host; content:"reifenquick.de"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335132/; classtype:trojan-activity;sid:84198232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335119)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mytime/files/3.3.7.0/mytime.exe"; depth:32; endswith; nocase; http.host; content:"down.ruanmei.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335119/; classtype:trojan-activity;sid:84198219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cg70/update.exe"; depth:16; endswith; nocase; http.host; content:"update.cg100iii.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335118/; classtype:trojan-activity;sid:84198218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; depth:82; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335096/; classtype:trojan-activity;sid:84198196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3335074)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/_upload/article/files/90/f4/62d98f264ab0abc4a1f14a32607a/089c9dc1-8248-47b5-b35d-310cd70469b4.doc"; depth:98; endswith; nocase; http.host; content:"hhbs.hhu.edu.cn"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_07; reference:url, urlhaus.abuse.ch/url/3335074/; classtype:trojan-activity;sid:84198174; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.dbg"; depth:9; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333897/; classtype:trojan-activity;sid:84196997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333896/; classtype:trojan-activity;sid:84196996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86_64"; depth:12; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333895/; classtype:trojan-activity;sid:84196995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/namblack666/zxqqw/refs/heads/main/main.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333657/; classtype:trojan-activity;sid:84196757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/namblack666/zxqqw/refs/heads/main/main1.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333658/; classtype:trojan-activity;sid:84196758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nam-black/moneyandbitch/refs/heads/main/main1.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333656/; classtype:trojan-activity;sid:84196756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nam-black/moneyandbitch/raw/refs/heads/main/main1.exe"; depth:54; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333651/; classtype:trojan-activity;sid:84196751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/apk/pthlearning.apk"; depth:20; endswith; nocase; http.host; content:"chinaapper.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333527/; classtype:trojan-activity;sid:84196627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/azertyuiopexe/fud-crypter/zip/refs/heads/main"; depth:46; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333522/; classtype:trojan-activity;sid:84196622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joh81/exploi01/main/document.zip"; depth:33; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333521/; classtype:trojan-activity;sid:84196621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.8"; depth:49; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333518/; classtype:trojan-activity;sid:84196618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.10"; depth:50; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333513/; classtype:trojan-activity;sid:84196613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.3"; depth:49; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333514/; classtype:trojan-activity;sid:84196614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hwangyounggul33/windows10/refs/heads/main/privacypolicy.exe"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333511/; classtype:trojan-activity;sid:84196611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/caocaocc/yacd/zip/refs/heads/gh-pages"; depth:38; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333509/; classtype:trojan-activity;sid:84196609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.2"; depth:51; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333510/; classtype:trojan-activity;sid:84196610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.11"; depth:50; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333508/; classtype:trojan-activity;sid:84196608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333499)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fericarr/newky/refs/heads/main/agentnov.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333499/; classtype:trojan-activity;sid:84196599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cirosantilli/china-dictatorship/zip/refs/heads/master"; depth:54; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333502/; classtype:trojan-activity;sid:84196602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.8.1"; depth:48; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333503/; classtype:trojan-activity;sid:84196603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333495)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.5"; depth:49; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333495/; classtype:trojan-activity;sid:84196595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.7"; depth:49; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333496/; classtype:trojan-activity;sid:84196596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d-7uble/invoke-phant0m/zip/refs/heads/master"; depth:45; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333493/; classtype:trojan-activity;sid:84196593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333494)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.zip/refs/tags/0.7.1"; depth:48; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333494/; classtype:trojan-activity;sid:84196594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333489)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/54n4l/mimikatzwindows/zip/refs/heads/master"; depth:44; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333489/; classtype:trojan-activity;sid:84196589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333485)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9"; depth:49; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333485/; classtype:trojan-activity;sid:84196585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333482)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daneeltrevize/tabsat/legacy.tar.gz/refs/tags/0.9.1"; depth:51; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333482/; classtype:trojan-activity;sid:84196582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333481)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crowly-ai/hello-world/refs/heads/main/zubovlekciya.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333481/; classtype:trojan-activity;sid:84196581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bloodhoundad/bloodhound/master/collectors/sharphound.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333470/; classtype:trojan-activity;sid:84196570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/down/calendar/setup.exe"; depth:33; endswith; nocase; http.host; content:"ojang.pe.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333458/; classtype:trojan-activity;sid:84196558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/down/calendar.exe"; depth:27; endswith; nocase; http.host; content:"ojang.pe.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333457/; classtype:trojan-activity;sid:84196557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/down/jeditor/jeditor.exe"; depth:34; endswith; nocase; http.host; content:"ojang.pe.kr"; depth:11; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333456/; classtype:trojan-activity;sid:84196556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ytisf/thezoo/refs/heads/master/malware/binaries/ransomware.wannacry/ransomware.wannacry.zip"; depth:92; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333439/; classtype:trojan-activity;sid:84196539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333435)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newlog/exploiting/refs/heads/master/training/windows/practical_malware_analysis/labs/chapter_1l/lab01-02.exe"; depth:109; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333435/; classtype:trojan-activity;sid:84196535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/master/donut.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333369/; classtype:trojan-activity;sid:84196469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mpsl"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333359/; classtype:trojan-activity;sid:84196459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333355/; classtype:trojan-activity;sid:84196455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333357/; classtype:trojan-activity;sid:84196457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/getrektboy724/sementara/raw/master/donut.exe"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333350/; classtype:trojan-activity;sid:84196450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm7"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333351/; classtype:trojan-activity;sid:84196451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333352)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.m68k"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333352/; classtype:trojan-activity;sid:84196452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333353/; classtype:trojan-activity;sid:84196453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333343)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.mips"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333343/; classtype:trojan-activity;sid:84196443; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333322/; classtype:trojan-activity;sid:84196422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/17793058/lg246dre.txt"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333321/; classtype:trojan-activity;sid:84196421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333316/; classtype:trojan-activity;sid:84196416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3333317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.ppc"; depth:9; endswith; nocase; http.host; content:"103.163.119.220"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3333317/; classtype:trojan-activity;sid:84196417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/files/9/%e2%98%85%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%98%85.zip"; depth:123; endswith; nocase; http.host; content:"xn--yh4bx88a.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332955/; classtype:trojan-activity;sid:84196055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/storage/files/9/%e2%ab%b8%ec%a0%9c%ed%92%88%ec%82%ac%ec%9a%a9%ec%a0%84%20%ed%95%84%ec%88%98%ec%85%8b%ed%8c%85%e2%ab%b7.zip"; depth:123; endswith; nocase; http.host; content:"xn--yh4bx88a.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332954/; classtype:trojan-activity;sid:84196054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noccenter/noccenter/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; depth:94; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332792/; classtype:trojan-activity;sid:84195892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noccenter/noccenter/raw/refs/heads/main/huong%20dan%20xu%20ly%20tai%20khoan%20mail%20noi%20bo.zip"; depth:98; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332783/; classtype:trojan-activity;sid:84195883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baksvoronov/testingflrplgpreg/raw/refs/heads/main/connector1.exe"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332780/; classtype:trojan-activity;sid:84195880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xevioo/xeviohub/main/critscript.exe"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332771/; classtype:trojan-activity;sid:84195871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mae-luadev/mae-tests/main/system.exe"; depth:37; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332764/; classtype:trojan-activity;sid:84195864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3332757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mae-luadev/mae-tests/raw/main/system.exe"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_06; reference:url, urlhaus.abuse.ch/url/3332757/; classtype:trojan-activity;sid:84195857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presema/kersal/refs/heads/main/opyhjdase.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331919/; classtype:trojan-activity;sid:84195019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presema/kersal/refs/heads/main/popapoers.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331862/; classtype:trojan-activity;sid:84194962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presema/kersal/refs/heads/main/ljgksdtihd.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331858/; classtype:trojan-activity;sid:84194958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331850)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presema/kersal/refs/heads/main/pfntjejghjsdkr.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331850/; classtype:trojan-activity;sid:84194950; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presema/kersal/refs/heads/main/vikings.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331828/; classtype:trojan-activity;sid:84194928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/presema/kersal/refs/heads/main/bnkrigkawd.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331826/; classtype:trojan-activity;sid:84194926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frenzy-zwaake/discordrat-2.0/main/client-built.exe"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331699/; classtype:trojan-activity;sid:84194799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fofit-rater/1/refs/heads/main/xclient.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331669/; classtype:trojan-activity;sid:84194769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efedursun125/xfakeplayers/master/xclient.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331670/; classtype:trojan-activity;sid:84194770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2/long-glade-33dc08/original//rump_img.jpeg"; depth:45; endswith; nocase; http.host; content:"cdn.pixelbin.io"; depth:15; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331664/; classtype:trojan-activity;sid:84194764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zonicleaks/yappadabbadoo/main/xclient.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331653/; classtype:trojan-activity;sid:84194753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jikoos/rrr/main/xclient.exe"; depth:28; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331648/; classtype:trojan-activity;sid:84194748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frenzy-zwaake/discordrat-2.0/deferred-metadata/main/client-built.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331639/; classtype:trojan-activity;sid:84194739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joeljosephpajeet/testexe/refs/heads/main/xclient.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331633/; classtype:trojan-activity;sid:84194733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cheetz/nishang/master/gather/keylogger.ps1"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331630/; classtype:trojan-activity;sid:84194730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331588)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cookieskush/pip-package-template/master/client-built.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331588/; classtype:trojan-activity;sid:84194688; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/efedursun125/xfakeplayers/refs/heads/master/xclient.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331574/; classtype:trojan-activity;sid:84194674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cidadejunina/js/vendor/debug2.ps1"; depth:34; endswith; nocase; http.host; content:"transparenciacanaa.com.br"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331534/; classtype:trojan-activity;sid:84194634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_-w5me4evtzbdzix_v_ymzdelazhrv5z"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331498/; classtype:trojan-activity;sid:84194598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331500)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nskagzrswpttoue3wbrhdqpyzlyve4tg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331500/; classtype:trojan-activity;sid:84194600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3331490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1o3zw7sodji4uk954kngkdyshyl37gozq"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_12_05; reference:url, urlhaus.abuse.ch/url/3331490/; classtype:trojan-activity;sid:84194590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.39.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318580/; classtype:trojan-activity;sid:84181680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318498)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.39.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318498/; classtype:trojan-activity;sid:84181598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3318309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khangdz1801/raw/refs/heads/main/sound.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_12_03; reference:url, urlhaus.abuse.ch/url/3318309/; classtype:trojan-activity;sid:84181409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2/plugin2.dll"; depth:15; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317713/; classtype:trojan-activity;sid:84180813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2/plugin1.dll"; depth:15; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317712/; classtype:trojan-activity;sid:84180812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/m2/plugin3.dll"; depth:15; endswith; nocase; http.host; content:"165.154.184.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317707/; classtype:trojan-activity;sid:84180807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3317497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/images/media/thing2"; depth:32; endswith; nocase; http.host; content:"divvanews.com"; depth:13; isdataat:!1,relative; metadata:created_at 2024_12_02; reference:url, urlhaus.abuse.ch/url/3317497/; classtype:trojan-activity;sid:84180597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315253)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/order/purchaseorder.exe"; depth:24; endswith; nocase; http.host; content:"csg-app.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315253/; classtype:trojan-activity;sid:84178353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3315254)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/order/putty.exe"; depth:16; endswith; nocase; http.host; content:"csg-app.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_30; reference:url, urlhaus.abuse.ch/url/3315254/; classtype:trojan-activity;sid:84178354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308912)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"75.18.210.21"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308912/; classtype:trojan-activity;sid:84172012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"61.183.16.127"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308898/; classtype:trojan-activity;sid:84171998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308894)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"218.155.74.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308894/; classtype:trojan-activity;sid:84171994; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"189.61.50.98"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308883/; classtype:trojan-activity;sid:84171983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"141.155.36.213"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308875/; classtype:trojan-activity;sid:84171975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308847)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"5.26.174.234"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308847/; classtype:trojan-activity;sid:84171947; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1idr9p3dgxkblhu7h4jckclzmtlibwsiw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308798/; classtype:trojan-activity;sid:84171898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3308797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1c2pnucvma1shu90mnauhef6shildth-s"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_27; reference:url, urlhaus.abuse.ch/url/3308797/; classtype:trojan-activity;sid:84171897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jbzzntbk1kuszoofww7hsqfdh066ontf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303817/; classtype:trojan-activity;sid:84166917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3303818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hkvynldkcbdd50_bsw3s9tk5elbduxtg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_25; reference:url, urlhaus.abuse.ch/url/3303818/; classtype:trojan-activity;sid:84166918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/refs/heads/main/y.png"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300881/; classtype:trojan-activity;sid:84163981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/dcm/refs/heads/main/document.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300394/; classtype:trojan-activity;sid:84163494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamer/malwerjobs/refs/heads/master/test.xll"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300382/; classtype:trojan-activity;sid:84163482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/refs/heads/main/ud.bat"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300387/; classtype:trojan-activity;sid:84163487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/refs/heads/main/t.png"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300377/; classtype:trojan-activity;sid:84163477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamer/malwerjobs/refs/heads/master/template.dotm"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300378/; classtype:trojan-activity;sid:84163478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300374)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamer/malwerjobs/refs/heads/master/doadmin.png"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300374/; classtype:trojan-activity;sid:84163474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300375)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamer/malwerjobs/refs/heads/master/steamerx.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300375/; classtype:trojan-activity;sid:84163475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamer/malwerjobs/refs/heads/master/justpoc.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300376/; classtype:trojan-activity;sid:84163476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/refs/heads/main/u.xls"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300371/; classtype:trojan-activity;sid:84163471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steamer/malwerjobs/refs/heads/master/scriptlet"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_23; reference:url, urlhaus.abuse.ch/url/3300372/; classtype:trojan-activity;sid:84163472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3300068)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/es.hta"; depth:7; endswith; nocase; http.host; content:"pub-cdd0dd27ae6a4aee9841d397e0496374.r2.dev"; depth:43; isdataat:!1,relative; metadata:created_at 2024_11_22; reference:url, urlhaus.abuse.ch/url/3300068/; classtype:trojan-activity;sid:84163168; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saked018/rivada/refs/heads/main/mis_file_9888123_received_xsls.zip"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298233/; classtype:trojan-activity;sid:84161333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/saked018/rivada/raw/refs/heads/main/mis_file_9888123_received_xsls.zip"; depth:71; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298219/; classtype:trojan-activity;sid:84161319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/dcm/raw/refs/heads/main/document.zip"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298207/; classtype:trojan-activity;sid:84161307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/ud/raw/refs/heads/main/ud.bat"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298202/; classtype:trojan-activity;sid:84161302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298205)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/raw/refs/heads/main/u.xls"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298205/; classtype:trojan-activity;sid:84161305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3298201)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rouki555/lnk/raw/refs/heads/main/ud.bat"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_21; reference:url, urlhaus.abuse.ch/url/3298201/; classtype:trojan-activity;sid:84161301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3296209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crm/exe/update.exe"; depth:19; endswith; nocase; http.host; content:"www.zhikey.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_19; reference:url, urlhaus.abuse.ch/url/3296209/; classtype:trojan-activity;sid:84159309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ledshow1.exe"; depth:13; endswith; nocase; http.host; content:"101.200.220.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294913/; classtype:trojan-activity;sid:84158013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/configureregistrysettings.ps1"; depth:30; endswith; nocase; http.host; content:"103.247.164.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294809/; classtype:trojan-activity;sid:84157909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3294619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/noureddine-nt9/rgsdr/raw/refs/heads/main/cheet.exe"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_18; reference:url, urlhaus.abuse.ch/url/3294619/; classtype:trojan-activity;sid:84157719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3292014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/tui/mininews/mininewsplus/3.0.0.26165/mininewsplus-2.exe"; depth:59; endswith; nocase; http.host; content:"mininews.kpzip.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_15; reference:url, urlhaus.abuse.ch/url/3292014/; classtype:trojan-activity;sid:84155114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r00ts3c/ddos-rootsec/refs/heads/master/ddos%20scripts/l4/udp/10gbpsudp.py"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_14; reference:url, urlhaus.abuse.ch/url/3289875/; classtype:trojan-activity;sid:84152975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3289466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.255.216.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3289466/; classtype:trojan-activity;sid:84152566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3288915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"220.118.75.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_13; reference:url, urlhaus.abuse.ch/url/3288915/; classtype:trojan-activity;sid:84152015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"154.73.64.24"; depth:12; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286828/; classtype:trojan-activity;sid:84149928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.77.228.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286821/; classtype:trojan-activity;sid:84149921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kzxiaopeng2/kuaizip_setup_-808202126_xiaopeng2_001.exe"; depth:55; endswith; nocase; http.host; content:"d.kpzip.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286518/; classtype:trojan-activity;sid:84149618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haozip.convertimg.exe"; depth:22; endswith; nocase; http.host; content:"download.haozip.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286513/; classtype:trojan-activity;sid:84149613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.70.244.17"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286371/; classtype:trojan-activity;sid:84149471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3286067)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/erez-goldberg/rust-reverse-shell/main/shellcode.bin"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_11; reference:url, urlhaus.abuse.ch/url/3286067/; classtype:trojan-activity;sid:84149167; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3285570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.247.218.186"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_10; reference:url, urlhaus.abuse.ch/url/3285570/; classtype:trojan-activity;sid:84148670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3cur3th1ssh1t/creds/master/obfuscatedps/dccuac.ps1"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_08; reference:url, urlhaus.abuse.ch/url/3281714/; classtype:trojan-activity;sid:84144814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3281085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3281085/; classtype:trojan-activity;sid:84144185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3280680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fiies/stormfn-launcher/raw/refs/heads/main/stormfn-launcher.zip"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_07; reference:url, urlhaus.abuse.ch/url/3280680/; classtype:trojan-activity;sid:84143780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3279353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xavieprowel/crispy-palm-tree/releases/download/1/3e3ev3.exe"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3279353/; classtype:trojan-activity;sid:84142453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/txdown_disk/%e8%bd%af%e4%bb%b6%e4%bd%bf%e7%94%a8/%e7%bc%ba%e5%a4%b1%e4%b8%8b%e8%bd%bd/plugin.dll"; depth:97; endswith; nocase; http.host; content:"disk.accord1key.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278669/; classtype:trojan-activity;sid:84141769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ciphershld/ms-p-1a/master/setup%20ms%20p-1a.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278573/; classtype:trojan-activity;sid:84141673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/minecradt/regdelete/readme-edits/hell9o.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278576/; classtype:trojan-activity;sid:84141676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openpeach/dotnetfx_cleanup_tool/refs/heads/master/cleanup_tool.exe"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278567/; classtype:trojan-activity;sid:84141667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278362)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1las2cmd3reobg45qhkqhawi90h4_u0kd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278362/; classtype:trojan-activity;sid:84141462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3278361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=17hv9-3t2ilikbmcfql2z66ipd72x4mz7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_06; reference:url, urlhaus.abuse.ch/url/3278361/; classtype:trojan-activity;sid:84141461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mig"; depth:4; endswith; nocase; http.host; content:"216.201.80.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276956/; classtype:trojan-activity;sid:84140056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3276896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/loistupidpet/sfdawsdawdaw/main/serials_checker.exe"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_05; reference:url, urlhaus.abuse.ch/url/3276896/; classtype:trojan-activity;sid:84139996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1kc4fdseohzqymz2x0ncqswph66uxdb1z"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275669/; classtype:trojan-activity;sid:84138769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1u_rahqbks7vd7qqc6wx3gxnjxtfqrzbp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275667/; classtype:trojan-activity;sid:84138767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1-8qpzgr4-iis53p1-kr2-o6prrjmnksk"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275658/; classtype:trojan-activity;sid:84138758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275656)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ubqrhziusgl-cn_nie2_udj4qi6qrqsw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275656/; classtype:trojan-activity;sid:84138756; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ikoxnnlvglh6jhnfqkrsihss_p2dqkyp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275240/; classtype:trojan-activity;sid:84138340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1r7oi2jekx0ks1wqpt0ms3_kqvukzy3dv"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275241/; classtype:trojan-activity;sid:84138341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3275242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gmzqsemymffka4lve0jkwa06sklk7xhu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_11_04; reference:url, urlhaus.abuse.ch/url/3275242/; classtype:trojan-activity;sid:84138342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/borisizdabezt/exitlag-hwid-spoofer/main/drv64.dll"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274064/; classtype:trojan-activity;sid:84137164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realstrings/lydian-spoofer/raw/main/spoofy.sys"; depth:47; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274049/; classtype:trojan-activity;sid:84137149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realstrings/lydian-spoofer/refs/heads/main/spoofy.sys"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274047/; classtype:trojan-activity;sid:84137147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3274048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/realstrings/lydian-spoofer/raw/refs/heads/main/spoofy.sys"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_03; reference:url, urlhaus.abuse.ch/url/3274048/; classtype:trojan-activity;sid:84137148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3272092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ordogos2/g575/releases/download/download/setup.7.0.zip"; depth:55; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3272092/; classtype:trojan-activity;sid:84135192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271922)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/injector.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271922/; classtype:trojan-activity;sid:84135022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/injectorold.exe"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271923/; classtype:trojan-activity;sid:84135023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271924)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/driver.sys"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271924/; classtype:trojan-activity;sid:84135024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271925)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/loader.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271925/; classtype:trojan-activity;sid:84135025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/ogfn%20updater.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271919/; classtype:trojan-activity;sid:84135019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/pclient.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271920/; classtype:trojan-activity;sid:84135020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/leakerbydragon1/leakerbydragon1/main/kdmapper_release.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271921/; classtype:trojan-activity;sid:84135021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svchost.exe"; depth:12; endswith; nocase; http.host; content:"123.ywxww.net"; depth:13; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271663/; classtype:trojan-activity;sid:84134763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/undertalanted/mod/refs/heads/main/svchost.exe"; depth:46; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271634/; classtype:trojan-activity;sid:84134734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdifru877234/ilu123g5/main/svchost.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271624/; classtype:trojan-activity;sid:84134724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/regolx1/hadb/refs/heads/main/svchost.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271617/; classtype:trojan-activity;sid:84134717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271614)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chokopie333/doom/main/svchost.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271614/; classtype:trojan-activity;sid:84134714; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271612)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artem674118/erterytry/main/svchost.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271612/; classtype:trojan-activity;sid:84134712; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271609)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morgantaraum/automatic-octo-barnacle/refs/heads/main/svchost.exe"; depth:65; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271609/; classtype:trojan-activity;sid:84134709; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/furystorage/api/main/svchost.exe"; depth:39; endswith; nocase; http.host; content:"media.githubusercontent.com"; depth:27; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271610/; classtype:trojan-activity;sid:84134710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271611)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zodiac1616/test/refs/heads/main/svchost.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271611/; classtype:trojan-activity;sid:84134711; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sdifru877234/ilu123g5/raw/main/svchost.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271605/; classtype:trojan-activity;sid:84134705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271594)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artem674118/erterytry/raw/main/svchost.exe"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271594/; classtype:trojan-activity;sid:84134694; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chokopie333/doom/raw/main/svchost.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271586/; classtype:trojan-activity;sid:84134686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/morgantaraum/automatic-octo-barnacle/raw/refs/heads/main/svchost.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271587/; classtype:trojan-activity;sid:84134687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271590)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zodiac1616/test/raw/refs/heads/main/svchost.exe"; depth:48; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271590/; classtype:trojan-activity;sid:84134690; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271366)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zzrevva1/osu-maple/refs/heads/main/extremeinjector.exe"; depth:55; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271366/; classtype:trojan-activity;sid:84134466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3271369)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zzrevva1/osu-maple/raw/refs/heads/main/extremeinjector.exe"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_02; reference:url, urlhaus.abuse.ch/url/3271369/; classtype:trojan-activity;sid:84134469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/novocrm/static/winring0x64.sys"; depth:31; endswith; nocase; http.host; content:"118.189.172.141"; depth:15; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270196/; classtype:trojan-activity;sid:84133296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270195)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ggassistant/update/2.3.11.29/tool/winring0x64.sys|3f|skq=1701042218"; depth:68; endswith; nocase; http.host; content:"shqdown.ggzuhao.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270195/; classtype:trojan-activity;sid:84133295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270193)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miguel-b-p/..../raw/main/winring0x64.sys"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270193/; classtype:trojan-activity;sid:84133293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/silenthashik/winring/raw/main/winring0x64.sys"; depth:46; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270185/; classtype:trojan-activity;sid:84133285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270186)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hak333444/xmrig/raw/main/winring0x64.sys"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270186/; classtype:trojan-activity;sid:84133286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270188)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/blob/master/bin/winring0/winring0x64.sys|3f|raw=true"; depth:65; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270188/; classtype:trojan-activity;sid:84133288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/so251/olaquerida/releases/download/1releasae/winring0x64.sys"; depth:61; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270189/; classtype:trojan-activity;sid:84133289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jsjsjsc79/advsd/raw/main/winring0x64.sys"; depth:41; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270191/; classtype:trojan-activity;sid:84133291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270192)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stickmengamer/idk/raw/main/winring0x64.sys"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270192/; classtype:trojan-activity;sid:84133292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sopranotech/dimeo/main/winring0x64.sys"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270183/; classtype:trojan-activity;sid:84133283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3270184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/abrissyy/min/main/winring0x64.sys"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3270184/; classtype:trojan-activity;sid:84133284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3269715)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sqrtzeroknowledge/xworm-trojan/archive/refs/heads/main.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_11_01; reference:url, urlhaus.abuse.ch/url/3269715/; classtype:trojan-activity;sid:84132815; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ygqwpvxadhjsxskr3u3tdw2u5dnzv0pp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265959/; classtype:trojan-activity;sid:84129059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3265958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uzjwtbh4hcs9i060hwf08hrnymnodugn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_30; reference:url, urlhaus.abuse.ch/url/3265958/; classtype:trojan-activity;sid:84129058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3258033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ijeuwaesika/nna/refs/heads/main/ifiinms.txt"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3258033/; classtype:trojan-activity;sid:84121133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/javaw/net/net.xsl"; depth:23; endswith; nocase; http.host; content:"shangmei-test.oss-cn-beijing.aliyuncs.com"; depth:41; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257484/; classtype:trojan-activity;sid:84120584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257470)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.ps1"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257470/; classtype:trojan-activity;sid:84120570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/net/net.xsl"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257471/; classtype:trojan-activity;sid:84120571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257473)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/net/net.xsl"; depth:19; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257473/; classtype:trojan-activity;sid:84120573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/inst.ps1"; depth:16; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257474/; classtype:trojan-activity;sid:84120574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.xsl"; depth:12; endswith; nocase; http.host; content:"cat.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257475/; classtype:trojan-activity;sid:84120575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257477)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/instance.ps1"; depth:20; endswith; nocase; http.host; content:"sec.xiaoshabi.nl"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257477/; classtype:trojan-activity;sid:84120577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257450)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.ps1"; depth:12; endswith; nocase; http.host; content:"cat.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257450/; classtype:trojan-activity;sid:84120550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257451)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/winring0x64.sys"; depth:23; endswith; nocase; http.host; content:"sec.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257451/; classtype:trojan-activity;sid:84120551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/javaw"; depth:13; endswith; nocase; http.host; content:"sec.dashabi.in"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257457/; classtype:trojan-activity;sid:84120557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/javaw2/instance.ps1"; depth:20; endswith; nocase; http.host; content:"sec.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257464/; classtype:trojan-activity;sid:84120564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3257465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/netstat.ps1"; depth:12; endswith; nocase; http.host; content:"cat.xiaojiji.nl"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_27; reference:url, urlhaus.abuse.ch/url/3257465/; classtype:trojan-activity;sid:84120565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kdot227/somalifuscator/archive/refs/heads/main.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254228/; classtype:trojan-activity;sid:84117328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/proxyonly/www/raw/main/security.exe"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254226/; classtype:trojan-activity;sid:84117326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3254222)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/robloxdev1223/requirements/raw/main/requirements.exe"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_26; reference:url, urlhaus.abuse.ch/url/3254222/; classtype:trojan-activity;sid:84117322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3252630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/17267811/stm.txt"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_25; reference:url, urlhaus.abuse.ch/url/3252630/; classtype:trojan-activity;sid:84115730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/img_up/shop_pds/nicehana/client.exe"; depth:36; endswith; nocase; http.host; content:"www.xn--on3b15m2lco2u.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249739/; classtype:trojan-activity;sid:84112839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/client.exe"; depth:11; endswith; nocase; http.host; content:"119.193.158.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249735/; classtype:trojan-activity;sid:84112835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/quasar/quasar/releases/download/v1.4.1/quasar.v1.4.1.zip"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249675/; classtype:trojan-activity;sid:84112775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3249662)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/refs/heads/master/rat/njrat.exe"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_23; reference:url, urlhaus.abuse.ch/url/3249662/; classtype:trojan-activity;sid:84112762; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3246018)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mestalic/site/refs/heads/main/file.exe"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3246018/; classtype:trojan-activity;sid:84109118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.152.219.150"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245733/; classtype:trojan-activity;sid:84108833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vz.txt"; depth:7; endswith; nocase; http.host; content:"51.79.124.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245732/; classtype:trojan-activity;sid:84108832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chinese.txt"; depth:12; endswith; nocase; http.host; content:"202.129.16.172"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245730/; classtype:trojan-activity;sid:84108830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hs.exe"; depth:7; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245463/; classtype:trojan-activity;sid:84108563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kg.exe"; depth:7; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245459/; classtype:trojan-activity;sid:84108559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3245458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygen.exe"; depth:11; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_20; reference:url, urlhaus.abuse.ch/url/3245458/; classtype:trojan-activity;sid:84108558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/data/update.exe"; depth:23; endswith; nocase; http.host; content:"114.55.106.136"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243086/; classtype:trojan-activity;sid:84106186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sysupdate/ckbgd/2.3.0624.zip"; depth:29; endswith; nocase; http.host; content:"8.131.63.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243082/; classtype:trojan-activity;sid:84106182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3243077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sysupdate/ckbgd/2.3.0703.zip"; depth:29; endswith; nocase; http.host; content:"8.131.63.6"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3243077/; classtype:trojan-activity;sid:84106177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flowseal/zapret-discord-youtube/releases/download/1.1.1/zapret-discord-youtube-1.1.1.rar"; depth:89; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242983/; classtype:trojan-activity;sid:84106083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmatrix/data/hack0832.zip"; depth:26; endswith; nocase; http.host; content:"cd.textfiles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242663/; classtype:trojan-activity;sid:84105763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3242642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rishabhkumardeveloper/malware_analysis_using_ml/main/wildfire-test-pe-file.exe"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_19; reference:url, urlhaus.abuse.ch/url/3242642/; classtype:trojan-activity;sid:84105742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241764)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mori-miyako/discord-token-generator/zip/refs/heads/main"; depth:56; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241764/; classtype:trojan-activity;sid:84104864; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241765)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scode18/all-tweaker/main/tweaks.7z"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241765/; classtype:trojan-activity;sid:84104865; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intergate0/none/main/main.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241756/; classtype:trojan-activity;sid:84104856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241752)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kntjspr/licensebytes/refs/heads/main/licensemalwarebytes.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241752/; classtype:trojan-activity;sid:84104852; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/baksvoronov/testingflrplgpreg/refs/heads/main/connector1.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241644/; classtype:trojan-activity;sid:84104744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241637)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s107000665/c1/master/1223.exe"; depth:30; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241637/; classtype:trojan-activity;sid:84104737; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iciamyplant/ctf/master/plantrojan.exe"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241638/; classtype:trojan-activity;sid:84104738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fengjixuchui/cve-2022-26810/main/shellcode.bin"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241639/; classtype:trojan-activity;sid:84104739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/killbillpribil/world-of-tanks/master/world%20of%20tanks.exe"; depth:60; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241640/; classtype:trojan-activity;sid:84104740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241641)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mach1el/htb-scripts/master/exploit-fuse/shell.exe"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241641/; classtype:trojan-activity;sid:84104741; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/khr0x40sh/whitelistevasion/master/installutil/script.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241642/; classtype:trojan-activity;sid:84104742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241635)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/msf.exe"; depth:8; endswith; nocase; http.host; content:"qiniuyunxz.yxflzs.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241635/; classtype:trojan-activity;sid:84104735; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/c5hackr/phantom/main/phantom/resources/donut.exe"; depth:49; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241559/; classtype:trojan-activity;sid:84104659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.39.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241404/; classtype:trojan-activity;sid:84104504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"117.72.39.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241382/; classtype:trojan-activity;sid:84104482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241127)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/justincoding3/slumfun/main/obfuscated.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241127/; classtype:trojan-activity;sid:84104227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241126)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/r00t-3xp10it/redpill/main/utils/compiled.exe"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241126/; classtype:trojan-activity;sid:84104226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241125)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secwiki/windows-kernel-exploits/master/ms14-068/ms14-068.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241125/; classtype:trojan-activity;sid:84104225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241123)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/prowindows365/hailhydra/refs/heads/main/hailhydra.exe"; depth:54; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241123/; classtype:trojan-activity;sid:84104223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/neo23x0/signature-base/archive/master.zip"; depth:42; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241055/; classtype:trojan-activity;sid:84104155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241005)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ricepudding0xl/discordnitrogenerator/main/discordnitrogenerator.exe"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241005/; classtype:trojan-activity;sid:84104105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3241004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ryan2159/stuff/main/discord.exe"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3241004/; classtype:trojan-activity;sid:84104104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sad-dust/death/main/stealinfo.exe"; depth:34; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240999/; classtype:trojan-activity;sid:84104099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redcanaryco/atomic-red-team/master/atomics/t1204.002/bin/test10.lnk"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240819/; classtype:trojan-activity;sid:84103919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cuckoobox/cuckoo/archive/master.zip"; depth:36; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240817/; classtype:trojan-activity;sid:84103917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/haxork8880/files/main/windowssync.txt.zip"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240813/; classtype:trojan-activity;sid:84103913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/crjtpp/tpplab_public/main/poc-sample-lnk.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240814/; classtype:trojan-activity;sid:84103914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackerx237/miner/main/my-files.lnk"; depth:35; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240812/; classtype:trojan-activity;sid:84103912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scode18/all-tweaker/releases/download/beta_v0.6/all.tweaker.beta.v0.6.7z"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240811/; classtype:trojan-activity;sid:84103911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scode18/all-tweaker/raw/main/tweaks.7z"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240810/; classtype:trojan-activity;sid:84103910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240720)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dqwr1q23rwdfr/xxx/releases/download/xxx/vital.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240720/; classtype:trojan-activity;sid:84103820; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3240639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mohdjulaya09/code-sparrow-crypter-2.0-private-crack-leak/releases/download/%23crypter/codesparrow.crypter.2.0.crack.rar"; depth:120; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_18; reference:url, urlhaus.abuse.ch/url/3240639/; classtype:trojan-activity;sid:84103739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3239707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/demon.x64.bin"; depth:14; endswith; nocase; http.host; content:"8.138.96.41"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_17; reference:url, urlhaus.abuse.ch/url/3239707/; classtype:trojan-activity;sid:84102807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238658)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eaklauncher/eaklauncher.exe"; depth:28; endswith; nocase; http.host; content:"147.50.240.62"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238658/; classtype:trojan-activity;sid:84101758; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/resources/js/info2r.txt"; depth:24; endswith; nocase; http.host; content:"188.81.134.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238111/; classtype:trojan-activity;sid:84101211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238073)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ff245185/payload/main/fast%20download.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238073/; classtype:trojan-activity;sid:84101173; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3238061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/grozniy1/folder/main/444.exe"; depth:29; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3238061/; classtype:trojan-activity;sid:84101161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/da2dalus/the-malware-repo/blob/master/rat/njrat.exe|3f|raw=true"; depth:64; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237975/; classtype:trojan-activity;sid:84101075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/5556.rar"; depth:9; endswith; nocase; http.host; content:"188.212.158.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237976/; classtype:trojan-activity;sid:84101076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blank-c/umbral-stealer/zip/refs/heads/main"; depth:43; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237956/; classtype:trojan-activity;sid:84101056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blank-c/blank-grabber/zip/refs/heads/main"; depth:42; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237955/; classtype:trojan-activity;sid:84101055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237954)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blank-c/blankobf/zip/refs/heads/v2"; depth:35; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237954/; classtype:trojan-activity;sid:84101054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joh81/exploi01/zip/refs/heads/main"; depth:35; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237861/; classtype:trojan-activity;sid:84100961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steve824/a/zip/refs/heads/main"; depth:31; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237810/; classtype:trojan-activity;sid:84100910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/thebb5th/123/zip/refs/heads/main"; depth:33; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237737/; classtype:trojan-activity;sid:84100837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_suia0iczdw2reew1f9hgunezxcwv52d"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237465/; classtype:trojan-activity;sid:84100565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3237464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_3ozdjl5puad8qn3tipydynn5j7l13el"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_10_16; reference:url, urlhaus.abuse.ch/url/3237464/; classtype:trojan-activity;sid:84100564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/center.exe"; depth:11; endswith; nocase; http.host; content:"119.193.158.215"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236597/; classtype:trojan-activity;sid:84099697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/kedadecoder.zip"; depth:25; endswith; nocase; http.host; content:"153.37.77.156"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236587/; classtype:trojan-activity;sid:84099687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/kedadecoder.zip"; depth:25; endswith; nocase; http.host; content:"116.136.142.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236559/; classtype:trojan-activity;sid:84099659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236453)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3cur3th1ssh1t/creds/master/powershellscripts/invoke-petitpotam.ps1"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236453/; classtype:trojan-activity;sid:84099553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/xwgl/xw_xxgl.exe"; depth:22; endswith; nocase; http.host; content:"data.yhydl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236324/; classtype:trojan-activity;sid:84099424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/xw_setup.exe"; depth:18; endswith; nocase; http.host; content:"data.yhydl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236322/; classtype:trojan-activity;sid:84099422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/yhy_setup.exe"; depth:19; endswith; nocase; http.host; content:"data.yhydl.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236323/; classtype:trojan-activity;sid:84099423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/products/4001/updates/efatura/efatura.exe"; depth:42; endswith; nocase; http.host; content:"elisans.novayonetim.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236318/; classtype:trojan-activity;sid:84099418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/services/identification/server/gtptoolsdownloadhandler.ashx|3f|filename=gtp_6_browserplugin_setup.exe"; depth:102; endswith; nocase; http.host; content:"hnjgdl.geps.glodon.com"; depth:22; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236240/; classtype:trojan-activity;sid:84099340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/natgo.exe"; depth:10; endswith; nocase; http.host; content:"dl.natgo.cn"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236237/; classtype:trojan-activity;sid:84099337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/etermproxy.exe"; depth:24; endswith; nocase; http.host; content:"pid.fly160.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236236/; classtype:trojan-activity;sid:84099336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236224)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pdd_biaoge/soft/down.exe"; depth:25; endswith; nocase; http.host; content:"49.234.48.162"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236224/; classtype:trojan-activity;sid:84099324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3236154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/17267811/stm.txt"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3236154/; classtype:trojan-activity;sid:84099254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chainguard-dev/bincapz/archive/refs/tags/v0.5.0.zip"; depth:52; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235523/; classtype:trojan-activity;sid:84098623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/playmcbkuwu/vape/releases/download/stable/vape.v4.10.from.duckysolucky.zip"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235522/; classtype:trojan-activity;sid:84098622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235514)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/barrigudinha157/barrigudinha/raw/master/rage.dll"; depth:49; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235514/; classtype:trojan-activity;sid:84098614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meckazin/chromekatz/releases/download/0.4.7/chromekatzbofs.zip"; depth:63; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_15; reference:url, urlhaus.abuse.ch/url/3235513/; classtype:trojan-activity;sid:84098613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3235094)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xsh/update.exe"; depth:15; endswith; nocase; http.host; content:"101.126.11.168"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3235094/; classtype:trojan-activity;sid:84098194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/petikvx/lockbit-black-builder/main/lockbit30/builder.exe"; depth:57; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234859/; classtype:trojan-activity;sid:84097959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3234858)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tennessene/lockbit/refs/heads/main/builder.exe"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_14; reference:url, urlhaus.abuse.ch/url/3234858/; classtype:trojan-activity;sid:84097958; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3232402)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"152.32.202.240"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_13; reference:url, urlhaus.abuse.ch/url/3232402/; classtype:trojan-activity;sid:84095502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231796)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16737801/wave.zip|3f|"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231796/; classtype:trojan-activity;sid:84094896; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3231794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/user-attachments/files/16419615/solara.zip"; depth:43; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_12; reference:url, urlhaus.abuse.ch/url/3231794/; classtype:trojan-activity;sid:84094894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3229631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kamilniftaliev/cryptoview/zip/refs/heads/main"; depth:46; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_10_11; reference:url, urlhaus.abuse.ch/url/3229631/; classtype:trojan-activity;sid:84092731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3228667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/winassist/login/login.7z"; depth:25; endswith; nocase; http.host; content:"win.down.55kantu.com"; depth:20; isdataat:!1,relative; metadata:created_at 2024_10_10; reference:url, urlhaus.abuse.ch/url/3228667/; classtype:trojan-activity;sid:84091767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3226239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.22.0/xmrig-6.22.0-linux-static-x64.tar.gz"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_09; reference:url, urlhaus.abuse.ch/url/3226239/; classtype:trojan-activity;sid:84089339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218033)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.207.216.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218033/; classtype:trojan-activity;sid:84081133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"86.106.101.159"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218030/; classtype:trojan-activity;sid:84081130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.207.217.114"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218009/; classtype:trojan-activity;sid:84081109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.147.146.187"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218011/; classtype:trojan-activity;sid:84081111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3218001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"213.96.13.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3218001/; classtype:trojan-activity;sid:84081101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.205.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217787/; classtype:trojan-activity;sid:84080887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"85.130.160.219"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217802/; classtype:trojan-activity;sid:84080902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217780)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.203.169.39"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217780/; classtype:trojan-activity;sid:84080880; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217760/; classtype:trojan-activity;sid:84080860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.28.228.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217750/; classtype:trojan-activity;sid:84080850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217745)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217745/; classtype:trojan-activity;sid:84080845; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.203.169.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217740/; classtype:trojan-activity;sid:84080840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217717)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217717/; classtype:trojan-activity;sid:84080817; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.97.161.106"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217729/; classtype:trojan-activity;sid:84080829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"213.96.13.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217689/; classtype:trojan-activity;sid:84080789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217684)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.43.16.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217684/; classtype:trojan-activity;sid:84080784; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.45.183.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217681/; classtype:trojan-activity;sid:84080781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.45.183.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217682/; classtype:trojan-activity;sid:84080782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217665)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"213.96.13.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217665/; classtype:trojan-activity;sid:84080765; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217669)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"188.12.184.204"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217669/; classtype:trojan-activity;sid:84080769; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217674)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.191.89.120"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217674/; classtype:trojan-activity;sid:84080774; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217638)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"14.161.6.225"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217638/; classtype:trojan-activity;sid:84080738; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.205.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217625/; classtype:trojan-activity;sid:84080725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.205.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217621/; classtype:trojan-activity;sid:84080721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217618)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.205.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217618/; classtype:trojan-activity;sid:84080718; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.212.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217562/; classtype:trojan-activity;sid:84080662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/123.ps1"; depth:8; endswith; nocase; http.host; content:"103.247.164.242"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217557/; classtype:trojan-activity;sid:84080657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217454)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"99.118.215.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217454/; classtype:trojan-activity;sid:84080554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.212.35.175"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217426/; classtype:trojan-activity;sid:84080526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.105.196.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217139/; classtype:trojan-activity;sid:84080239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.238.209.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217098/; classtype:trojan-activity;sid:84080198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217102/; classtype:trojan-activity;sid:84080202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"179.189.254.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217106/; classtype:trojan-activity;sid:84080206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.249.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217109/; classtype:trojan-activity;sid:84080209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.145.205.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217088/; classtype:trojan-activity;sid:84080188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217090)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217090/; classtype:trojan-activity;sid:84080190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217046)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"167.250.193.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217046/; classtype:trojan-activity;sid:84080146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217059/; classtype:trojan-activity;sid:84080159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217061)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217061/; classtype:trojan-activity;sid:84080161; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217062)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217062/; classtype:trojan-activity;sid:84080162; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217063)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217063/; classtype:trojan-activity;sid:84080163; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.69.219.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217066/; classtype:trojan-activity;sid:84080166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"156.155.176.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217006/; classtype:trojan-activity;sid:84080106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217009/; classtype:trojan-activity;sid:84080109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217001)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"92.241.77.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217001/; classtype:trojan-activity;sid:84080101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.5.50.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217003/; classtype:trojan-activity;sid:84080103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3217004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.253.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3217004/; classtype:trojan-activity;sid:84080104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216971/; classtype:trojan-activity;sid:84080071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.255.217.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216977/; classtype:trojan-activity;sid:84080077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"195.34.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216979/; classtype:trojan-activity;sid:84080079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216983)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.57.33.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216983/; classtype:trojan-activity;sid:84080083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.90.207.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216962/; classtype:trojan-activity;sid:84080062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216956)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216956/; classtype:trojan-activity;sid:84080056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.4.124.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216950/; classtype:trojan-activity;sid:84080050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216934)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216934/; classtype:trojan-activity;sid:84080034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.90.207.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216935/; classtype:trojan-activity;sid:84080035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.7.160.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216943/; classtype:trojan-activity;sid:84080043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216889)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216889/; classtype:trojan-activity;sid:84079989; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216893)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.87.223.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216893/; classtype:trojan-activity;sid:84079993; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216854)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.131.234.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216854/; classtype:trojan-activity;sid:84079954; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"85.187.82.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216860/; classtype:trojan-activity;sid:84079960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.165.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216841/; classtype:trojan-activity;sid:84079941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216843/; classtype:trojan-activity;sid:84079943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216846)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.217.215.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216846/; classtype:trojan-activity;sid:84079946; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"27.147.225.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216809/; classtype:trojan-activity;sid:84079909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"134.249.141.119"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216811/; classtype:trojan-activity;sid:84079911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"110.74.207.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216812/; classtype:trojan-activity;sid:84079912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216813/; classtype:trojan-activity;sid:84079913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.160.87.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216802/; classtype:trojan-activity;sid:84079902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216803/; classtype:trojan-activity;sid:84079903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"186.154.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216794/; classtype:trojan-activity;sid:84079894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"89.231.14.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216772/; classtype:trojan-activity;sid:84079872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"114.7.209.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216761/; classtype:trojan-activity;sid:84079861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"109.92.143.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216750/; classtype:trojan-activity;sid:84079850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.64.210.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216739/; classtype:trojan-activity;sid:84079839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.217.148.227"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216743/; classtype:trojan-activity;sid:84079843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.57.69.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216722/; classtype:trojan-activity;sid:84079822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"88.116.62.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216719/; classtype:trojan-activity;sid:84079819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.211.135.170"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216710/; classtype:trojan-activity;sid:84079810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216682)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.151.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216682/; classtype:trojan-activity;sid:84079782; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216685)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"46.151.56.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216685/; classtype:trojan-activity;sid:84079785; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216688)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"83.218.189.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216688/; classtype:trojan-activity;sid:84079788; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"212.85.176.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216690/; classtype:trojan-activity;sid:84079790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"181.211.250.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216699/; classtype:trojan-activity;sid:84079799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216700)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216700/; classtype:trojan-activity;sid:84079800; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216653/; classtype:trojan-activity;sid:84079753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216664/; classtype:trojan-activity;sid:84079764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"182.160.102.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216627/; classtype:trojan-activity;sid:84079727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216607)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.247.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216607/; classtype:trojan-activity;sid:84079707; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216608)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"217.218.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216608/; classtype:trojan-activity;sid:84079708; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216610/; classtype:trojan-activity;sid:84079710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"213.6.74.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216599/; classtype:trojan-activity;sid:84079699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"37.233.63.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216600/; classtype:trojan-activity;sid:84079700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"31.186.54.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216603/; classtype:trojan-activity;sid:84079703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.247.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216577/; classtype:trojan-activity;sid:84079677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"190.2.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216581/; classtype:trojan-activity;sid:84079681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.244.169.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216582/; classtype:trojan-activity;sid:84079682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"178.77.228.166"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216583/; classtype:trojan-activity;sid:84079683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"95.170.116.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216557/; classtype:trojan-activity;sid:84079657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"77.46.170.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216559/; classtype:trojan-activity;sid:84079659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"202.148.5.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216561/; classtype:trojan-activity;sid:84079661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216564)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"176.221.111.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216564/; classtype:trojan-activity;sid:84079664; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"150.129.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216569/; classtype:trojan-activity;sid:84079669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216522)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"203.160.56.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216522/; classtype:trojan-activity;sid:84079622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216529)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216529/; classtype:trojan-activity;sid:84079629; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"185.133.214.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216478/; classtype:trojan-activity;sid:84079578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216479)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"91.92.82.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216479/; classtype:trojan-activity;sid:84079579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216456)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"121.43.104.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216456/; classtype:trojan-activity;sid:84079556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216443)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"87.249.142.126"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216443/; classtype:trojan-activity;sid:84079543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216437)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"87.227.140.66"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216437/; classtype:trojan-activity;sid:84079537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"217.92.214.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216421/; classtype:trojan-activity;sid:84079521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216418)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"80.249.6.118"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216418/; classtype:trojan-activity;sid:84079518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"49.232.126.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216406/; classtype:trojan-activity;sid:84079506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216404)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"150.158.25.244"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216404/; classtype:trojan-activity;sid:84079504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"121.43.104.75"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216396/; classtype:trojan-activity;sid:84079496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216384)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"43.132.12.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216384/; classtype:trojan-activity;sid:84079484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"50.65.169.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216382/; classtype:trojan-activity;sid:84079482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"36.110.15.211"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216377/; classtype:trojan-activity;sid:84079477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"178.61.160.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216372/; classtype:trojan-activity;sid:84079472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"124.123.123.15"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216365/; classtype:trojan-activity;sid:84079465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216359)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"82.67.13.197"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216359/; classtype:trojan-activity;sid:84079459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"123.117.136.97"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216353/; classtype:trojan-activity;sid:84079453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"43.132.13.252"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216334/; classtype:trojan-activity;sid:84079434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216322)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"184.185.30.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216322/; classtype:trojan-activity;sid:84079422; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"85.163.234.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216309/; classtype:trojan-activity;sid:84079409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"94.76.156.101"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216306/; classtype:trojan-activity;sid:84079406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3216302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3216302/; classtype:trojan-activity;sid:84079402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215839)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"156.155.176.210"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215839/; classtype:trojan-activity;sid:84078939; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215832)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.74.207.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215832/; classtype:trojan-activity;sid:84078932; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.217.215.238"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215823/; classtype:trojan-activity;sid:84078923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"27.147.225.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215826/; classtype:trojan-activity;sid:84078926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.160.56.67"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215829/; classtype:trojan-activity;sid:84078929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.57.69.125"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215816/; classtype:trojan-activity;sid:84078916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.85.176.23"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215800/; classtype:trojan-activity;sid:84078900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.233.63.185"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215785/; classtype:trojan-activity;sid:84078885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"31.186.54.111"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215788/; classtype:trojan-activity;sid:84078888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215795)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"176.221.111.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215795/; classtype:trojan-activity;sid:84078895; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"87.197.160.196"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215772/; classtype:trojan-activity;sid:84078872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.160.102.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215478/; classtype:trojan-activity;sid:84078578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.160.87.2"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215463/; classtype:trojan-activity;sid:84078563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.131.234.26"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215465/; classtype:trojan-activity;sid:84078565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215455)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.90.207.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215455/; classtype:trojan-activity;sid:84078555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"184.185.30.182"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215440/; classtype:trojan-activity;sid:84078540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"183.81.156.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215421/; classtype:trojan-activity;sid:84078521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.255.217.87"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215417/; classtype:trojan-activity;sid:84078517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215409)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.209.193"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215409/; classtype:trojan-activity;sid:84078509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.211.250.118"; depth:15; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215398/; classtype:trojan-activity;sid:84078498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"89.231.14.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215399/; classtype:trojan-activity;sid:84078499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"88.116.62.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215380/; classtype:trojan-activity;sid:84078480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.46.170.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215382/; classtype:trojan-activity;sid:84078482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.238.209.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215371/; classtype:trojan-activity;sid:84078471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.105.196.30"; depth:14; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215372/; classtype:trojan-activity;sid:84078472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3215358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"83.218.189.21"; depth:13; isdataat:!1,relative; metadata:created_at 2024_10_06; reference:url, urlhaus.abuse.ch/url/3215358/; classtype:trojan-activity;sid:84078458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3213897)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/matinrco/tor/releases/download/v0.4.5.10/tor-expert-bundle-v0.4.5.10.zip"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_10_05; reference:url, urlhaus.abuse.ch/url/3213897/; classtype:trojan-activity;sid:84076997; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3206293)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ox2fa/justnow/refs/heads/main/2pac.php"; depth:39; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_10_03; reference:url, urlhaus.abuse.ch/url/3206293/; classtype:trojan-activity;sid:84069393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3204531)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/for_down/2013/new/dlls/rse/rsreport.exe"; depth:40; endswith; nocase; http.host; content:"download.suxiazai.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_10_02; reference:url, urlhaus.abuse.ch/url/3204531/; classtype:trojan-activity;sid:84067631; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3200548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/slinky/slinkycrack.zip"; depth:23; endswith; nocase; http.host; content:"crystalpvp.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_29; reference:url, urlhaus.abuse.ch/url/3200548/; classtype:trojan-activity;sid:84063648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198753)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinginfoview.exe"; depth:17; endswith; nocase; http.host; content:"139.198.15.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198753/; classtype:trojan-activity;sid:84061853; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3198696)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cen22.php"; depth:10; endswith; nocase; http.host; content:"39.100.33.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3198696/; classtype:trojan-activity;sid:84061796; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scanport.exe"; depth:13; endswith; nocase; http.host; content:"139.198.15.223"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195883/; classtype:trojan-activity;sid:84058983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3195736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fx8"; depth:4; endswith; nocase; http.host; content:"123.57.250.154"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_28; reference:url, urlhaus.abuse.ch/url/3195736/; classtype:trojan-activity;sid:84058836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193861)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/massgravel/microsoft-activation-scripts/b1b5299c4725d97349b18b59061647198f7cc59b/mas/all-in-one-version-kl/mas_aio.cmd"; depth:119; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193861/; classtype:trojan-activity;sid:84056961; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3193548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bitrix/js/main/core/core.js"; depth:28; endswith; nocase; http.host; content:"evangroup.ru"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_27; reference:url, urlhaus.abuse.ch/url/3193548/; classtype:trojan-activity;sid:84056648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.68.74.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190323/; classtype:trojan-activity;sid:84053423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"112.4.110.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190317/; classtype:trojan-activity;sid:84053417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.166.211.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190315/; classtype:trojan-activity;sid:84053415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3190313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"109.166.211.222"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_25; reference:url, urlhaus.abuse.ch/url/3190313/; classtype:trojan-activity;sid:84053413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3189225)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unknwon1352/qawfdasfaw/main/software.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3189225/; classtype:trojan-activity;sid:84052325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/repository/aa_v3.exe"; depth:21; endswith; nocase; http.host; content:"83.149.17.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_24; reference:url, urlhaus.abuse.ch/url/3188620/; classtype:trojan-activity;sid:84051720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3188034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blueskyxn/changesource/master/besttrace"; depth:40; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_23; reference:url, urlhaus.abuse.ch/url/3188034/; classtype:trojan-activity;sid:84051134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186441)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxl_win_tool_v9.6.iso"; depth:22; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186441/; classtype:trojan-activity;sid:84049541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186440)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.iso"; depth:43; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186440/; classtype:trojan-activity;sid:84049540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dxl_win_tool_v9.4.iso"; depth:22; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186439/; classtype:trojan-activity;sid:84049539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1-%e4%bf%ae%e6%94%b9%e7%ab%af%e5%8f%a3.zip"; depth:43; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186430/; classtype:trojan-activity;sid:84049530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3186428)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1_dxl_windowsport.zip"; depth:22; endswith; nocase; http.host; content:"down.fwqlt.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_09_22; reference:url, urlhaus.abuse.ch/url/3186428/; classtype:trojan-activity;sid:84049528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3178401)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1v9ujqbyj-mlf9mugkyiwow6t3rpui2bu"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_09_17; reference:url, urlhaus.abuse.ch/url/3178401/; classtype:trojan-activity;sid:84041501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174915)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.220.6.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174915/; classtype:trojan-activity;sid:84038015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/02.08.2022.exe"; depth:15; endswith; nocase; http.host; content:"124.220.6.158"; depth:13; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174919/; classtype:trojan-activity;sid:84038019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scribblercoder/browserthief/main/browserthief.ps1"; depth:50; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174523/; classtype:trojan-activity;sid:84037623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174364)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foru.apk"; depth:9; endswith; nocase; http.host; content:"tecunonline.com"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174364/; classtype:trojan-activity;sid:84037464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174340)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/foru.apk"; depth:9; endswith; nocase; http.host; content:"www.tecunonline.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174340/; classtype:trojan-activity;sid:84037440; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3174264)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygen"; depth:7; endswith; nocase; http.host; content:"146.0.42.82"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3174264/; classtype:trojan-activity;sid:84037364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3173868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file.exe"; depth:9; endswith; nocase; http.host; content:"85.25.72.70"; depth:11; isdataat:!1,relative; metadata:created_at 2024_09_15; reference:url, urlhaus.abuse.ch/url/3173868/; classtype:trojan-activity;sid:84036968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3172240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/techsavvysenior/referralreactjs/archive/refs/heads/main.zip"; depth:60; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_09_14; reference:url, urlhaus.abuse.ch/url/3172240/; classtype:trojan-activity;sid:84035340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3163579)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/handler/download|3f|action=download|7c|26|7c|download_id=jgc6slaf|7c|26|7c|private_id=0|7c|26|7c|url=https%253a%252f%252fyoutransfer.net%252fjgc6slaf"; depth:150; endswith; nocase; http.host; content:"youtransfer.net"; depth:15; isdataat:!1,relative; metadata:created_at 2024_09_09; reference:url, urlhaus.abuse.ch/url/3163579/; classtype:trojan-activity;sid:84026679; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3154718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hackirby/discord-injection/main/injection.js"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_09_03; reference:url, urlhaus.abuse.ch/url/3154718/; classtype:trojan-activity;sid:84017818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/miners/myxmrig.tgz"; depth:19; endswith; nocase; http.host; content:"do-dear.com"; depth:11; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135730/; classtype:trojan-activity;sid:83998830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sosinchik/asd/main/zoom.py"; depth:27; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135722/; classtype:trojan-activity;sid:83998822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moneroocean/xmrig_setup/master/setup_moneroocean_miner.sh"; depth:58; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135724/; classtype:trojan-activity;sid:83998824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3135613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/log/orgn.txt"; depth:13; endswith; nocase; http.host; content:"epanpano.com"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_30; reference:url, urlhaus.abuse.ch/url/3135613/; classtype:trojan-activity;sid:83998713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3134371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qqhelper_1540.exe"; depth:18; endswith; nocase; http.host; content:"down.qqfarmer.com.cn"; depth:20; isdataat:!1,relative; metadata:created_at 2024_08_29; reference:url, urlhaus.abuse.ch/url/3134371/; classtype:trojan-activity;sid:83997471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129654)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nova_flow/patcher.exe"; depth:22; endswith; nocase; http.host; content:"144.172.71.105"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129654/; classtype:trojan-activity;sid:83992754; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129577)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pages/update/css/self/[upg]css.exe"; depth:35; endswith; nocase; http.host; content:"cs.go.kg"; depth:8; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129577/; classtype:trojan-activity;sid:83992677; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoldownload/foobar2000_v1.6.7_beta_17@1704_129472.exe"; depth:54; endswith; nocase; http.host; content:"down10d.zol.com.cn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129478/; classtype:trojan-activity;sid:83992578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/asmedises/pxray_cast_sort.exe"; depth:30; endswith; nocase; http.host; content:"www.medises.co.kr"; depth:17; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129417/; classtype:trojan-activity;sid:83992517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/media/mod_junewsultra/js/bootstrap/js/bootstrap.min.js"; depth:55; endswith; nocase; http.host; content:"temirtau-adm.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129220/; classtype:trojan-activity;sid:83992320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3129042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/yuta1111x/selfbot/04ecdf46e8db9fce689d93905d759334b475c825/aquarius.exe"; depth:72; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_26; reference:url, urlhaus.abuse.ch/url/3129042/; classtype:trojan-activity;sid:83992142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"190.104.213.45"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112427/; classtype:trojan-activity;sid:83975527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112426)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"200.29.120.130"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112426/; classtype:trojan-activity;sid:83975526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112419)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.182.76.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112419/; classtype:trojan-activity;sid:83975519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112420)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"93.182.76.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112420/; classtype:trojan-activity;sid:83975520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3112417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"89.121.250.206"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_17; reference:url, urlhaus.abuse.ch/url/3112417/; classtype:trojan-activity;sid:83975517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/webcam.dll"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108504/; classtype:trojan-activity;sid:83971604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108505)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/token%20grabber.dll"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108505/; classtype:trojan-activity;sid:83971605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108506)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/rootkit.dll"; depth:67; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108506/; classtype:trojan-activity;sid:83971606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/unrootkit.dll"; depth:69; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108507/; classtype:trojan-activity;sid:83971607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108503)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/master/discord%20rat/resources/passwordstealer.dll"; depth:75; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108503/; classtype:trojan-activity;sid:83971603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openark/version.txt"; depth:20; endswith; nocase; http.host; content:"file.blackint3.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108502/; classtype:trojan-activity;sid:83971602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openark/openark64.exe"; depth:22; endswith; nocase; http.host; content:"file.blackint3.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108492/; classtype:trojan-activity;sid:83971592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3108491)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/openark/openark32.exe"; depth:22; endswith; nocase; http.host; content:"file.blackint3.com"; depth:18; isdataat:!1,relative; metadata:created_at 2024_08_15; reference:url, urlhaus.abuse.ch/url/3108491/; classtype:trojan-activity;sid:83971591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120646if_/http:/154.216.19.139/bins/mirai.armv4l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106560/; classtype:trojan-activity;sid:83969660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122936if_/http:/154.216.19.139/bins/mirai.gnueabihf"; depth:64; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106559/; classtype:trojan-activity;sid:83969659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120223if_/http:/154.216.19.139/bins/mirai.bin"; depth:58; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106558/; classtype:trojan-activity;sid:83969658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121041if_/http:/154.216.19.139/bins/mirai.armv6l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106556/; classtype:trojan-activity;sid:83969656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106557)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808123114if_/http:/154.216.19.139/bins/mirai.arc"; depth:58; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106557/; classtype:trojan-activity;sid:83969657; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122755if_/http:/154.216.19.139/bins/mirai.x86_64"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106551/; classtype:trojan-activity;sid:83969651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106552)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121121if_/http:/154.216.19.139/bins/mirai.armv7l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106552/; classtype:trojan-activity;sid:83969652; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120945if_/http:/154.216.19.139/bins/mirai.armv5l"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106553/; classtype:trojan-activity;sid:83969653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122159if_/http:/154.216.19.139/bins/mirai.powerpc"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106554/; classtype:trojan-activity;sid:83969654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3106555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121832if_/http:/154.216.19.139/bins/mirai.mipsel"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_14; reference:url, urlhaus.abuse.ch/url/3106555/; classtype:trojan-activity;sid:83969655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105147)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/test_move.bat"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105147/; classtype:trojan-activity;sid:83968247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105148)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/test_virus.bat"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105148/; classtype:trojan-activity;sid:83968248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/keylogger.exe"; depth:44; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105149/; classtype:trojan-activity;sid:83968249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/networks_profile.exe"; depth:51; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105150/; classtype:trojan-activity;sid:83968250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105145)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/backdoor.exe"; depth:32; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105145/; classtype:trojan-activity;sid:83968245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105146)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/fill_storage_move.bat"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105146/; classtype:trojan-activity;sid:83968246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3105144)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s3q/blackdoor/main/extensions/fill_storage_virus.bat"; depth:53; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_13; reference:url, urlhaus.abuse.ch/url/3105144/; classtype:trojan-activity;sid:83968244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"64.234.95.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103488/; classtype:trojan-activity;sid:83966588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3103476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"187.247.242.34"; depth:14; isdataat:!1,relative; metadata:created_at 2024_08_12; reference:url, urlhaus.abuse.ch/url/3103476/; classtype:trojan-activity;sid:83966576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3100042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/joelgmsec/invoke-stealth/main/resources/betterxencrypt/betterxencrypt.ps1"; depth:74; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3100042/; classtype:trojan-activity;sid:83963142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099961)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122448if_/http:/154.216.19.139/bins/mirai.sh4"; depth:58; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099961/; classtype:trojan-activity;sid:83963061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121230if_/http:/154.216.19.139/bins/mirai.i586"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099962/; classtype:trojan-activity;sid:83963062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122636if_/http:/154.216.19.139/bins/mirai.sparc"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099963/; classtype:trojan-activity;sid:83963063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099965)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121347if_/http:/154.216.19.139/bins/mirai.m68k"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099965/; classtype:trojan-activity;sid:83963065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121419if_/http:/154.216.19.139/bins/mirai.mips"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099966/; classtype:trojan-activity;sid:83963066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3099960)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121308if_/http:/154.216.19.139/bins/mirai.i686"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_10; reference:url, urlhaus.abuse.ch/url/3099960/; classtype:trojan-activity;sid:83963060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120223if_/http://154.216.19.139/bins/mirai.bin"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097244/; classtype:trojan-activity;sid:83960344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097239)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122755if_/http://154.216.19.139/bins/mirai.x86_64"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097239/; classtype:trojan-activity;sid:83960339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121041if_/http://154.216.19.139/bins/mirai.armv6l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097240/; classtype:trojan-activity;sid:83960340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097241)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121230if_/http://154.216.19.139/bins/mirai.i586"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097241/; classtype:trojan-activity;sid:83960341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122636if_/http://154.216.19.139/bins/mirai.sparc"; depth:61; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097242/; classtype:trojan-activity;sid:83960342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097243)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121308if_/http://154.216.19.139/bins/mirai.i686"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097243/; classtype:trojan-activity;sid:83960343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097229)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122159if_/http://154.216.19.139/bins/mirai.powerpc"; depth:63; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097229/; classtype:trojan-activity;sid:83960329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097230)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121347if_/http://154.216.19.139/bins/mirai.m68k"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097230/; classtype:trojan-activity;sid:83960330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121121if_/http://154.216.19.139/bins/mirai.armv7l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097231/; classtype:trojan-activity;sid:83960331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097232)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808123114if_/http://154.216.19.139/bins/mirai.arc"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097232/; classtype:trojan-activity;sid:83960332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122448if_/http://154.216.19.139/bins/mirai.sh4"; depth:59; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097233/; classtype:trojan-activity;sid:83960333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097234)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121832if_/http://154.216.19.139/bins/mirai.mipsel"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097234/; classtype:trojan-activity;sid:83960334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120945if_/http://154.216.19.139/bins/mirai.armv5l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097235/; classtype:trojan-activity;sid:83960335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808120646if_/http://154.216.19.139/bins/mirai.armv4l"; depth:62; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097236/; classtype:trojan-activity;sid:83960336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808122936if_/http://154.216.19.139/bins/mirai.gnueabihf"; depth:65; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097237/; classtype:trojan-activity;sid:83960337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3097238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/web/20240808121419if_/http://154.216.19.139/bins/mirai.mips"; depth:60; endswith; nocase; http.host; content:"web.archive.org"; depth:15; isdataat:!1,relative; metadata:created_at 2024_08_09; reference:url, urlhaus.abuse.ch/url/3097238/; classtype:trojan-activity;sid:83960338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3086390)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/%5bwin"; depth:35; endswith; nocase; http.host; content:"8.218.138.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_08_03; reference:url, urlhaus.abuse.ch/url/3086390/; classtype:trojan-activity;sid:83949490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/komasinfo/idcb/main/cbs_applcation_details_072602024_xlsx.rar"; depth:62; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072990/; classtype:trojan-activity;sid:83936090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/adrinnno/ptwis/raw/main/file_cbs_app_details_no-0923871691_xlsx.zip"; depth:68; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072974/; classtype:trojan-activity;sid:83936074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reporgu/fakado/raw/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; depth:72; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072975/; classtype:trojan-activity;sid:83936075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/komasinfo/idcb/raw/main/cbs_applcation_details_072602024_xlsx.rar"; depth:66; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072978/; classtype:trojan-activity;sid:83936078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072969)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/deannwas/policah/main/file_cbs_app_details_no-0923871691_xlsx.zip"; depth:66; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072969/; classtype:trojan-activity;sid:83936069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3072972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/reporgu/fakado/main/transaction_file_9812009_end_ids_yesbr5_pdf.rar"; depth:68; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_27; reference:url, urlhaus.abuse.ch/url/3072972/; classtype:trojan-activity;sid:83936072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058866)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cve-2023-36874.zip"; depth:19; endswith; nocase; http.host; content:"51.255.46.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058866/; classtype:trojan-activity;sid:83921966; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc64.exe"; depth:9; endswith; nocase; http.host; content:"51.255.46.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058862/; classtype:trojan-activity;sid:83921962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058863)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nc64.zip"; depth:9; endswith; nocase; http.host; content:"51.255.46.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058863/; classtype:trojan-activity;sid:83921963; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3058864)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/b64"; depth:4; endswith; nocase; http.host; content:"51.255.46.245"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_21; reference:url, urlhaus.abuse.ch/url/3058864/; classtype:trojan-activity;sid:83921964; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3052706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/info.zip"; depth:9; endswith; nocase; http.host; content:"220.248.47.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_19; reference:url, urlhaus.abuse.ch/url/3052706/; classtype:trojan-activity;sid:83915806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tan.jpg"; depth:8; endswith; nocase; http.host; content:"www999999safagqwhg-1327129302.cos.ap-chengdu.myqcloud.com"; depth:57; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949407/; classtype:trojan-activity;sid:83812507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rsqnkyvcaein5m-gskl8coyuh8w5xrbd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949385/; classtype:trojan-activity;sid:83812485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2949176)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tan.jpg"; depth:8; endswith; nocase; http.host; content:"www999999asgasg-1327129302.cos.ap-chengdu.myqcloud.com"; depth:54; isdataat:!1,relative; metadata:created_at 2024_07_11; reference:url, urlhaus.abuse.ch/url/2949176/; classtype:trojan-activity;sid:83812276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945593)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/sab/dithioic.csv"; depth:26; endswith; nocase; http.host; content:"new.quranushaiqer.org.sa"; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945593/; classtype:trojan-activity;sid:83808693; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2945560)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/sab/dithioic.csv"; depth:26; endswith; nocase; http.host; content:"new.quranushaiqer.org.sa"; depth:24; isdataat:!1,relative; metadata:created_at 2024_07_09; reference:url, urlhaus.abuse.ch/url/2945560/; classtype:trojan-activity;sid:83808660; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2944285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jijilovedada/jijilovedada/main/tools/cc/adaptorovernight.exe"; depth:61; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_07_08; reference:url, urlhaus.abuse.ch/url/2944285/; classtype:trojan-activity;sid:83807385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2942567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/supershell/compile/download/win"; depth:32; endswith; nocase; http.host; content:"8.218.138.77"; depth:12; isdataat:!1,relative; metadata:created_at 2024_07_07; reference:url, urlhaus.abuse.ch/url/2942567/; classtype:trojan-activity;sid:83805667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/000.exe"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934823/; classtype:trojan-activity;sid:83797923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934824)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/trojan.malpack.themida%20(anti%20vm).exe"; depth:102; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934824/; classtype:trojan-activity;sid:83797924; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934818)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/jigsaw.exe"; depth:76; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934818/; classtype:trojan-activity;sid:83797918; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/freeyoutubedownloader.exe"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934819/; classtype:trojan-activity;sid:83797919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934820)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/memz.exe"; depth:70; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934820/; classtype:trojan-activity;sid:83797920; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/noescape.exe"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934821/; classtype:trojan-activity;sid:83797921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/destover.exe"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934822/; classtype:trojan-activity;sid:83797922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/meredrop.exe"; depth:74; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934816/; classtype:trojan-activity;sid:83797916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/trojan/redlinestealer.exe"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934817/; classtype:trojan-activity;sid:83797917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934811)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/hive%20ransomware.exe"; depth:87; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934811/; classtype:trojan-activity;sid:83797911; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/wannacry.exe"; depth:78; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934812/; classtype:trojan-activity;sid:83797912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934813)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/nomoreransom.exe"; depth:82; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934813/; classtype:trojan-activity;sid:83797913; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/petya.a.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934808/; classtype:trojan-activity;sid:83797908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934809)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/cryptowall.exe"; depth:80; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934809/; classtype:trojan-activity;sid:83797909; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934810)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/infinitycrypt.exe"; depth:83; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934810/; classtype:trojan-activity;sid:83797910; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2934805)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/trasherwithadollarsign/trashers-malware-repo/raw/main/ransomware/coronavirus.exe"; depth:81; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_07_05; reference:url, urlhaus.abuse.ch/url/2934805/; classtype:trojan-activity;sid:83797905; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2932460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/445.jpg"; depth:8; endswith; nocase; http.host; content:"down.ftp21.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_07_04; reference:url, urlhaus.abuse.ch/url/2932460/; classtype:trojan-activity;sid:83795560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2914055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tq.jpg"; depth:7; endswith; nocase; http.host; content:"down.ftp21.cc"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_30; reference:url, urlhaus.abuse.ch/url/2914055/; classtype:trojan-activity;sid:83777155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911219)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"94.226.135.252"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911219/; classtype:trojan-activity;sid:83774319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"116.58.62.74"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911217/; classtype:trojan-activity;sid:83774317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"122.179.136.112"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911215/; classtype:trojan-activity;sid:83774315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"130.185.193.208"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911212/; classtype:trojan-activity;sid:83774312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911196)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"78-20-115-5.access.telenet.be"; depth:29; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911196/; classtype:trojan-activity;sid:83774296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"195.103.203.106"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911194/; classtype:trojan-activity;sid:83774294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911190)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"78.20.115.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911190/; classtype:trojan-activity;sid:83774290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911191)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"88.28.218.163"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911191/; classtype:trojan-activity;sid:83774291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"102.53.15.18"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911187/; classtype:trojan-activity;sid:83774287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911184)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"126.23.203.236"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911184/; classtype:trojan-activity;sid:83774284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"85.22.139.189"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911166/; classtype:trojan-activity;sid:83774266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911154)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"95.255.114.11"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911154/; classtype:trojan-activity;sid:83774254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911133)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"102.53.15.17"; depth:12; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911133/; classtype:trojan-activity;sid:83774233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911113)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"softbank126023203236.bbtec.net"; depth:30; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911113/; classtype:trojan-activity;sid:83774213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"host-195-103-203-106.business.telecomitalia.it"; depth:46; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911108/; classtype:trojan-activity;sid:83774208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2911105)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photo.scr"; depth:10; endswith; nocase; http.host; content:"host-95-255-114-11.business.telecomitalia.it"; depth:44; isdataat:!1,relative; metadata:created_at 2024_06_28; reference:url, urlhaus.abuse.ch/url/2911105/; classtype:trojan-activity;sid:83774205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909310)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"45.118.79.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909310/; classtype:trojan-activity;sid:83772410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"89.184.185.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909291/; classtype:trojan-activity;sid:83772391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2909290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"185.224.107.4"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2909290/; classtype:trojan-activity;sid:83772390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908900)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"190.108.63.242"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908900/; classtype:trojan-activity;sid:83772000; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908902)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"202.57.39.2"; depth:11; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908902/; classtype:trojan-activity;sid:83772002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2908903)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tftp"; depth:5; endswith; nocase; http.host; content:"14.142.209.198"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_27; reference:url, urlhaus.abuse.ch/url/2908903/; classtype:trojan-activity;sid:83772003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2901197)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zwzonepieces/posapsi/master/chatlife.exe"; depth:41; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_22; reference:url, urlhaus.abuse.ch/url/2901197/; classtype:trojan-activity;sid:83764297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2894025)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kailash-jakhar/webpack-v5-tutorial/main/quizpokemon.exe"; depth:56; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_17; reference:url, urlhaus.abuse.ch/url/2894025/; classtype:trojan-activity;sid:83757125; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"118.178.133.241"; depth:15; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888463/; classtype:trojan-activity;sid:83751563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"124.67.254.109"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888444/; classtype:trojan-activity;sid:83751544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2888430)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/help.scr"; depth:9; endswith; nocase; http.host; content:"117.157.17.194"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_14; reference:url, urlhaus.abuse.ch/url/2888430/; classtype:trojan-activity;sid:83751530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2885860)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/brunovale03/adegaads/main/offeredbuilt.exe"; depth:43; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_13; reference:url, urlhaus.abuse.ch/url/2885860/; classtype:trojan-activity;sid:83748960; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2883708)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sirvivor32/sirvivor/main/lukejazz.exe"; depth:38; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_06_11; reference:url, urlhaus.abuse.ch/url/2883708/; classtype:trojan-activity;sid:83746808; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2881768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cg100/update.exe"; depth:17; endswith; nocase; http.host; content:"update.cg100iii.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_06_10; reference:url, urlhaus.abuse.ch/url/2881768/; classtype:trojan-activity;sid:83744868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unp%20setup.exe"; depth:16; endswith; nocase; http.host; content:"36.138.125.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879955/; classtype:trojan-activity;sid:83743055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2879655)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sharphound.exe"; depth:15; endswith; nocase; http.host; content:"92.127.156.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_06_08; reference:url, urlhaus.abuse.ch/url/2879655/; classtype:trojan-activity;sid:83742755; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2877890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ustaxes/ustaxes/files/15421286/2022and2023taxdocuments.zip"; depth:59; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_07; reference:url, urlhaus.abuse.ch/url/2877890/; classtype:trojan-activity;sid:83740990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=19nonxskhmwbvfxpr2ccmwd9xrhz1ldco"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874107/; classtype:trojan-activity;sid:83737207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2874109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1p_knmkidu8kiejeem_ijrlumbjih3bkv"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_06_04; reference:url, urlhaus.abuse.ch/url/2874109/; classtype:trojan-activity;sid:83737209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/htwvlcdsfcrahhchdd97.bin"; depth:25; endswith; nocase; http.host; content:"ramirex.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2872168/; classtype:trojan-activity;sid:83735268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2872167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rutschebanes.qxd"; depth:17; endswith; nocase; http.host; content:"ramirex.ro"; depth:10; isdataat:!1,relative; metadata:created_at 2024_06_02; reference:url, urlhaus.abuse.ch/url/2872167/; classtype:trojan-activity;sid:83735267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2870235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wsqkirdngjlt8uu2lv9mzciks4my12jh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2870235/; classtype:trojan-activity;sid:83733335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkapis.dll"; depth:15; endswith; nocase; http.host; content:"119.91.25.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869849/; classtype:trojan-activity;sid:83732949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wxworkmultiopen.exe"; depth:20; endswith; nocase; http.host; content:"119.91.25.19"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869844/; classtype:trojan-activity;sid:83732944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2869702)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sheksweet/sheksweet1/main/rambledmime.exe"; depth:42; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_31; reference:url, urlhaus.abuse.ch/url/2869702/; classtype:trojan-activity;sid:83732802; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2868723)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a.i_1003h.exe"; depth:14; endswith; nocase; http.host; content:"221.143.49.222"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_30; reference:url, urlhaus.abuse.ch/url/2868723/; classtype:trojan-activity;sid:83731823; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867270)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed45sh/flutter-movie/master/crypted_c360a5b7.exe"; depth:52; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867270/; classtype:trojan-activity;sid:83730370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2867236)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ahmed45sh/apple-replica-starter-files/master/apple-replica/zintask.exe"; depth:71; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_28; reference:url, urlhaus.abuse.ch/url/2867236/; classtype:trojan-activity;sid:83730336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.108.58.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863341/; classtype:trojan-activity;sid:83726441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863345)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863345/; classtype:trojan-activity;sid:83726445; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863346)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.43.19.103"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863346/; classtype:trojan-activity;sid:83726446; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863330)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.108.58.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863330/; classtype:trojan-activity;sid:83726430; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.77.57.16"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863333/; classtype:trojan-activity;sid:83726433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2863334)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.49.168.84"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_25; reference:url, urlhaus.abuse.ch/url/2863334/; classtype:trojan-activity;sid:83726434; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/8gikly"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862050/; classtype:trojan-activity;sid:83725150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862051)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/medjl1"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862051/; classtype:trojan-activity;sid:83725151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862052)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/dy1f16"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862052/; classtype:trojan-activity;sid:83725152; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862053)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/kx3wl4"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862053/; classtype:trojan-activity;sid:83725153; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/ppxodm"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862054/; classtype:trojan-activity;sid:83725154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862055)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/e7opy8"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862055/; classtype:trojan-activity;sid:83725155; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/7dhid7"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862056/; classtype:trojan-activity;sid:83725156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/tbfvpd"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862049/; classtype:trojan-activity;sid:83725149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862047)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/g2js91"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862047/; classtype:trojan-activity;sid:83725147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/lt00vw"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862044/; classtype:trojan-activity;sid:83725144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/i7tdbr"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862045/; classtype:trojan-activity;sid:83725145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/3a9xj1"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862043/; classtype:trojan-activity;sid:83725143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862042)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/wyg3h5"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862042/; classtype:trojan-activity;sid:83725142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862020)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.216.105.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862020/; classtype:trojan-activity;sid:83725120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862017)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862017/; classtype:trojan-activity;sid:83725117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862004)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862004/; classtype:trojan-activity;sid:83725104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862007/; classtype:trojan-activity;sid:83725107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862009/; classtype:trojan-activity;sid:83725109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"166.144.131.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862010/; classtype:trojan-activity;sid:83725110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2862014)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2862014/; classtype:trojan-activity;sid:83725114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861987/; classtype:trojan-activity;sid:83725087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.208.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861979/; classtype:trojan-activity;sid:83725079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861982)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861982/; classtype:trojan-activity;sid:83725082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"132.255.192.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861971/; classtype:trojan-activity;sid:83725071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861974/; classtype:trojan-activity;sid:83725074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861957)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.183.208.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861957/; classtype:trojan-activity;sid:83725057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861958)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861958/; classtype:trojan-activity;sid:83725058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861959)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861959/; classtype:trojan-activity;sid:83725059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861950)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"95.47.248.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861950/; classtype:trojan-activity;sid:83725050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861948/; classtype:trojan-activity;sid:83725048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861919)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861919/; classtype:trojan-activity;sid:83725019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861923)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861923/; classtype:trojan-activity;sid:83725023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861927)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.82.83.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861927/; classtype:trojan-activity;sid:83725027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861929)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"95.230.215.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861929/; classtype:trojan-activity;sid:83725029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861930)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"141.134.214.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861930/; classtype:trojan-activity;sid:83725030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861931/; classtype:trojan-activity;sid:83725031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861935/; classtype:trojan-activity;sid:83725035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861939)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861939/; classtype:trojan-activity;sid:83725039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861940)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861940/; classtype:trojan-activity;sid:83725040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861941/; classtype:trojan-activity;sid:83725041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861943)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861943/; classtype:trojan-activity;sid:83725043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861945/; classtype:trojan-activity;sid:83725045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/dvbcvt"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861888/; classtype:trojan-activity;sid:83724988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861887)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pro/dl/exw2o1"; depth:14; endswith; nocase; http.host; content:"www.sendspace.com"; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861887/; classtype:trojan-activity;sid:83724987; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861843/; classtype:trojan-activity;sid:83724943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861852)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.176.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861852/; classtype:trojan-activity;sid:83724952; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861838/; classtype:trojan-activity;sid:83724938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"202.3.248.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861834/; classtype:trojan-activity;sid:83724934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861831)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.176.204.240"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861831/; classtype:trojan-activity;sid:83724931; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861828)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"141.134.214.217"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861828/; classtype:trojan-activity;sid:83724928; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861826/; classtype:trojan-activity;sid:83724926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861827)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"68.107.218.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861827/; classtype:trojan-activity;sid:83724927; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861822/; classtype:trojan-activity;sid:83724922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861819/; classtype:trojan-activity;sid:83724919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861814)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861814/; classtype:trojan-activity;sid:83724914; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861808/; classtype:trojan-activity;sid:83724908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861802/; classtype:trojan-activity;sid:83724902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861800/; classtype:trojan-activity;sid:83724900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"132.255.192.122"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861798/; classtype:trojan-activity;sid:83724898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861794/; classtype:trojan-activity;sid:83724894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.183.208.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861791/; classtype:trojan-activity;sid:83724891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861790)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861790/; classtype:trojan-activity;sid:83724890; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861789)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.231.190.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861789/; classtype:trojan-activity;sid:83724889; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861781/; classtype:trojan-activity;sid:83724881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861777/; classtype:trojan-activity;sid:83724877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861770/; classtype:trojan-activity;sid:83724870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861773)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861773/; classtype:trojan-activity;sid:83724873; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"218.108.181.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861758/; classtype:trojan-activity;sid:83724858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861755/; classtype:trojan-activity;sid:83724855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861750)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861750/; classtype:trojan-activity;sid:83724850; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861749/; classtype:trojan-activity;sid:83724849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861743)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"123.143.141.75"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861743/; classtype:trojan-activity;sid:83724843; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861735)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861735/; classtype:trojan-activity;sid:83724835; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"31.0.241.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861737/; classtype:trojan-activity;sid:83724837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"81.42.247.62"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861740/; classtype:trojan-activity;sid:83724840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861729)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861729/; classtype:trojan-activity;sid:83724829; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861731)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"166.144.131.188"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861731/; classtype:trojan-activity;sid:83724831; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861733/; classtype:trojan-activity;sid:83724833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861721)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861721/; classtype:trojan-activity;sid:83724821; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861725/; classtype:trojan-activity;sid:83724825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"87.251.249.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861719/; classtype:trojan-activity;sid:83724819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861710)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"80.14.38.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861710/; classtype:trojan-activity;sid:83724810; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861707)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"209.162.229.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861707/; classtype:trojan-activity;sid:83724807; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861695)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"102.216.105.81"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861695/; classtype:trojan-activity;sid:83724795; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861692/; classtype:trojan-activity;sid:83724792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"202.3.248.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861693/; classtype:trojan-activity;sid:83724793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861680)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861680/; classtype:trojan-activity;sid:83724780; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861675)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"80.24.87.77"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861675/; classtype:trojan-activity;sid:83724775; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861670)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861670/; classtype:trojan-activity;sid:83724770; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861667)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861667/; classtype:trojan-activity;sid:83724767; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"31.173.70.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861657/; classtype:trojan-activity;sid:83724757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861659/; classtype:trojan-activity;sid:83724759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861643)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861643/; classtype:trojan-activity;sid:83724743; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861640)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861640/; classtype:trojan-activity;sid:83724740; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"77.237.29.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861633/; classtype:trojan-activity;sid:83724733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861636)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"95.47.248.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861636/; classtype:trojan-activity;sid:83724736; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861616/; classtype:trojan-activity;sid:83724716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"82.148.194.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861595/; classtype:trojan-activity;sid:83724695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"69.75.168.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861597/; classtype:trojan-activity;sid:83724697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861600)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"223.82.83.143"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861600/; classtype:trojan-activity;sid:83724700; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"178.183.208.134"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861610/; classtype:trojan-activity;sid:83724710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861592/; classtype:trojan-activity;sid:83724692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861582/; classtype:trojan-activity;sid:83724682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861568/; classtype:trojan-activity;sid:83724668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"113.160.251.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861569/; classtype:trojan-activity;sid:83724669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861573/; classtype:trojan-activity;sid:83724673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861559)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"68.226.36.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861559/; classtype:trojan-activity;sid:83724659; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"95.230.215.65"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861553/; classtype:trojan-activity;sid:83724653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861555)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"88.123.92.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861555/; classtype:trojan-activity;sid:83724655; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861549/; classtype:trojan-activity;sid:83724649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861547)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//sshd"; depth:6; endswith; nocase; http.host; content:"76.53.38.126"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861547/; classtype:trojan-activity;sid:83724647; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2861543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.231.190.163"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_24; reference:url, urlhaus.abuse.ch/url/2861543/; classtype:trojan-activity;sid:83724643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/a0tnubtz.so"; depth:12; endswith; nocase; http.host; content:"94.16.119.223"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859756/; classtype:trojan-activity;sid:83722856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"92.66.30.68"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859511/; classtype:trojan-activity;sid:83722611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"82.148.194.54"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_22; reference:url, urlhaus.abuse.ch/url/2859508/; classtype:trojan-activity;sid:83722608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2859027)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ustaxes/ustaxes/files/15378217/all.2023.tax.documents.zip"; depth:58; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_21; reference:url, urlhaus.abuse.ch/url/2859027/; classtype:trojan-activity;sid:83722127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857892)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.3.248.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857892/; classtype:trojan-activity;sid:83720992; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857875)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857875/; classtype:trojan-activity;sid:83720975; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857859)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857859/; classtype:trojan-activity;sid:83720959; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857851)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"144.6.87.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857851/; classtype:trojan-activity;sid:83720951; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857849)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857849/; classtype:trojan-activity;sid:83720949; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"185.2.229.122"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857844/; classtype:trojan-activity;sid:83720944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857837)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857837/; classtype:trojan-activity;sid:83720937; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"149.62.200.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857838/; classtype:trojan-activity;sid:83720938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857834/; classtype:trojan-activity;sid:83720934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857822)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.176.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857822/; classtype:trojan-activity;sid:83720922; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.3.248.179"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857807/; classtype:trojan-activity;sid:83720907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"68.107.218.106"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857794/; classtype:trojan-activity;sid:83720894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"68.226.36.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857788/; classtype:trojan-activity;sid:83720888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857785/; classtype:trojan-activity;sid:83720885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"69.75.168.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857772/; classtype:trojan-activity;sid:83720872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"88.123.92.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857754/; classtype:trojan-activity;sid:83720854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857747/; classtype:trojan-activity;sid:83720847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857749)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857749/; classtype:trojan-activity;sid:83720849; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857730/; classtype:trojan-activity;sid:83720830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857692)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.173.70.100"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857692/; classtype:trojan-activity;sid:83720792; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857687)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"113.160.251.236"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857687/; classtype:trojan-activity;sid:83720787; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857672/; classtype:trojan-activity;sid:83720772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857666)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857666/; classtype:trojan-activity;sid:83720766; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"87.251.249.41"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857660/; classtype:trojan-activity;sid:83720760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"144.6.87.144"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857653/; classtype:trojan-activity;sid:83720753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857651/; classtype:trojan-activity;sid:83720751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857642/; classtype:trojan-activity;sid:83720742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.0.241.65"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857634/; classtype:trojan-activity;sid:83720734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857630/; classtype:trojan-activity;sid:83720730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857624)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"118.69.157.212"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857624/; classtype:trojan-activity;sid:83720724; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857620/; classtype:trojan-activity;sid:83720720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"178.176.204.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857610/; classtype:trojan-activity;sid:83720710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857601)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"212.93.103.10"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857601/; classtype:trojan-activity;sid:83720701; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"112.4.110.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857602/; classtype:trojan-activity;sid:83720702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857587)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"24.234.159.5"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857587/; classtype:trojan-activity;sid:83720687; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.108.58.13"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857584/; classtype:trojan-activity;sid:83720684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857580)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857580/; classtype:trojan-activity;sid:83720680; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857582)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857582/; classtype:trojan-activity;sid:83720682; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"80.14.38.66"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857573/; classtype:trojan-activity;sid:83720673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"77.237.29.219"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857570/; classtype:trojan-activity;sid:83720670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857553)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"46.250.54.75"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857553/; classtype:trojan-activity;sid:83720653; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"202.139.20.12"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857535/; classtype:trojan-activity;sid:83720635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857527)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857527/; classtype:trojan-activity;sid:83720627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"164.126.129.225"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857521/; classtype:trojan-activity;sid:83720621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857524/; classtype:trojan-activity;sid:83720624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"209.162.229.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857525/; classtype:trojan-activity;sid:83720625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857502)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"223.108.58.15"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857502/; classtype:trojan-activity;sid:83720602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857496)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"112.4.110.42"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857496/; classtype:trojan-activity;sid:83720596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857483/; classtype:trojan-activity;sid:83720583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857484/; classtype:trojan-activity;sid:83720584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"91.164.39.142"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857486/; classtype:trojan-activity;sid:83720586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857468)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"31.222.113.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857468/; classtype:trojan-activity;sid:83720568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"102.68.74.45"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857465/; classtype:trojan-activity;sid:83720565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"165.73.108.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857463/; classtype:trojan-activity;sid:83720563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"174.71.237.86"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857447/; classtype:trojan-activity;sid:83720547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2857448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sshd"; depth:5; endswith; nocase; http.host; content:"68.226.36.150"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_20; reference:url, urlhaus.abuse.ch/url/2857448/; classtype:trojan-activity;sid:83720548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2852772)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.30.12.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_17; reference:url, urlhaus.abuse.ch/url/2852772/; classtype:trojan-activity;sid:83715872; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2846768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets/css/setup.msi"; depth:21; endswith; nocase; http.host; content:"zenglobalenerji.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_11; reference:url, urlhaus.abuse.ch/url/2846768/; classtype:trojan-activity;sid:83709868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2845681)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/app/filesrc/android/apk/2023/zonghengxsandroid_7.5.6.63_zh-zhh5.apk"; depth:68; endswith; nocase; http.host; content:"static.zongheng.com"; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_10; reference:url, urlhaus.abuse.ch/url/2845681/; classtype:trojan-activity;sid:83708781; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842725)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"89.231.14.137"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842725/; classtype:trojan-activity;sid:83705825; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"88.116.62.226"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842722/; classtype:trojan-activity;sid:83705822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"162.194.8.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_08; reference:url, urlhaus.abuse.ch/url/2842663/; classtype:trojan-activity;sid:83705763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.245.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842036/; classtype:trojan-activity;sid:83705136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842030)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"172.85.143.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842030/; classtype:trojan-activity;sid:83705130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.145.205.178"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842010/; classtype:trojan-activity;sid:83705110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.151.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842015/; classtype:trojan-activity;sid:83705115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2842007)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.107.232.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2842007/; classtype:trojan-activity;sid:83705107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841995)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841995/; classtype:trojan-activity;sid:83705095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841987)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.87.223.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841987/; classtype:trojan-activity;sid:83705087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841973)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"110.93.196.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841973/; classtype:trojan-activity;sid:83705073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"151.236.247.230"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841974/; classtype:trojan-activity;sid:83705074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.249.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841976/; classtype:trojan-activity;sid:83705076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841945)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.189.254.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841945/; classtype:trojan-activity;sid:83705045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841941)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"182.253.115.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841941/; classtype:trojan-activity;sid:83705041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841807)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cryptography_module_windows.exe"; depth:32; endswith; nocase; http.host; content:"122.170.110.131"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841807/; classtype:trojan-activity;sid:83704907; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841714)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.148.5.34"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841714/; classtype:trojan-activity;sid:83704814; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841712)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.115.156"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841712/; classtype:trojan-activity;sid:83704812; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.87.223.241"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841705/; classtype:trojan-activity;sid:83704805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"110.93.196.173"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841660/; classtype:trojan-activity;sid:83704760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841631)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"182.253.115.155"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841631/; classtype:trojan-activity;sid:83704731; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841621)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.151.7"; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841621/; classtype:trojan-activity;sid:83704721; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.189.254.54"; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841617/; classtype:trojan-activity;sid:83704717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841613)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.245.220.229"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841613/; classtype:trojan-activity;sid:83704713; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"172.85.143.74"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841586/; classtype:trojan-activity;sid:83704686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841576)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.249.96"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841576/; classtype:trojan-activity;sid:83704676; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2841573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.107.232.167"; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_07; reference:url, urlhaus.abuse.ch/url/2841573/; classtype:trojan-activity;sid:83704673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.249.146"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cron"; depth:5; endswith; nocase; http.host; content:"45.76.122.186"; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.67"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.68"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.70"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/curl"; depth:5; endswith; nocase; http.host; content:"66.71.242.69"; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; depth:45; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/delta-io/delta/files/15016110/delta.zip"; depth:40; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; depth:69; endswith; nocase; http.host; content:"www.websitedesigningindia.biz"; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; depth:69; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; depth:77; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822888)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.69.219.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822888/; classtype:trojan-activity;sid:83685988; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.141.135.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.128.195.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822830)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"167.250.193.253"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822830/; classtype:trojan-activity;sid:83685930; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"201.184.231.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822732)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"179.51.168.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822732/; classtype:trojan-activity;sid:83685832; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"196.41.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"98.103.171.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"186.154.93.81"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.245.131.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822605/; classtype:trojan-activity;sid:83685705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"203.109.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.89.199.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.53.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"95.170.119.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.66.105.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"85.187.82.120"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"212.200.106.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822471)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.2.237.104"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822471/; classtype:trojan-activity;sid:83685571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"149.255.10.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822410/; classtype:trojan-activity;sid:83685510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"193.106.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.252.69.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822396)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822396/; classtype:trojan-activity;sid:83685496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"82.114.200.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.29.14.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.193.62.225"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"79.175.42.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.73.49.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"202.131.244.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.64.210.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.90.207.234"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"114.7.160.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.244.169.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"211.186.82.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"195.34.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822151)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"217.218.235.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822151/; classtype:trojan-activity;sid:83685251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"81.16.247.81"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"78.26.180.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822070/; classtype:trojan-activity;sid:83685170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822064)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822064/; classtype:trojan-activity;sid:83685164; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822050)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"103.164.18.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822050/; classtype:trojan-activity;sid:83685150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.48.119.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"91.204.154.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"120.50.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821841)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.69.219.25"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821841/; classtype:trojan-activity;sid:83684941; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.242.236"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"196.41.63.178"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"197.159.1.58"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.185.119.13"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"188.72.6.218"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.129.202.197"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.151.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.188.30.171"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821718)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"149.255.10.46"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821718/; classtype:trojan-activity;sid:83684818; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.5.50.108"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"193.106.58.174"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"211.186.82.229"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"201.184.231.250"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.200.106.94"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.78.201.3"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"203.109.201.77"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.193.59.78"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"200.61.163.235"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"194.208.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"150.129.202.193"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"165.90.16.5"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821605/; classtype:trojan-activity;sid:83684705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.66.105.122"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.38.24.186"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.71.250.6"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.114.191.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.252.69.92"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"92.241.77.214"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.73.49.254"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"41.215.23.222"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"138.122.43.76"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"76.76.195.174"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.237.25.210"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818816/; classtype:trojan-activity;sid:83681916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"58.145.168.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.26.180.129"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818781/; classtype:trojan-activity;sid:83681881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"82.114.200.50"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"185.133.214.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814101)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"212.73.75.84"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814101/; classtype:trojan-activity;sid:83677201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.128.195.138"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"195.34.91.22"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.245.118"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"78.29.14.127"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.141.135.138"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"118.179.121.235"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.204.154.197"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813072)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.187.151.107"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813072/; classtype:trojan-activity;sid:83676172; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.109.138"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.108.84.121"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.92.68.241"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.244.169.56"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809162/; classtype:trojan-activity;sid:83672262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.42.201.36"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.53.164.214"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.88.180.115"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"120.50.10.30"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.170.251.9"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.57.33.51"; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.64.210.218"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808944)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"114.7.160.114"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808944/; classtype:trojan-activity;sid:83672044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808928)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.116.28"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808928/; classtype:trojan-activity;sid:83672028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808886)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.101.83"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808886/; classtype:trojan-activity;sid:83671986; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"181.48.119.70"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"190.12.99.194"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.245.10.51"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"178.165.79.24"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"79.175.42.206"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"179.51.168.26"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808741/; classtype:trojan-activity;sid:83671841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"202.131.244.202"; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"213.6.74.138"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"91.92.82.180"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"2.180.9.57"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"103.164.18.170"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808508/; classtype:trojan-activity;sid:83671608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"109.92.143.90"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"77.89.199.242"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"95.170.119.100"; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.249.54.246"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808385)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"43.245.131.27"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808385/; classtype:trojan-activity;sid:83671485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808300)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.x86"; depth:9; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808300/; classtype:trojan-activity;sid:83671400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.sh4"; depth:9; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808280/; classtype:trojan-activity;sid:83671380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808267)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.i686"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808267/; classtype:trojan-activity;sid:83671367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/o"; depth:2; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm4"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808249/; classtype:trojan-activity;sid:83671349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808227)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bin.sh"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808227/; classtype:trojan-activity;sid:83671327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808215)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm6"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808215/; classtype:trojan-activity;sid:83671315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808217)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aqua.arm5"; depth:10; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808217/; classtype:trojan-activity;sid:83671317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"43.224.0.5"; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808167)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.m"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808167/; classtype:trojan-activity;sid:83671267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808168)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mozi.a"; depth:7; endswith; nocase; http.host; content:"81.16.123.55"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808168/; classtype:trojan-activity;sid:83671268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ping"; depth:5; endswith; nocase; http.host; content:"2.57.122.121"; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798325)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/armv7l"; depth:7; endswith; nocase; http.host; content:"75.119.134.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798325/; classtype:trojan-activity;sid:83661425; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798324)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i386"; depth:5; endswith; nocase; http.host; content:"75.119.134.80"; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798324/; classtype:trojan-activity;sid:83661424; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795045)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"metrics.gocloudmaps.com"; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795045/; classtype:trojan-activity;sid:83658145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.index/scan.tar"; depth:16; endswith; nocase; http.host; content:"58.216.207.82"; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789249)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1aygcpsnow8esde5bkkuaj0bygkowvttd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789249/; classtype:trojan-activity;sid:83652349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; depth:57; endswith; nocase; http.host; content:"60.22.23.50"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787399)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1stvkjdfiwxw79oezmc62wzmjjaeftyze"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787399/; classtype:trojan-activity;sid:83650499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bash"; depth:5; endswith; nocase; http.host; content:"65.49.44.84"; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; depth:47; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; depth:45; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; depth:79; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; depth:50; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/licensing/updates/tinder%20bot.exe"; depth:35; endswith; nocase; http.host; content:"www.blackhattoolz.com"; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/driveapplet.exe"; depth:16; endswith; nocase; http.host; content:"noithaticon.vn"; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/17c4755d1d45ed1bb454/8703634058188758823"; depth:41; endswith; nocase; http.host; content:"f24-zfcloud.zdn.vn"; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780273)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ge6chcvywbep4kgx_odpxtvfi3vj-zwy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780273/; classtype:trojan-activity;sid:83643373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"//pcs/click|3f|adurl=//bamautzky.de/red.php"; depth:43; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776130/; classtype:trojan-activity;sid:83639230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/x.rar"; depth:11; endswith; nocase; http.host; content:"106.254.250.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/docs/met111.sh"; depth:15; endswith; nocase; http.host; content:"106.254.250.98"; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i"; depth:2; endswith; nocase; http.host; content:"162.194.8.169"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769199/; classtype:trojan-activity;sid:83632299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/calendar/down/jeditor/jeditor.exe"; depth:34; endswith; nocase; http.host; content:"www.ojang.pe.kr"; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2024/e_r1.bmp"; depth:33; endswith; nocase; http.host; content:"catbaparadisehotel.com.vn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765626)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hitmanpro.zip"; depth:14; endswith; nocase; http.host; content:"hitman-pro.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765626/; classtype:trojan-activity;sid:83628726; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765602)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f||7c|26|7c|adurl=https://patricstoremegans2.com/"; depth:61; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765602/; classtype:trojan-activity;sid:83628702; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2024/e_default.bmp"; depth:38; endswith; nocase; http.host; content:"catbaparadisehotel.com.vn"; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86_64"; depth:17; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.i686"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.mips"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.arm"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.spc"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2761815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/dt9.txt"; depth:8; endswith; nocase; http.host; content:"delp-heizungsbau.de"; depth:19; isdataat:!1,relative; metadata:created_at 2024_02_15; reference:url, urlhaus.abuse.ch/url/2761815/; classtype:trojan-activity;sid:83624915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.i686"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.spc"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.mips"; depth:15; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.arm"; depth:14; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cn/sysnew.x86_64"; depth:17; endswith; nocase; http.host; content:"best.obs.cn-sz1.ctyun.cn"; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753677)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//projetodegente.com"; depth:40; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_30; reference:url, urlhaus.abuse.ch/url/2753677/; classtype:trojan-activity;sid:83616777; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751573)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//higreens.co.in"; depth:36; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751573/; classtype:trojan-activity;sid:83614673; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//kavyasourcing.com/"; depth:40; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_25; reference:url, urlhaus.abuse.ch/url/2751543/; classtype:trojan-activity;sid:83614643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751237)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://cliffg.me"; depth:37; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751237/; classtype:trojan-activity;sid:83614337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/"; depth:1; endswith; nocase; http.host; content:"streammobs.com"; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751172/; classtype:trojan-activity;sid:83614272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751171)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://streammobs.com/"; depth:43; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751171/; classtype:trojan-activity;sid:83614271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749355)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://redeamazoniaazul.org/"; depth:49; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749355/; classtype:trojan-activity;sid:83612455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//www.jd-forever.com/"; depth:41; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749356/; classtype:trojan-activity;sid:83612456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749357)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//old.umcl.us/"; depth:34; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749357/; classtype:trojan-activity;sid:83612457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749182)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://wegrowcoaching.com/"; depth:47; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749182/; classtype:trojan-activity;sid:83612282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://dongyu.us/"; depth:38; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_17; reference:url, urlhaus.abuse.ch/url/2749177/; classtype:trojan-activity;sid:83612277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lrviuk1wka4di3qh7ach-b7m1ics2hbp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749054/; classtype:trojan-activity;sid:83612154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; depth:38; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gv5qahzp_toxgct3ezfvvy4q3a5vvh6s"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748349/; classtype:trojan-activity;sid:83611449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//vaibhavtripathi.in"; depth:40; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747896/; classtype:trojan-activity;sid:83610996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//procuratio.nu/"; depth:36; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747890/; classtype:trojan-activity;sid:83610990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747826)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1u-vaalebjnomuhbyimsdjqctjqfyiwna"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747826/; classtype:trojan-activity;sid:83610926; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742817)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://synergyconsulting.us"; depth:48; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742817/; classtype:trojan-activity;sid:83605917; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742524)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//www.deltabehavioralhealth.org/"; depth:52; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742524/; classtype:trojan-activity;sid:83605624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; depth:50; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/404"; depth:4; endswith; nocase; http.host; content:"31.184.194.114"; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733212)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=//churchinmanila.org/"; depth:41; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_20; reference:url, urlhaus.abuse.ch/url/2733212/; classtype:trojan-activity;sid:83596312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; depth:73; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://posicionamientonatural.es/"; depth:54; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729736/; classtype:trojan-activity;sid:83592836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729405)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pcs/click|3f|adurl=https://namaacont.com/"; depth:42; endswith; nocase; http.host; content:"adclick.g.doubleclick.net"; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729405/; classtype:trojan-activity;sid:83592505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727395)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frankcastle2/0/main/0j"; depth:23; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_03; reference:url, urlhaus.abuse.ch/url/2727395/; classtype:trojan-activity;sid:83590495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726917)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1heka7sgmbcessdhxtvmfwxownz7sipbb"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726917/; classtype:trojan-activity;sid:83590017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726774)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1cz1lqyxis4wvr7nlc71ukekxyhj5xu-l"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726774/; classtype:trojan-activity;sid:83589874; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; depth:56; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/image.png"; depth:10; endswith; nocase; http.host; content:"ircftp.net"; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722703/; classtype:trojan-activity;sid:83585803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1-5tfbyc52tepabxjdszg1dcqgaizf0m6"; depth:98; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715548/; classtype:trojan-activity;sid:83578648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713056)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rter/"; depth:6; endswith; nocase; http.host; content:"tanscarattorneys.co.tz"; depth:22; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713056/; classtype:trojan-activity;sid:83576156; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/readme.txt"; depth:11; endswith; nocase; http.host; content:"svirtual.sanviatorperu.edu.pe"; depth:29; isdataat:!1,relative; metadata:created_at 2023_09_01; reference:url, urlhaus.abuse.ch/url/2708874/; classtype:trojan-activity;sid:83571974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2702776)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/scler.ttf"; depth:19; endswith; nocase; http.host; content:"scainseto.com.br"; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_08; reference:url, urlhaus.abuse.ch/url/2702776/; classtype:trojan-activity;sid:83565876; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2694556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2/plain-sunset-8e5d78/original/js.jpeg"; depth:40; endswith; nocase; http.host; content:"cdn.pixelbin.io"; depth:15; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2694556/; classtype:trojan-activity;sid:83557656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/housenetshare.exe"; depth:18; endswith; nocase; http.host; content:"stdown.dinju.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692699)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/v2/long-glade-33dc08/original/rump_img.jpeg"; depth:44; endswith; nocase; http.host; content:"cdn.pixelbin.io"; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_30; reference:url, urlhaus.abuse.ch/url/2692699/; classtype:trojan-activity;sid:83555799; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2689990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"176.102.192.245"; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_26; reference:url, urlhaus.abuse.ch/url/2689990/; classtype:trojan-activity;sid:83553090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"124.194.46.204"; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"59.7.131.145"; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682035/; classtype:trojan-activity;sid:83545135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; depth:193; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"194.208.56.60"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615307)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.129.177.162"; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615307/; classtype:trojan-activity;sid:83478407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"181.49.47.190"; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; depth:51; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573741)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rid/rid.js"; depth:11; endswith; nocase; http.host; content:"jawaratekno.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573741/; classtype:trojan-activity;sid:83436841; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/it/it.js"; depth:9; endswith; nocase; http.host; content:"dreamapp.xyz"; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573738/; classtype:trojan-activity;sid:83436838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2573722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/riod/riod.js"; depth:13; endswith; nocase; http.host; content:"kambohmag.net"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_16; reference:url, urlhaus.abuse.ch/url/2573722/; classtype:trojan-activity;sid:83436822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572493)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nti/nti.js"; depth:11; endswith; nocase; http.host; content:"shaderm.com"; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572493/; classtype:trojan-activity;sid:83435593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572483)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/oovn/oovn.js"; depth:13; endswith; nocase; http.host; content:"accesstelematics.com"; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572483/; classtype:trojan-activity;sid:83435583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571484)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"gabyagozetim.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571484/; classtype:trojan-activity;sid:83434584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571476)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"riderspin.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571476/; classtype:trojan-activity;sid:83434576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571457)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/"; depth:9; endswith; nocase; http.host; content:"estudio.ythan.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571457/; classtype:trojan-activity;sid:83434557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571417)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"admin.byte.in.ua"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571417/; classtype:trojan-activity;sid:83434517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/"; depth:9; endswith; nocase; http.host; content:"riderspin.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571410/; classtype:trojan-activity;sid:83434510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571398)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/"; depth:9; endswith; nocase; http.host; content:"records.dennisign.se"; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571398/; classtype:trojan-activity;sid:83434498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"donkeytourscroatia.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571387/; classtype:trojan-activity;sid:83434487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571356)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"estudio.ythan.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571356/; classtype:trojan-activity;sid:83434456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/"; depth:9; endswith; nocase; http.host; content:"gabyagozetim.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571323/; classtype:trojan-activity;sid:83434423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571282)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"gabyagozetim.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571282/; classtype:trojan-activity;sid:83434382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"twu-hwt.org"; depth:11; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571166/; classtype:trojan-activity;sid:83434266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571162)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"admin.byte.in.ua"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571162/; classtype:trojan-activity;sid:83434262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571158)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"records.dennisign.se"; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571158/; classtype:trojan-activity;sid:83434258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571135)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/"; depth:9; endswith; nocase; http.host; content:"donkeytourscroatia.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571135/; classtype:trojan-activity;sid:83434235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571043)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"donkeytourscroatia.com"; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571043/; classtype:trojan-activity;sid:83434143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2571034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"estudio.ythan.com.br"; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2571034/; classtype:trojan-activity;sid:83434134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"riderspin.com"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570990/; classtype:trojan-activity;sid:83434090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570844)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"derekludlow.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570844/; classtype:trojan-activity;sid:83433944; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/"; depth:9; endswith; nocase; http.host; content:"admin.byte.in.ua"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570642/; classtype:trojan-activity;sid:83433742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"embedone.com"; depth:12; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570563/; classtype:trojan-activity;sid:83433663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/"; depth:9; endswith; nocase; http.host; content:"derekludlow.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570545/; classtype:trojan-activity;sid:83433645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570501)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scarica/"; depth:9; endswith; nocase; http.host; content:"records.dennisign.se"; depth:20; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570501/; classtype:trojan-activity;sid:83433601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570386)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/agenzia/"; depth:9; endswith; nocase; http.host; content:"derekludlow.com"; depth:15; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570386/; classtype:trojan-activity;sid:83433486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2570115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/almr/almr.js"; depth:13; endswith; nocase; http.host; content:"abdulahad.net"; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_14; reference:url, urlhaus.abuse.ch/url/2570115/; classtype:trojan-activity;sid:83433215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teev/teev.js"; depth:13; endswith; nocase; http.host; content:"nusatoyota.co.id"; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568876/; classtype:trojan-activity;sid:83431976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; depth:50; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unlockteame/unlimited/zip/refs/heads/main"; depth:42; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2532808)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/connect/index.php"; depth:18; endswith; nocase; http.host; content:"gabyagozetim.com"; depth:16; isdataat:!1,relative; metadata:created_at 2023_02_07; reference:url, urlhaus.abuse.ch/url/2532808/; classtype:trojan-activity;sid:83395908; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; depth:79; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2425972)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1cpaqimeblbmxrxoli6d3cczgkrbzpy8_"; depth:98; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_18; reference:url, urlhaus.abuse.ch/url/2425972/; classtype:trojan-activity;sid:83289072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/analytics/zy5ntk/"; depth:18; endswith; nocase; http.host; content:"fromthetrenchesworldreport.com"; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/dl/wpoxoxqe2in4fju/doc7november00065.js"; depth:42; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406761/; classtype:trojan-activity;sid:83269861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2302899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/janchuk/voidrat/raw/master/voidrat.exe"; depth:39; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_14; reference:url, urlhaus.abuse.ch/url/2302899/; classtype:trojan-activity;sid:83165999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/updates1/up.exe"; depth:16; endswith; nocase; http.host; content:"1717.1000uc.com"; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2250908)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ema_kvcebm137.bin"; depth:18; endswith; nocase; http.host; content:"mersped.mycpanel.rs"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_27; reference:url, urlhaus.abuse.ch/url/2250908/; classtype:trojan-activity;sid:83114008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2248664)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"147.235.55.179"; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_24; reference:url, urlhaus.abuse.ch/url/2248664/; classtype:trojan-activity;sid:83111764; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237175)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cg100/cg100.exe"; depth:16; endswith; nocase; http.host; content:"update.cg100iii.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237175/; classtype:trojan-activity;sid:83100275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237174)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cgmb/benzmonster.exe"; depth:21; endswith; nocase; http.host; content:"update.cg100iii.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237174/; classtype:trojan-activity;sid:83100274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/down/newsales/adm_atu.exe"; depth:26; endswith; nocase; http.host; content:"palharesinformatica.com.br"; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2171312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verkaufsberater_service/ozrw36a2y1ch2cluzy/"; depth:44; endswith; nocase; http.host; content:"farschid.de"; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_29; reference:url, urlhaus.abuse.ch/url/2171312/; classtype:trojan-activity;sid:83034412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2164668)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verkaufsberater_service/uadjw/"; depth:31; endswith; nocase; http.host; content:"farschid.de"; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2164668/; classtype:trojan-activity;sid:83027768; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; depth:75; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verkaufsberater_service/3cxmq4uaxy/"; depth:36; endswith; nocase; http.host; content:"farschid.de"; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119354/; classtype:trojan-activity;sid:82982454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2119353)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/verkaufsberater_service/3cxmq4uaxy/|3f|i=1"; depth:43; endswith; nocase; http.host; content:"farschid.de"; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2119353/; classtype:trojan-activity;sid:82982453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/plugins/yjmqxmidki/a/hyehwggs.ps1"; depth:45; endswith; nocase; http.host; content:"trtmyanmar.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2114263/; classtype:trojan-activity;sid:82977363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2053942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zp-user/protected%20client.js"; depth:30; endswith; nocase; http.host; content:"dreamwatchevent.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_02_22; reference:url, urlhaus.abuse.ch/url/2053942/; classtype:trojan-activity;sid:82917042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"37.34.209.216"; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021785)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hksweep/vendor/font-awesome/svgs/brands/subtraction.php"; depth:56; endswith; nocase; http.host; content:"rxquickpay.com"; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021785/; classtype:trojan-activity;sid:82884885; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021799)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/src/js/scripts/gallery/photo-swipe/retraction.php"; depth:50; endswith; nocase; http.host; content:"acms.saleseos.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021799/; classtype:trojan-activity;sid:82884899; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/src/js/scripts/gallery/photo-swipe/highlight.php"; depth:49; endswith; nocase; http.host; content:"acms.saleseos.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021757/; classtype:trojan-activity;sid:82884857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2021704)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/src/js/scripts/gallery/photo-swipe/zany.php"; depth:44; endswith; nocase; http.host; content:"acms.saleseos.com"; depth:17; isdataat:!1,relative; metadata:created_at 2022_02_01; reference:url, urlhaus.abuse.ch/url/2021704/; classtype:trojan-activity;sid:82884804; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/userbackend/plugins/dropzone/min/assents.php"; depth:52; endswith; nocase; http.host; content:"theholidayroads.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019377/; classtype:trojan-activity;sid:82882477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/userbackend/plugins/dropzone/min/tautly.php"; depth:51; endswith; nocase; http.host; content:"theholidayroads.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019378/; classtype:trojan-activity;sid:82882478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019365)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/userbackend/plugins/dropzone/min/knave.php"; depth:50; endswith; nocase; http.host; content:"theholidayroads.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019365/; classtype:trojan-activity;sid:82882465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2019358)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/public/userbackend/plugins/dropzone/min/stare.php"; depth:50; endswith; nocase; http.host; content:"theholidayroads.com"; depth:19; isdataat:!1,relative; metadata:created_at 2022_01_31; reference:url, urlhaus.abuse.ch/url/2019358/; classtype:trojan-activity;sid:82882458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008178)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/comply.php"; depth:11; endswith; nocase; http.host; content:"www.crazywickedaddiction.com"; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008178/; classtype:trojan-activity;sid:82871278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/squalid.php"; depth:12; endswith; nocase; http.host; content:"continentalgroup.net.in"; depth:23; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008138/; classtype:trojan-activity;sid:82871238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008130)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/development/public/uploads/images/categories/beirut.php"; depth:56; endswith; nocase; http.host; content:"www.crazywickedaddiction.com"; depth:28; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008130/; classtype:trojan-activity;sid:82871230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2008131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/belt.php"; depth:9; endswith; nocase; http.host; content:"forms.saurashtrauniversity.edu"; depth:30; isdataat:!1,relative; metadata:created_at 2022_01_27; reference:url, urlhaus.abuse.ch/url/2008131/; classtype:trojan-activity;sid:82871231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891112)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/honduras.php"; depth:13; endswith; nocase; http.host; content:"xenon.studio"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891112/; classtype:trojan-activity;sid:82754212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891095)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets2/theme/css/gluttonous.php"; depth:33; endswith; nocase; http.host; content:"xenon.studio"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891095/; classtype:trojan-activity;sid:82754195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891066)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/searching.php"; depth:14; endswith; nocase; http.host; content:"xenon.studio"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891066/; classtype:trojan-activity;sid:82754166; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/assets2/theme/css/linearization.php"; depth:36; endswith; nocase; http.host; content:"xenon.studio"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891070/; classtype:trojan-activity;sid:82754170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1891071)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wrongdoer.php"; depth:14; endswith; nocase; http.host; content:"xenon.studio"; depth:12; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1891071/; classtype:trojan-activity;sid:82754171; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1890257)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lib/crypta.js"; depth:14; endswith; nocase; http.host; content:"reauthenticator.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_12_16; reference:url, urlhaus.abuse.ch/url/1890257/; classtype:trojan-activity;sid:82753357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888166)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/actionably.php"; depth:15; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888166/; classtype:trojan-activity;sid:82751266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888149)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/roughness.php"; depth:14; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888149/; classtype:trojan-activity;sid:82751249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888139)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/intermission.php"; depth:17; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888139/; classtype:trojan-activity;sid:82751239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/redesign.php"; depth:13; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888114/; classtype:trojan-activity;sid:82751214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888115)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/antienuretic.php"; depth:17; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888115/; classtype:trojan-activity;sid:82751215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fizz.php"; depth:9; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888106/; classtype:trojan-activity;sid:82751206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888086)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/designer.php"; depth:13; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888086/; classtype:trojan-activity;sid:82751186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888092)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/frustrating.php"; depth:16; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888092/; classtype:trojan-activity;sid:82751192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888081)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/conditioner.php"; depth:16; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888081/; classtype:trojan-activity;sid:82751181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888082)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unthinkably.php"; depth:16; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888082/; classtype:trojan-activity;sid:82751182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888084)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unexplainable.php"; depth:18; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888084/; classtype:trojan-activity;sid:82751184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1888085)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whiz.php"; depth:9; endswith; nocase; http.host; content:"kramersmarionnettes.com"; depth:23; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1888085/; classtype:trojan-activity;sid:82751185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839258)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/shopped.php"; depth:12; endswith; nocase; http.host; content:"greenf.alexion.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839258/; classtype:trojan-activity;sid:82702358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839238)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/accumulation.php"; depth:17; endswith; nocase; http.host; content:"greenf.alexion.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839238/; classtype:trojan-activity;sid:82702338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839240)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scuffler.php"; depth:13; endswith; nocase; http.host; content:"greenf.alexion.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839240/; classtype:trojan-activity;sid:82702340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1839228)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sublimely.php"; depth:14; endswith; nocase; http.host; content:"muledo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_12_01; reference:url, urlhaus.abuse.ch/url/1839228/; classtype:trojan-activity;sid:82702328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838316)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ticketing.php"; depth:14; endswith; nocase; http.host; content:"beoauto.alexion.rs"; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838316/; classtype:trojan-activity;sid:82701416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/complicate.php"; depth:15; endswith; nocase; http.host; content:"beoauto.alexion.rs"; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838317/; classtype:trojan-activity;sid:82701417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/blend.php"; depth:10; endswith; nocase; http.host; content:"greenf.alexion.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838306/; classtype:trojan-activity;sid:82701406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838289)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gastric.php"; depth:12; endswith; nocase; http.host; content:"beoauto.alexion.rs"; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838289/; classtype:trojan-activity;sid:82701389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/flyer.php"; depth:10; endswith; nocase; http.host; content:"greenf.alexion.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838275/; classtype:trojan-activity;sid:82701375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/acclimated.php"; depth:15; endswith; nocase; http.host; content:"beoauto.alexion.rs"; depth:18; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838263/; classtype:trojan-activity;sid:82701363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838242)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/warmhearted.php"; depth:16; endswith; nocase; http.host; content:"greenf.alexion.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838242/; classtype:trojan-activity;sid:82701342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1838244)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/daydream.php"; depth:13; endswith; nocase; http.host; content:"greenf.alexion.rs"; depth:17; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1838244/; classtype:trojan-activity;sid:82701344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1837873)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/investigative.php"; depth:18; endswith; nocase; http.host; content:"muledo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_30; reference:url, urlhaus.abuse.ch/url/1837873/; classtype:trojan-activity;sid:82700973; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1773622)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/semitrailer.php"; depth:16; endswith; nocase; http.host; content:"muledo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_10; reference:url, urlhaus.abuse.ch/url/1773622/; classtype:trojan-activity;sid:82636722; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1773603)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donkey.php"; depth:11; endswith; nocase; http.host; content:"muledo.com"; depth:10; isdataat:!1,relative; metadata:created_at 2021_11_10; reference:url, urlhaus.abuse.ch/url/1773603/; classtype:trojan-activity;sid:82636703; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; depth:88; endswith; nocase; http.host; content:"server.toeicswt.co.kr"; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1744285)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/chimney.php"; depth:12; endswith; nocase; http.host; content:"lawfirm.paperbirdtech.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1744285/; classtype:trojan-activity;sid:82607385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743733)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoologies.php"; depth:14; endswith; nocase; http.host; content:"bridgeroad.maverickpreviews.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743733/; classtype:trojan-activity;sid:82606833; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/whacked.php"; depth:12; endswith; nocase; http.host; content:"bridgeroad.maverickpreviews.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743713/; classtype:trojan-activity;sid:82606813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743650)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toggle.php"; depth:11; endswith; nocase; http.host; content:"lawfirm.paperbirdtech.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743650/; classtype:trojan-activity;sid:82606750; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1743660)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unplug.php"; depth:11; endswith; nocase; http.host; content:"bridgeroad.maverickpreviews.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1743660/; classtype:trojan-activity;sid:82606760; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/medialibrary/012/fucking.php"; depth:36; endswith; nocase; http.host; content:"shop.mediasova.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720728/; classtype:trojan-activity;sid:82583828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1720508)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/medialibrary/012/chaperon.php"; depth:37; endswith; nocase; http.host; content:"shop.mediasova.ru"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_27; reference:url, urlhaus.abuse.ch/url/1720508/; classtype:trojan-activity;sid:82583608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1704978)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=04a3894062e7d373|7c|26|7c|resid=4a3894062e7d373%21192|7c|26|7c|authkey=ab7i1w77n6tsb3m"; depth:103; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_21; reference:url, urlhaus.abuse.ch/url/1704978/; classtype:trojan-activity;sid:82568078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1698617)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=75ea534baf13442d|7c|26|7c|resid=75ea534baf13442d%21128|7c|26|7c|authkey=akd4vmzywc14zgq|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_20; reference:url, urlhaus.abuse.ch/url/1698617/; classtype:trojan-activity;sid:82561717; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1695302)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=07e7986a5bf9243c|7c|26|7c|resid=7e7986a5bf9243c%21490|7c|26|7c|authkey=abhawhbvtpoyc2a"; depth:103; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_19; reference:url, urlhaus.abuse.ch/url/1695302/; classtype:trojan-activity;sid:82558402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1678523)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/vltktanthutn.exe"; depth:24; endswith; nocase; http.host; content:"kimyen.net"; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_14; reference:url, urlhaus.abuse.ch/url/1678523/; classtype:trojan-activity;sid:82541623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658131)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=539bd593e9568c65|7c|26|7c|resid=539bd593e9568c65%21136|7c|26|7c|authkey=aepr2tr-q36tt8u|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658131/; classtype:trojan-activity;sid:82521231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1658054)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/approx.php"; depth:11; endswith; nocase; http.host; content:"deagroup-ks.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1658054/; classtype:trojan-activity;sid:82521154; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update/ana/update.exe"; depth:22; endswith; nocase; http.host; content:"www.teknoarge.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641492)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2021/01/spell.php"; depth:37; endswith; nocase; http.host; content:"easybrand.vn"; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641492/; classtype:trojan-activity;sid:82504592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1641460)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-content/uploads/2021/01/stored.php"; depth:38; endswith; nocase; http.host; content:"easybrand.vn"; depth:12; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1641460/; classtype:trojan-activity;sid:82504560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1640507)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download|3f|cid=2cc133e5e8e9b372|7c|26|7c|resid=2cc133e5e8e9b372%21113|7c|26|7c|authkey=agftuffxlpqkaz8|7c|26|7c|em=2"; depth:118; endswith; nocase; http.host; content:"onedrive.live.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_09_23; reference:url, urlhaus.abuse.ch/url/1640507/; classtype:trojan-activity;sid:82503607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1619497)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/decapitate.php"; depth:15; endswith; nocase; http.host; content:"tiacreation.club"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_14; reference:url, urlhaus.abuse.ch/url/1619497/; classtype:trojan-activity;sid:82482597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1604292)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/promethium.php"; depth:15; endswith; nocase; http.host; content:"lawfirm.paperbirdtech.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_09; reference:url, urlhaus.abuse.ch/url/1604292/; classtype:trojan-activity;sid:82467392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/photon.php"; depth:11; endswith; nocase; http.host; content:"lawfirm.paperbirdtech.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602881/; classtype:trojan-activity;sid:82465981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602867)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/philanthropic.php"; depth:18; endswith; nocase; http.host; content:"lawfirm.paperbirdtech.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602867/; classtype:trojan-activity;sid:82465967; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1602778)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wash.php"; depth:9; endswith; nocase; http.host; content:"lawfirm.paperbirdtech.com"; depth:25; isdataat:!1,relative; metadata:created_at 2021_09_08; reference:url, urlhaus.abuse.ch/url/1602778/; classtype:trojan-activity;sid:82465878; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582138)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/coon.php"; depth:9; endswith; nocase; http.host; content:"allendostmen.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582138/; classtype:trojan-activity;sid:82445238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582118)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/manly.php"; depth:10; endswith; nocase; http.host; content:"allendostmen.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582118/; classtype:trojan-activity;sid:82445218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582106)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lecher.php"; depth:11; endswith; nocase; http.host; content:"allendostmen.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582106/; classtype:trojan-activity;sid:82445206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1582015)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/strobing.php"; depth:13; endswith; nocase; http.host; content:"allendostmen.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_01; reference:url, urlhaus.abuse.ch/url/1582015/; classtype:trojan-activity;sid:82445115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/downloads/safmanager/safman_setup.exe"; depth:38; endswith; nocase; http.host; content:"www.saf-oil.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/teachable.php"; depth:14; endswith; nocase; http.host; content:"chat-server.maverickpreviews.com"; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503427/; classtype:trojan-activity;sid:82366527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503410)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/aggressive.php"; depth:15; endswith; nocase; http.host; content:"chat-server.maverickpreviews.com"; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503410/; classtype:trojan-activity;sid:82366510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503377)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/belt.php"; depth:9; endswith; nocase; http.host; content:"bridgeroad.maverickpreviews.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503377/; classtype:trojan-activity;sid:82366477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503368)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/anarchical.php"; depth:15; endswith; nocase; http.host; content:"bridgeroad.maverickpreviews.com"; depth:31; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503368/; classtype:trojan-activity;sid:82366468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503361)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/newborn.php"; depth:12; endswith; nocase; http.host; content:"chat-server.maverickpreviews.com"; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503361/; classtype:trojan-activity;sid:82366461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruckus.php"; depth:11; endswith; nocase; http.host; content:"www.cutting-edge.in"; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503351/; classtype:trojan-activity;sid:82366451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unanswerable.php"; depth:17; endswith; nocase; http.host; content:"chat-server.maverickpreviews.com"; depth:32; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503338/; classtype:trojan-activity;sid:82366438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503341)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/harass.php"; depth:11; endswith; nocase; http.host; content:"www.cutting-edge.in"; depth:19; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503341/; classtype:trojan-activity;sid:82366441; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1503337)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ethic.php"; depth:10; endswith; nocase; http.host; content:"i-ramps.com"; depth:11; isdataat:!1,relative; metadata:created_at 2021_08_03; reference:url, urlhaus.abuse.ch/url/1503337/; classtype:trojan-activity;sid:82366437; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1473823)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/sweat.php"; depth:10; endswith; nocase; http.host; content:"www.cutting-edge.in"; depth:19; isdataat:!1,relative; metadata:created_at 2021_07_22; reference:url, urlhaus.abuse.ch/url/1473823/; classtype:trojan-activity;sid:82336923; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1470181)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/power.txt"; depth:10; endswith; nocase; http.host; content:"103.106.250.161"; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1470181/; classtype:trojan-activity;sid:82333281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371786)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/watercress.php"; depth:15; endswith; nocase; http.host; content:"www.playtown.co.za"; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371786/; classtype:trojan-activity;sid:82234886; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371739)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/lining.php"; depth:11; endswith; nocase; http.host; content:"www.playtown.co.za"; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371739/; classtype:trojan-activity;sid:82234839; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1371719)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scroungy.php"; depth:13; endswith; nocase; http.host; content:"www.playtown.co.za"; depth:18; isdataat:!1,relative; metadata:created_at 2021_06_16; reference:url, urlhaus.abuse.ch/url/1371719/; classtype:trojan-activity;sid:82234819; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369570)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pinout.php"; depth:11; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369570/; classtype:trojan-activity;sid:82232670; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369536)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/steeplechases.php"; depth:18; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369536/; classtype:trojan-activity;sid:82232636; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1369533)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/familial.php"; depth:13; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_15; reference:url, urlhaus.abuse.ch/url/1369533/; classtype:trojan-activity;sid:82232633; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364815)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update_vbase/voklight.exe"; depth:26; endswith; nocase; http.host; content:"visam.info"; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364815/; classtype:trojan-activity;sid:82227915; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1364597)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/update_vbase/voklightd.exe"; depth:27; endswith; nocase; http.host; content:"visam.info"; depth:10; isdataat:!1,relative; metadata:created_at 2021_06_14; reference:url, urlhaus.abuse.ch/url/1364597/; classtype:trojan-activity;sid:82227697; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350653)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/habitual.php"; depth:13; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350653/; classtype:trojan-activity;sid:82213753; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350619)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ruleless.php"; depth:13; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350619/; classtype:trojan-activity;sid:82213719; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346907)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toothy.php"; depth:11; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346907/; classtype:trojan-activity;sid:82210007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346883)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/unpunished.php"; depth:15; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346883/; classtype:trojan-activity;sid:82209983; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346885)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jordan.php"; depth:11; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346885/; classtype:trojan-activity;sid:82209985; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1346871)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/defended.php"; depth:13; endswith; nocase; http.host; content:"jyothishmathi.in"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1346871/; classtype:trojan-activity;sid:82209971; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343323)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hoopoe.php"; depth:11; endswith; nocase; http.host; content:"thementordirectory.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343323/; classtype:trojan-activity;sid:82206423; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343313)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hare.php"; depth:9; endswith; nocase; http.host; content:"thementordirectory.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343313/; classtype:trojan-activity;sid:82206413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1343296)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/donate.php"; depth:11; endswith; nocase; http.host; content:"thementordirectory.com"; depth:22; isdataat:!1,relative; metadata:created_at 2021_06_09; reference:url, urlhaus.abuse.ch/url/1343296/; classtype:trojan-activity;sid:82206396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/inst77player/inst77player_1.0.0.1.exe"; depth:38; endswith; nocase; http.host; content:"softdl.360tpcdn.com"; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314584)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vqofspqgo4lhe7xt4ky-gkjbc9rgwzgw9rksc_azpw2gotdlnhx9oxc_rgk1zz9mgxxwqoixey0eajp/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314584/; classtype:trojan-activity;sid:82177684; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vszvhw0lywviz_dpqozkdip0orjsf7411ucirwqegcgfxwqqb3nqpbn3d7orqqxnatypulra_ssggie/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314578/; classtype:trojan-activity;sid:82177678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314581)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vr-asdhfa85lnhp1g6rll18x2htnflvy5zggxzrfveecvbhjiwaes9o9w3dn49od7lplixl3u59icjr/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314581/; classtype:trojan-activity;sid:82177681; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314569)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vqb__8qdiraoo-s_qrzkk8o_8brsuwaeje3ivcd5efhddlux4gw5otilj5ezfenwjzaha-zojj_7srj/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314569/; classtype:trojan-activity;sid:82177669; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314562)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vqha4kutkvbpn1c9r1jolub-v1dyh36itza-2zhojxuluskoxk6iogpy8b8iscqqjskaf3wduc6oykt/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314562/; classtype:trojan-activity;sid:82177662; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314563)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vqm_l1o1djktv6pcfwixdz1gjaqrg26rpb3n3uqpk0jqvif91b_irdew7mo34hhhoffbjohoztlmdtp/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314563/; classtype:trojan-activity;sid:82177663; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314556)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vrxkt9v4qcom-0wjceb6bexufgpr_vdebkc-kra8h7gutbblset1veguumqxs3npiv4qw-7_1kiy3jm/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314556/; classtype:trojan-activity;sid:82177656; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vspnrqtfaftwpvbd8o61fbvozlhc3z0x8jy4glnji-v80xrxnlemgt89l5imnr_7kxst0gn9ydkjj0q/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314548/; classtype:trojan-activity;sid:82177648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vsftpbjz498ict3ab9-tehopymacl8ygytkgufxpnwlfphfxyyh5jmfj_2llrrddsiu8vypu1ksvp5p/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314549/; classtype:trojan-activity;sid:82177649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314543)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vs1h7txewarzqve-jwxnwcgzibofoz58qrk8kerhmfz8mpippgfjeoijthgmm-tw7lwcipr8acup_ft/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314543/; classtype:trojan-activity;sid:82177643; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314544)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vr92cz6z4uh71ogqyzgn6vtdc54xoa0iovizmkmogvekyix648nysfipvt4qto6uvtrp9jsatoeuhk3/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314544/; classtype:trojan-activity;sid:82177644; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vtuc-a7s7ylxnfwqp8oxz6no5uwdmabudx-6glkwrnzjwqwgdtcpdvwp0x0l03qdarzrzonj_adevlw/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314545/; classtype:trojan-activity;sid:82177645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314534)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vqe1vc-nlfenfgigyaugmmg1dq4l0-haikp9qxkacc32ig0xtg6go8lejdoogo0vfeoie4tcyy4_bn4/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314534/; classtype:trojan-activity;sid:82177634; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314535)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vsrvkllojuhzbqokettk0u2b1whglldp35-o1zgt_jlem2z2odwedj0z9sgtukvikdowcuan-0fj5wn/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314535/; classtype:trojan-activity;sid:82177635; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314537)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vqvbpr6y2jjnkxfpcwt9uv7pqycg6vdoowr-xnakhtl9ns4tk44rpa91em8usoc992uqyrpn6ucy5ep/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314537/; classtype:trojan-activity;sid:82177637; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1314526)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vq8kqm4rsobvbpga8ncnzs-1xulwuezfri9x1ktowpiijctqe1uq0iged6iq7sa5zuhnh56egsebkoj/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_02; reference:url, urlhaus.abuse.ch/url/1314526/; classtype:trojan-activity;sid:82177626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287391)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vtecbrofm9hcrdmzz8g7ktneypnrpr1s7bvyoit3r8jd7rjanmysk9yyuhvzmdp3dmkd-xss7kpyffa/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287391/; classtype:trojan-activity;sid:82150491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287387)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vt544w_wvxhvfskbx2zio7pht-jzhb1nvr7y1qhtxccjopcfxzhm1mottjhjsdudpgs9lfrjcqzoi8n/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287387/; classtype:trojan-activity;sid:82150487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287378)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vtcfdv_0srlqbmtfzi6hivmikknsfqd5bubuem-s-mzpzfsva62zyncoy-phkzysuhuddl0yhlyajye/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287378/; classtype:trojan-activity;sid:82150478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287373)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vrtnhy8ipm82egefg7zhukj5qwbit31-jlhdsxovff8rcefw2uhpndpuclv_ffrqqdjhxyxympj3ame/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287373/; classtype:trojan-activity;sid:82150473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1287333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vt4iy9nlwuov8hsmpykbfkn1fh1ydp7ms8dudg2ldfjgxf8rumdtzgiw7ukoifo3ap-pb7ybzlcdfqi/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_26; reference:url, urlhaus.abuse.ch/url/1287333/; classtype:trojan-activity;sid:82150433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278913)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vtyg409rjv4omi3oujyjsc6ajzflluuz37ofzbpjjihmrewoh2ehp2pwbfllgyy_yzqdrldwcaejvd5/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278913/; classtype:trojan-activity;sid:82142013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278910)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vr1e4kzyqneoh2tjc5rh_unlfwjdo31gedrveg0wdyrprmm3yfdxjqxdvyy535adzu5p9m4mrvdau9v/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278910/; classtype:trojan-activity;sid:82142010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278905)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vrvmutaxfc2ewkvy_l_cewfjwv4md_uadqlv4onmlyc0frnp7jod3ru93sm6y-tmoj0nrvbfylt739z/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278905/; classtype:trojan-activity;sid:82142005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278895)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vtpholmraa4dir0lg8z5yhqljwbzp0qkypc3jax6d3l0hs6n23kpm2iqgccjvbvug5th443jjbzs2uv/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278895/; classtype:trojan-activity;sid:82141995; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278896)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vq6nr-yg49vldzzxliqvpupbajoss2nfxsnsk3khaixmvqydl20mxhttp-qa7mojkwa4osepa76nnbl/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278896/; classtype:trojan-activity;sid:82141996; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1278899)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/d/e/2pacx-1vqyowyoxata2couqa6uc3gwi59sq5maualr7yfmq6luzvtefqopogncbli8hx6vubkt2b65qerqhzy8/pub"; depth:104; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_24; reference:url, urlhaus.abuse.ch/url/1278899/; classtype:trojan-activity;sid:82141999; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; depth:68; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1198558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/view/59bmj3vj18vh2/drive/storage/a/files/download|3f|id=625899581658508733"; depth:75; endswith; nocase; http.host; content:"sites.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1198558/; classtype:trojan-activity;sid:82061658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1182816)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1zxejnkdwqezrbgani5vjk2y2nhmpkg0z|7c|26|7c|revid=0b-bo0wgwxcblsui1mehkbhrlu01rwxnyrxzxanbdendmbndnpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1182816/; classtype:trojan-activity;sid:82045916; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; depth:199; endswith; nocase; http.host; content:"cfs9.blog.daum.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; depth:184; endswith; nocase; http.host; content:"cfs13.tistory.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; depth:163; endswith; nocase; http.host; content:"cfs10.blog.daum.net"; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; depth:232; endswith; nocase; http.host; content:"cfs13.tistory.com"; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; depth:303; endswith; nocase; http.host; content:"cfs7.blog.daum.net"; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; depth:135; endswith; nocase; http.host; content:"docs.google.com"; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1098623)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"111.185.171.111"; depth:15; isdataat:!1,relative; metadata:created_at 2021_03_29; reference:url, urlhaus.abuse.ch/url/1098623/; classtype:trojan-activity;sid:81961723; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040629)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secured/009283772/01992/0293/secured/jepg/r0992748834.7z"; depth:57; endswith; nocase; http.host; content:"allscaletreeservices.com.au"; depth:27; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040629/; classtype:trojan-activity;sid:81903729; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (981797)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jlbmvdewvq/595265.jpg"; depth:22; endswith; nocase; http.host; content:"finpremium.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2021_01_28; reference:url, urlhaus.abuse.ch/url/981797/; classtype:trojan-activity;sid:81844897; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gamewd/yhdl.exe"; depth:16; endswith; nocase; http.host; content:"download.caihong.com"; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; depth:36; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (933461)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"77.237.25.210"; depth:13; isdataat:!1,relative; metadata:created_at 2020_12_20; reference:url, urlhaus.abuse.ch/url/933461/; classtype:trojan-activity;sid:81796561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (765703)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/lm/7cfvaaa9jo/"; depth:27; endswith; nocase; http.host; content:"ncxps.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/765703/; classtype:trojan-activity;sid:81628803; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (763354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/hkhchyzdynzpebzcre0lq3l2ddjizwk4f7/"; depth:45; endswith; nocase; http.host; content:"xuezha.net"; depth:10; isdataat:!1,relative; metadata:created_at 2020_10_29; reference:url, urlhaus.abuse.ch/url/763354/; classtype:trojan-activity;sid:81626454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756747)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/rrrv7ilgm2dzpohaklkhewb8rkju15bmqeewccglap/"; depth:56; endswith; nocase; http.host; content:"ncxps.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756747/; classtype:trojan-activity;sid:81619847; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (756736)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/4ld2g8w3rrmhtgvvvpeq2orlcqm71yyxveriw5rzitvii3/"; depth:60; endswith; nocase; http.host; content:"ncxps.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/756736/; classtype:trojan-activity;sid:81619836; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (733798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/oct/w9hmkanqe5py4r/"; depth:32; endswith; nocase; http.host; content:"ncxps.com"; depth:9; isdataat:!1,relative; metadata:created_at 2020_10_22; reference:url, urlhaus.abuse.ch/url/733798/; classtype:trojan-activity;sid:81596898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; depth:37; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paetools.exe"; depth:13; endswith; nocase; http.host; content:"soft.110route.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (613088)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mikf/gallery-dl/releases/download/v1.15.0/gallery-dl.exe"; depth:57; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2020_09_26; reference:url, urlhaus.abuse.ch/url/613088/; classtype:trojan-activity;sid:81476188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (593578)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/js/jquery/jquery.js"; depth:32; endswith; nocase; http.host; content:"chuguadventures.co.tz"; depth:21; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/593578/; classtype:trojan-activity;sid:81456678; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/file/x7z9wbk77tt6v9/"; depth:30; endswith; nocase; http.host; content:"cdaonline.com.ar"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hmatrix/data/hack1226.exe"; depth:26; endswith; nocase; http.host; content:"cd.textfiles.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453216)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/enteihacking/mt/master/asycivic.jpg"; depth:36; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453216/; classtype:trojan-activity;sid:81316316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (453035)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1g_x0a_gnyxai5glsipkq1b2mqknanuw8"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/453035/; classtype:trojan-activity;sid:81316135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452177)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=14muad9cmj6mxsd9lrccuo1egxyf5f-ty"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_03; reference:url, urlhaus.abuse.ch/url/452177/; classtype:trojan-activity;sid:81315277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (451466)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1yrmkzxf4rmy9utrikbh6rgvsokehbmeo"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_02; reference:url, urlhaus.abuse.ch/url/451466/; classtype:trojan-activity;sid:81314566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (447394)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1sm7b9902i8v4yitepf6gzomqc84ltloi"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_31; reference:url, urlhaus.abuse.ch/url/447394/; classtype:trojan-activity;sid:81310494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (446803)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1gavcby-nhlq22ohbgm530exffsrg1aub"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_30; reference:url, urlhaus.abuse.ch/url/446803/; classtype:trojan-activity;sid:81309903; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (439389)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/statement/ul397wfyb/"; depth:29; endswith; nocase; http.host; content:"reifenquick.de"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_24; reference:url, urlhaus.abuse.ch/url/439389/; classtype:trojan-activity;sid:81302489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; depth:49; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; depth:82; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/hl8-8w4cs-6325/"; depth:24; endswith; nocase; http.host; content:"reifenquick.de"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gttu/xofsl/"; depth:12; endswith; nocase; http.host; content:"dweixin.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434311/; classtype:trojan-activity;sid:81297411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432722)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gttu/xofsl/"; depth:12; endswith; nocase; http.host; content:"dweixin.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432722/; classtype:trojan-activity;sid:81295822; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/scripts/hl8-8w4cs-6325/"; depth:24; endswith; nocase; http.host; content:"www.reifenquick.de"; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429290)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gttu/overview/sw94b26/"; depth:23; endswith; nocase; http.host; content:"dweixin.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_11; reference:url, urlhaus.abuse.ch/url/429290/; classtype:trojan-activity;sid:81292390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427444)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gttu/invoice/ujn3me8cye/"; depth:25; endswith; nocase; http.host; content:"dweixin.cn"; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427444/; classtype:trojan-activity;sid:81290544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426974)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/images/t55prjrdcx/0y8615606244201084438n0kq7whr/"; depth:49; endswith; nocase; http.host; content:"seismophonic.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/426974/; classtype:trojan-activity;sid:81290074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/multifunctional-opqwr-ufzclgypmqdyqd/test-gwcsoulkfmk-ty8impu6it9twbp/lr5ypupy-zotrdjgebh/"; depth:96; endswith; nocase; http.host; content:"www.massiv.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426834/; classtype:trojan-activity;sid:81289934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426129)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mail/balance/"; depth:14; endswith; nocase; http.host; content:"www.massiv.net"; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426129/; classtype:trojan-activity;sid:81289229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/invoice/aog-3515110/"; depth:21; endswith; nocase; http.host; content:"lindnerelektroanlagen.de"; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (420521)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/parts_service/ly944myw/"; depth:28; endswith; nocase; http.host; content:"hitstation.nl"; depth:13; isdataat:!1,relative; metadata:created_at 2020_07_28; reference:url, urlhaus.abuse.ch/url/420521/; classtype:trojan-activity;sid:81283621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419868)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/paradiselost/statement/s7nr8p8ut/"; depth:34; endswith; nocase; http.host; content:"damiancollier.com"; depth:17; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419868/; classtype:trojan-activity;sid:81282968; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (410755)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/d35ha/processhide/master/bins/processhide32.exe"; depth:48; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_07_10; reference:url, urlhaus.abuse.ch/url/410755/; classtype:trojan-activity;sid:81273855; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1am1ztjjhswzwdbvue5tke5mbkwjud0w5"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390013/; classtype:trojan-activity;sid:81253113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (390009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1hd7ffgig6btbzuy2_2kds_t4u637qxjn"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_06_15; reference:url, urlhaus.abuse.ch/url/390009/; classtype:trojan-activity;sid:81253109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368318)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threatsim/exe/pdf.exe"; depth:22; endswith; nocase; http.host; content:"0022a601.pphost.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368318/; classtype:trojan-activity;sid:81231418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368317)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threatsim/doc/774d0427cd607b1c09131cc277a68c9edd7cf01499d356bcb1ef4a08e6fc322a.doc"; depth:83; endswith; nocase; http.host; content:"0022a601.pphost.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368317/; classtype:trojan-activity;sid:81231417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368315)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threatsim/exe/xerox01_pdf.exe"; depth:30; endswith; nocase; http.host; content:"0022a601.pphost.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368315/; classtype:trojan-activity;sid:81231415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368312)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threatsim/doc/46cad0e0ca3b2d6d9d3ce691ca2887b18abc80acf0e81799fbb290cce104c8eb.doc"; depth:83; endswith; nocase; http.host; content:"0022a601.pphost.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368312/; classtype:trojan-activity;sid:81231412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368311)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threatsim/exe/njrat.exe"; depth:24; endswith; nocase; http.host; content:"0022a601.pphost.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368311/; classtype:trojan-activity;sid:81231411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368309)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threatsim/exe/order_pdf.exe"; depth:28; endswith; nocase; http.host; content:"0022a601.pphost.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368309/; classtype:trojan-activity;sid:81231409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (368303)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/threatsim/exe/640.exe"; depth:22; endswith; nocase; http.host; content:"0022a601.pphost.net"; depth:19; isdataat:!1,relative; metadata:created_at 2020_05_25; reference:url, urlhaus.abuse.ch/url/368303/; classtype:trojan-activity;sid:81231403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (366549)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1pyl4hq8sbp5qatm1zz9vmsze1cuy2uzw"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_22; reference:url, urlhaus.abuse.ch/url/366549/; classtype:trojan-activity;sid:81229649; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (358751)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/utnl/attack.jpg"; depth:16; endswith; nocase; http.host; content:"85.204.116.130"; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_06; reference:url, urlhaus.abuse.ch/url/358751/; classtype:trojan-activity;sid:81221851; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (355363)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/u/0/uc|3f|id=1osjrfvjdy1vblk4fya98jp5jlnk7rutv|7c|26|7c|export=download"; depth:72; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_05_01; reference:url, urlhaus.abuse.ch/url/355363/; classtype:trojan-activity;sid:81218463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (351490)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/uc|3f|export=download|7c|26|7c|id=1nndvq_2_7doyyuqvcvwmory_4lyrplb7"; depth:68; endswith; nocase; http.host; content:"drive.google.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_04_26; reference:url, urlhaus.abuse.ch/url/351490/; classtype:trojan-activity;sid:81214590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (326350)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/builds/offers/12.exe"; depth:21; endswith; nocase; http.host; content:"softcatalog.ru"; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_18; reference:url, urlhaus.abuse.ch/url/326350/; classtype:trojan-activity;sid:81189450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; depth:151; endswith; nocase; http.host; content:"cfs5.tistory.com"; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; depth:59; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318947)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bero1985/berotinypascal/e34bd4164f4b7c27e7cf667dffd9274d33d6dfbe/bin/btpc.exe"; depth:78; endswith; nocase; http.host; content:"raw.githubusercontent.com"; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318947/; classtype:trojan-activity;sid:81182047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314465)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fta.exe"; depth:8; endswith; nocase; http.host; content:"vincentdemiero.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314465/; classtype:trojan-activity;sid:81177565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314464)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/documeynt9897.zip"; depth:18; endswith; nocase; http.host; content:"vincentdemiero.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314464/; classtype:trojan-activity;sid:81177564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (314463)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvs.zip"; depth:8; endswith; nocase; http.host; content:"vincentdemiero.com"; depth:18; isdataat:!1,relative; metadata:created_at 2020_02_14; reference:url, urlhaus.abuse.ch/url/314463/; classtype:trojan-activity;sid:81177563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (308942)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/wp-lm9-32/"; depth:21; endswith; nocase; http.host; content:"www.chenwangqiao.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_02_05; reference:url, urlhaus.abuse.ch/url/308942/; classtype:trojan-activity;sid:81172042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (304070)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wordpress/file/"; depth:16; endswith; nocase; http.host; content:"www.chenwangqiao.com"; depth:20; isdataat:!1,relative; metadata:created_at 2020_01_31; reference:url, urlhaus.abuse.ch/url/304070/; classtype:trojan-activity;sid:81167170; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (295821)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/9jsd-lb2-09/"; depth:25; endswith; nocase; http.host; content:"gsx.life"; depth:8; isdataat:!1,relative; metadata:created_at 2020_01_23; reference:url, urlhaus.abuse.ch/url/295821/; classtype:trojan-activity;sid:81158921; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (273997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-snapshots/sites/gxagnw43b99/"; depth:32; endswith; nocase; http.host; content:"embalageral.hospedagemdesites.ws"; depth:32; isdataat:!1,relative; metadata:created_at 2019_12_20; reference:url, urlhaus.abuse.ch/url/273997/; classtype:trojan-activity;sid:81137097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (272221)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/about/lm/5oj0ss1de/"; depth:20; endswith; nocase; http.host; content:"dezcom.com"; depth:10; isdataat:!1,relative; metadata:created_at 2019_12_19; reference:url, urlhaus.abuse.ch/url/272221/; classtype:trojan-activity;sid:81135321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254738)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvd/dist/fileupload/1571723382710/9.915787746614242.jpg"; depth:56; endswith; nocase; http.host; content:"cdn.xiaoduoai.com"; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254738/; classtype:trojan-activity;sid:81117838; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (254737)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/cvd/dist/fileupload/1571723350789/0.25579108623802416.jpg"; depth:58; endswith; nocase; http.host; content:"cdn.xiaoduoai.com"; depth:17; isdataat:!1,relative; metadata:created_at 2019_11_18; reference:url, urlhaus.abuse.ch/url/254737/; classtype:trojan-activity;sid:81117837; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (250781)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/cfvi8aejp75ekq0swtl31sx3jti/"; depth:38; endswith; nocase; http.host; content:"www.rbcfort.com"; depth:15; isdataat:!1,relative; metadata:created_at 2019_11_01; reference:url, urlhaus.abuse.ch/url/250781/; classtype:trojan-activity;sid:81113881; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (247651)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-admin/rd62/"; depth:15; endswith; nocase; http.host; content:"www.rbcfort.com"; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_22; reference:url, urlhaus.abuse.ch/url/247651/; classtype:trojan-activity;sid:81110751; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240568)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"94.244.113.217"; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240568/; classtype:trojan-activity;sid:81103668; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"92.114.191.82"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"178.151.143.2"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"36.66.139.36"; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"190.12.99.194"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/.i"; depth:3; endswith; nocase; http.host; content:"185.12.78.161"; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222263)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygen.exe"; depth:11; endswith; nocase; http.host; content:"www.konsor.ru"; depth:13; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222263/; classtype:trojan-activity;sid:81085363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222259)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/keygen.exe"; depth:11; endswith; nocase; http.host; content:"konsor.ru"; depth:9; isdataat:!1,relative; metadata:created_at 2019_08_04; reference:url, urlhaus.abuse.ch/url/222259/; classtype:trojan-activity;sid:81085359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222026)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kaobeitu/mini/v1.0.7.16/mini_04.exe"; depth:36; endswith; nocase; http.host; content:"download.kaobeitu.com"; depth:21; isdataat:!1,relative; metadata:created_at 2019_08_03; reference:url, urlhaus.abuse.ch/url/222026/; classtype:trojan-activity;sid:81085126; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221598)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kszip/mini/v1.0.7.31/mini_04.exe"; depth:33; endswith; nocase; http.host; content:"download.pdf00.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221598/; classtype:trojan-activity;sid:81084698; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (221595)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/kszip/news2/v1.0.7.31/news2_02.exe"; depth:35; endswith; nocase; http.host; content:"download.pdf00.cn"; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_01; reference:url, urlhaus.abuse.ch/url/221595/; classtype:trojan-activity;sid:81084695; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (220541)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/25072019_0963.xls"; depth:18; endswith; nocase; http.host; content:"fakers.co.jp"; depth:12; isdataat:!1,relative; metadata:created_at 2019_07_29; reference:url, urlhaus.abuse.ch/url/220541/; classtype:trojan-activity;sid:81083641; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (219275)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/0996938c001/6e8a2a4f-40ac-464f-9a70-7c67f0a0da19.pdf"; depth:53; endswith; nocase; http.host; content:"files.constantcontact.com"; depth:25; isdataat:!1,relative; metadata:created_at 2019_07_24; reference:url, urlhaus.abuse.ch/url/219275/; classtype:trojan-activity;sid:81082375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/meteoradminz/hidden-tear/zip/master"; depth:36; endswith; nocase; http.host; content:"codeload.github.com"; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (215077)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doumai/news2/v1.0.7.01/news2_01.exe"; depth:36; endswith; nocase; http.host; content:"download.doumaibiji.cn"; depth:22; isdataat:!1,relative; metadata:created_at 2019_07_06; reference:url, urlhaus.abuse.ch/url/215077/; classtype:trojan-activity;sid:81078177; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210525)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/20.06.2019_130.22.doc"; depth:22; endswith; nocase; http.host; content:"fakers.co.jp"; depth:12; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210525/; classtype:trojan-activity;sid:81073625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (208009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/domains/updateagent/application%20files/upagent.exe"; depth:52; endswith; nocase; http.host; content:"old.bullydog.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_06_12; reference:url, urlhaus.abuse.ch/url/208009/; classtype:trojan-activity;sid:81071109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/qt51crk.exe"; depth:21; endswith; nocase; http.host; content:"www.hseda.com"; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203157)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/qt51crk.exe"; depth:21; endswith; nocase; http.host; content:"hseda.com"; depth:9; isdataat:!1,relative; metadata:created_at 2019_05_28; reference:url, urlhaus.abuse.ch/url/203157/; classtype:trojan-activity;sid:81066257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/screenmate/cute/sm1302.zip"; depth:27; endswith; nocase; http.host; content:"www.starcountry.net"; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201513)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wj1bsetup.exe"; depth:14; endswith; nocase; http.host; content:"dl.dzqzd.com"; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_24; reference:url, urlhaus.abuse.ch/url/201513/; classtype:trojan-activity;sid:81064613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; depth:60; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/12.2013/nrv-ppwr.zip"; depth:30; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/razor/rzr-winner_intro.zip"; depth:27; endswith; nocase; http.host; content:"chiptune.com"; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; depth:67; endswith; nocase; http.host; content:"nerve.untergrund.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195172)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/eypipe/pipefile/adpopup/adpopup_1382523956.exe"; depth:47; endswith; nocase; http.host; content:"goto.stnts.com"; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_13; reference:url, urlhaus.abuse.ch/url/195172/; classtype:trojan-activity;sid:81058272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (185713)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qrtb.exe"; depth:9; endswith; nocase; http.host; content:"xiaoma-10021647.file.myqcloud.com"; depth:33; isdataat:!1,relative; metadata:created_at 2019_04_26; reference:url, urlhaus.abuse.ch/url/185713/; classtype:trojan-activity;sid:81048813; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (184801)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tqpjo/scan/uftruaemi2h/"; depth:24; endswith; nocase; http.host; content:"redlk.com"; depth:9; isdataat:!1,relative; metadata:created_at 2019_04_25; reference:url, urlhaus.abuse.ch/url/184801/; classtype:trojan-activity;sid:81047901; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (176091)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/templates/theme261/css/msg.jpg"; depth:31; endswith; nocase; http.host; content:"sk-comtel.com"; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_12; reference:url, urlhaus.abuse.ch/url/176091/; classtype:trojan-activity;sid:81039191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/templates/theme261/html/com_contact/category/hp.gf"; depth:51; endswith; nocase; http.host; content:"sk-comtel.com"; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175833/; classtype:trojan-activity;sid:81038933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173971)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/file/support/trust/en/042019/"; depth:30; endswith; nocase; http.host; content:"brightworks.cz"; depth:14; isdataat:!1,relative; metadata:created_at 2019_04_09; reference:url, urlhaus.abuse.ch/url/173971/; classtype:trojan-activity;sid:81037071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (173380)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/programas1/uldqi-i7q4vmdrqzvbbg_qjuhgzkb-vr2/"; depth:46; endswith; nocase; http.host; content:"aftelecom.com.br"; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_08; reference:url, urlhaus.abuse.ch/url/173380/; classtype:trojan-activity;sid:81036480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165554)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/secure.myacc.resourses.com/"; depth:28; endswith; nocase; http.host; content:"flyingmutts.com"; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165554/; classtype:trojan-activity;sid:81028654; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (165504)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/i203611254b019514581.zip"; depth:25; endswith; nocase; http.host; content:"programandojuntos.us.tempcloudsite.com"; depth:38; isdataat:!1,relative; metadata:created_at 2019_03_25; reference:url, urlhaus.abuse.ch/url/165504/; classtype:trojan-activity;sid:81028604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (164277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/corporation/new_invoice/1033530/hijmq-jo_uqgwdlyf-8e/"; depth:54; endswith; nocase; http.host; content:"flyingmutts.com"; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_22; reference:url, urlhaus.abuse.ch/url/164277/; classtype:trojan-activity;sid:81027377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (162770)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/artluz/produtos/sendincsec/support/sec/en_en/03-2019/"; depth:54; endswith; nocase; http.host; content:"alarmline.com.br"; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_20; reference:url, urlhaus.abuse.ch/url/162770/; classtype:trojan-activity;sid:81025870; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (161757)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tomatoleizhutizy/tomatoleizhutizy.exe"; depth:38; endswith; nocase; http.host; content:"softdl2.360tpcdn.com"; depth:20; isdataat:!1,relative; metadata:created_at 2019_03_19; reference:url, urlhaus.abuse.ch/url/161757/; classtype:trojan-activity;sid:81024857; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (157610)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/stats/f06bn-kgh24-ncoviajp/"; depth:28; endswith; nocase; http.host; content:"flyingmutts.com"; depth:15; isdataat:!1,relative; metadata:created_at 2019_03_12; reference:url, urlhaus.abuse.ch/url/157610/; classtype:trojan-activity;sid:81020710; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (155567)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/rawabijob.hta"; depth:14; endswith; nocase; http.host; content:"local-update.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_03_10; reference:url, urlhaus.abuse.ch/url/155567/; classtype:trojan-activity;sid:81018667; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (154627)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/za.ebali"; depth:9; endswith; nocase; http.host; content:"mitreart.com"; depth:12; isdataat:!1,relative; metadata:created_at 2019_03_07; reference:url, urlhaus.abuse.ch/url/154627/; classtype:trojan-activity;sid:81017727; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143834)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hl2dm/hl2dm_updater.exe"; depth:24; endswith; nocase; http.host; content:"update.bruss.org.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143834/; classtype:trojan-activity;sid:81006934; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143833)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hl2dm/hl2dm%5fupdater.exe"; depth:26; endswith; nocase; http.host; content:"update.bruss.org.ru"; depth:19; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143833/; classtype:trojan-activity;sid:81006933; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143333)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/css/out-1773725897.hta"; depth:23; endswith; nocase; http.host; content:"globalbank.us"; depth:13; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143333/; classtype:trojan-activity;sid:81006433; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (143301)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/pistacchietto/win-python-backdoor/raw/master/win.bat"; depth:53; endswith; nocase; http.host; content:"github.com"; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_23; reference:url, urlhaus.abuse.ch/url/143301/; classtype:trojan-activity;sid:81006401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (140156)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/1465810408079_502.exe"; depth:22; endswith; nocase; http.host; content:"static.topxgun.com"; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_19; reference:url, urlhaus.abuse.ch/url/140156/; classtype:trojan-activity;sid:81003256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (122975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/data/box.bin"; depth:13; endswith; nocase; http.host; content:"dusttv.com"; depth:10; isdataat:!1,relative; metadata:created_at 2019_02_13; reference:url, urlhaus.abuse.ch/url/122975/; classtype:trojan-activity;sid:80986075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (121029)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/active/pcclear_eng_mini.exe"; depth:28; endswith; nocase; http.host; content:"down.pcclear.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_02_10; reference:url, urlhaus.abuse.ch/url/121029/; classtype:trojan-activity;sid:80984129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (116990)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/ltbx_h3dtc-obppcj/maj/messages/2019-02/"; depth:40; endswith; nocase; http.host; content:"airlife.bget.ru"; depth:15; isdataat:!1,relative; metadata:created_at 2019_02_04; reference:url, urlhaus.abuse.ch/url/116990/; classtype:trojan-activity;sid:80980090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115233)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sanghyun-guest.exe"; depth:25; endswith; nocase; http.host; content:"sanghyun.nfile.net"; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115233/; classtype:trojan-activity;sid:80978333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (115231)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/sanghyun.exe"; depth:19; endswith; nocase; http.host; content:"sanghyun.nfile.net"; depth:18; isdataat:!1,relative; metadata:created_at 2019_02_01; reference:url, urlhaus.abuse.ch/url/115231/; classtype:trojan-activity;sid:80978331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112779)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/update.exe"; depth:17; endswith; nocase; http.host; content:"sg123.net"; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112779/; classtype:trojan-activity;sid:80975879; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112648)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/install.exe"; depth:18; endswith; nocase; http.host; content:"sg123.net"; depth:9; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112648/; classtype:trojan-activity;sid:80975748; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112647)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/install.exe"; depth:18; endswith; nocase; http.host; content:"igra123.com"; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112647/; classtype:trojan-activity;sid:80975747; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (112642)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/update.exe"; depth:17; endswith; nocase; http.host; content:"igra123.com"; depth:11; isdataat:!1,relative; metadata:created_at 2019_01_29; reference:url, urlhaus.abuse.ch/url/112642/; classtype:trojan-activity;sid:80975742; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (111691)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/files/haeum.exe"; depth:16; endswith; nocase; http.host; content:"haeum.nfile.net"; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_28; reference:url, urlhaus.abuse.ch/url/111691/; classtype:trojan-activity;sid:80974791; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110142)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/%d3%b2%bc%fe%d0%c5%cf%a2%b2%e9%bf%b4%c6%f7.exe"; depth:47; endswith; nocase; http.host; content:"down.54nb.com"; depth:13; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110142/; classtype:trojan-activity;sid:80973242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (110132)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/gcld/updates_tw/gcmgr_tw.exe"; depth:29; endswith; nocase; http.host; content:"static.ilclock.com"; depth:18; isdataat:!1,relative; metadata:created_at 2019_01_25; reference:url, urlhaus.abuse.ch/url/110132/; classtype:trojan-activity;sid:80973232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (109220)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/de_de/tejqsyf3366492/ger/rechnungszahlung/"; depth:43; endswith; nocase; http.host; content:"blogs.sokun.jp"; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_24; reference:url, urlhaus.abuse.ch/url/109220/; classtype:trojan-activity;sid:80972320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (108283)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigfile/v1/urls/d/4qnwtdd-4xsuuy1xlrmzcibqjfu/ihdzyo55cus7ds4lmmkxpa"; depth:69; endswith; nocase; http.host; content:"attach.mail.daum.net"; depth:20; isdataat:!1,relative; metadata:created_at 2019_01_23; reference:url, urlhaus.abuse.ch/url/108283/; classtype:trojan-activity;sid:80971383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106003)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qcoin/qcoin133.exe"; depth:19; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106003/; classtype:trojan-activity;sid:80969103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (106002)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jd/jd156.exe"; depth:13; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/106002/; classtype:trojan-activity;sid:80969102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105999)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qcoin/qcoin142.exe"; depth:19; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105999/; classtype:trojan-activity;sid:80969099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105998)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jd/jd124.exe"; depth:13; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105998/; classtype:trojan-activity;sid:80969098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105997)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qcoin/qcoin141.exe"; depth:19; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105997/; classtype:trojan-activity;sid:80969097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105992)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jd/jd145.exe"; depth:13; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105992/; classtype:trojan-activity;sid:80969092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105991)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qcoin/qcoin140.exe"; depth:19; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105991/; classtype:trojan-activity;sid:80969091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105985)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jd/jd136.exe"; depth:13; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105985/; classtype:trojan-activity;sid:80969085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105976)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/qcoin/qcoin139.exe"; depth:19; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105976/; classtype:trojan-activity;sid:80969076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105975)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/jd/jd137.exe"; depth:13; endswith; nocase; http.host; content:"cdn-10049480.file.myqcloud.com"; depth:30; isdataat:!1,relative; metadata:created_at 2019_01_19; reference:url, urlhaus.abuse.ch/url/105975/; classtype:trojan-activity;sid:80969075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105558)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/n/tui/ciqinmishi/6/cqms.exe"; depth:28; endswith; nocase; http.host; content:"bundle.kpzip.com"; depth:16; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105558/; classtype:trojan-activity;sid:80968658; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (105407)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/hkhe3fktc/"; depth:11; endswith; nocase; http.host; content:"atkcgnew.evgeni7e.beget.tech"; depth:28; isdataat:!1,relative; metadata:created_at 2019_01_18; reference:url, urlhaus.abuse.ch/url/105407/; classtype:trojan-activity;sid:80968507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (104016)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/drop/css/obr.hta"; depth:17; endswith; nocase; http.host; content:"www.myvcart.com"; depth:15; isdataat:!1,relative; metadata:created_at 2019_01_16; reference:url, urlhaus.abuse.ch/url/104016/; classtype:trojan-activity;sid:80967116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102706)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoguarder/autoguarder_2.3.7.350.exe"; depth:38; endswith; nocase; http.host; content:"softdl4.360.cn"; depth:14; isdataat:!1,relative; metadata:created_at 2019_01_12; reference:url, urlhaus.abuse.ch/url/102706/; classtype:trojan-activity;sid:80965806; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102548)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doumai/tips/v1.0.1.11/tips_01.exe"; depth:34; endswith; nocase; http.host; content:"download.doumaibiji.cn"; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102548/; classtype:trojan-activity;sid:80965648; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (102545)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doumai/fmt/v1.0.1.11/fmt_01.exe"; depth:32; endswith; nocase; http.host; content:"download.doumaibiji.cn"; depth:22; isdataat:!1,relative; metadata:created_at 2019_01_11; reference:url, urlhaus.abuse.ch/url/102545/; classtype:trojan-activity;sid:80965645; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (98628)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/6nqq.js"; depth:8; endswith; nocase; http.host; content:"www.hostingcloud.science"; depth:24; isdataat:!1,relative; metadata:created_at 2018_12_21; reference:url, urlhaus.abuse.ch/url/98628/; classtype:trojan-activity;sid:80961728; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (96625)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/iuia-qgkdtq2rfbxd7z_ljiaengvq-4cy/"; depth:35; endswith; nocase; http.host; content:"www.ardguisser.com"; depth:18; isdataat:!1,relative; metadata:created_at 2018_12_17; reference:url, urlhaus.abuse.ch/url/96625/; classtype:trojan-activity;sid:80959725; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95728)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game/download/zip/waigua/shiqi/2003/06/20030620.exe"; depth:52; endswith; nocase; http.host; content:"veryboys.com"; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95728/; classtype:trojan-activity;sid:80958828; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95727)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game/download/zip/waigua/mir2/2003/05/200305252.exe"; depth:52; endswith; nocase; http.host; content:"veryboys.com"; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95727/; classtype:trojan-activity;sid:80958827; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95726)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game/download/zip/waigua/mu/2003/07/20030721.exe"; depth:49; endswith; nocase; http.host; content:"veryboys.com"; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95726/; classtype:trojan-activity;sid:80958826; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95634)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/uploadfile/guochang/setup_tvplayer.zip"; depth:44; endswith; nocase; http.host; content:"www.okhan.net"; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95634/; classtype:trojan-activity;sid:80958734; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95633)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; depth:40; endswith; nocase; http.host; content:"www.okhan.net"; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95633/; classtype:trojan-activity;sid:80958733; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95550)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/game/download/zip/waigua/mir2/2003/05/20030520.exe"; depth:51; endswith; nocase; http.host; content:"veryboys.com"; depth:12; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95550/; classtype:trojan-activity;sid:80958650; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95509)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; depth:46; endswith; nocase; http.host; content:"www.okhan.net"; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_15; reference:url, urlhaus.abuse.ch/url/95509/; classtype:trojan-activity;sid:80958609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95209)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us/information/122018/"; depth:23; endswith; nocase; http.host; content:"flyingmutts.com"; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95209/; classtype:trojan-activity;sid:80958309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (95078)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/us/information/122018"; depth:22; endswith; nocase; http.host; content:"flyingmutts.com"; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_14; reference:url, urlhaus.abuse.ch/url/95078/; classtype:trojan-activity;sid:80958178; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94279)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/upload/20140812/14078161556897.rar"; depth:35; endswith; nocase; http.host; content:"static.3001.net"; depth:15; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94279/; classtype:trojan-activity;sid:80957379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94199)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/uploadfile/youxi/okhan.net-2wn.rar"; depth:40; endswith; nocase; http.host; content:"okhan.net"; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94199/; classtype:trojan-activity;sid:80957299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (94194)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/soft/uploadfile/anquan/pjbingdianhuanyuan.rar"; depth:46; endswith; nocase; http.host; content:"okhan.net"; depth:9; isdataat:!1,relative; metadata:created_at 2018_12_13; reference:url, urlhaus.abuse.ch/url/94194/; classtype:trojan-activity;sid:80957294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92354)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/3"; depth:14; endswith; nocase; http.host; content:"itssprout.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92354/; classtype:trojan-activity;sid:80955454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92351)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/2"; depth:14; endswith; nocase; http.host; content:"itssprout.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92351/; classtype:trojan-activity;sid:80955451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (92344)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/wp-includes/1"; depth:14; endswith; nocase; http.host; content:"itssprout.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_12_10; reference:url, urlhaus.abuse.ch/url/92344/; classtype:trojan-activity;sid:80955444; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86730)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/076360tad/oamo/business/"; depth:25; endswith; nocase; http.host; content:"flyingmutts.com"; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_29; reference:url, urlhaus.abuse.ch/url/86730/; classtype:trojan-activity;sid:80949830; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (86203)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/076360tad/oamo/business"; depth:24; endswith; nocase; http.host; content:"flyingmutts.com"; depth:15; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/86203/; classtype:trojan-activity;sid:80949303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85967)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/rc1veeex.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85967/; classtype:trojan-activity;sid:80949067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85901)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/tekiwanatain/installer.rar"; depth:27; endswith; nocase; http.host; content:"users.atw.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_28; reference:url, urlhaus.abuse.ch/url/85901/; classtype:trojan-activity;sid:80949001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85881)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/5fg9yjwr.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85881/; classtype:trojan-activity;sid:80948981; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85879)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/a9to40e7.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85879/; classtype:trojan-activity;sid:80948979; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85878)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/e6i8pdc0.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85878/; classtype:trojan-activity;sid:80948978; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85877)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-07/28/117228/4wtjdjio.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85877/; classtype:trojan-activity;sid:80948977; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85876)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/29/106045/zwy1q6k0.rar"; depth:36; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85876/; classtype:trojan-activity;sid:80948976; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (85874)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/task/2009-06/06/98428/07c9mfhe.zip"; depth:35; endswith; nocase; http.host; content:"p3.zbjimg.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_11_27; reference:url, urlhaus.abuse.ch/url/85874/; classtype:trojan-activity;sid:80948974; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (82382)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/download/%e8%99%9a%e6%8b%9f%e5%85%89%e9%a9%b1_11@10349.exe"; depth:59; endswith; nocase; http.host; content:"cl.ssouy.com"; depth:12; isdataat:!1,relative; metadata:created_at 2018_11_19; reference:url, urlhaus.abuse.ch/url/82382/; classtype:trojan-activity;sid:80945482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (79342)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bigfile/v1/urls/d/1gpusd8uwnakepjjehixnayfekq/kbdjubux_j-nvjot1z-mdw"; depth:69; endswith; nocase; http.host; content:"attach.mail.daum.net"; depth:20; isdataat:!1,relative; metadata:created_at 2018_11_13; reference:url, urlhaus.abuse.ch/url/79342/; classtype:trojan-activity;sid:80942442; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (71185)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/nykol16/kepek.exe"; depth:18; endswith; nocase; http.host; content:"users.atw.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_26; reference:url, urlhaus.abuse.ch/url/71185/; classtype:trojan-activity;sid:80934285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67517)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbs/attachment/forum/201106/03/153053ki5kbisfbc8316i3.rar"; depth:58; endswith; nocase; http.host; content:"attach.66rpg.com"; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_13; reference:url, urlhaus.abuse.ch/url/67517/; classtype:trojan-activity;sid:80930617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67516)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbs/attachment/forum/201403/02/104411hqzp4rto4ro94qpz.rar"; depth:58; endswith; nocase; http.host; content:"attach.66rpg.com"; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_13; reference:url, urlhaus.abuse.ch/url/67516/; classtype:trojan-activity;sid:80930616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67474)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/bbs/attachment/forum/201108/22/215335elkpi66piz56eii9.zip"; depth:58; endswith; nocase; http.host; content:"attach.66rpg.com"; depth:16; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67474/; classtype:trojan-activity;sid:80930574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (67439)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/zoolatogato/xruhbmzvlaghfnqcerrv.exe"; depth:37; endswith; nocase; http.host; content:"users.atw.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_12; reference:url, urlhaus.abuse.ch/url/67439/; classtype:trojan-activity;sid:80930539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66694)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/autoup/client/aqclient.exe"; depth:27; endswith; nocase; http.host; content:"pay.aqiu6.com"; depth:13; isdataat:!1,relative; metadata:created_at 2018_10_11; reference:url, urlhaus.abuse.ch/url/66694/; classtype:trojan-activity;sid:80929794; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66274)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/toneraruhaz/wp-admin/network/installer.rar"; depth:43; endswith; nocase; http.host; content:"users.atw.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66274/; classtype:trojan-activity;sid:80929374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (66164)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/fvlmodell/letoltes/files/scalecalc.exe"; depth:39; endswith; nocase; http.host; content:"users.atw.hu"; depth:12; isdataat:!1,relative; metadata:created_at 2018_10_09; reference:url, urlhaus.abuse.ch/url/66164/; classtype:trojan-activity;sid:80929264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (59247)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/vqd0d5/"; depth:8; endswith; nocase; http.host; content:"robertrowe.com"; depth:14; isdataat:!1,relative; metadata:created_at 2018_09_23; reference:url, urlhaus.abuse.ch/url/59247/; classtype:trojan-activity;sid:80922347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57935)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/factures-09-2018/"; depth:18; endswith; nocase; http.host; content:"hasalltalent.com"; depth:16; isdataat:!1,relative; metadata:created_at 2018_09_19; reference:url, urlhaus.abuse.ch/url/57935/; classtype:trojan-activity;sid:80921035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (57059)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/document/en/need-to-send-the-attachment"; depth:40; endswith; nocase; http.host; content:"vgd.vg"; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_17; reference:url, urlhaus.abuse.ch/url/57059/; classtype:trojan-activity;sid:80920159; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (56449)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/7mn5zo8d/"; depth:10; endswith; nocase; http.host; content:"vgd.vg"; depth:6; isdataat:!1,relative; metadata:created_at 2018_09_14; reference:url, urlhaus.abuse.ch/url/56449/; classtype:trojan-activity;sid:80919549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38013)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/dl/gxfqfem5m813nva/firefox_67.3.39.js"; depth:40; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38013/; classtype:trojan-activity;sid:80901113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38011)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/dl/dqrsgzlf8jeefw0/firefox_67.3.45.js"; depth:40; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38011/; classtype:trojan-activity;sid:80901111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (38009)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/s/dl/g4is5u674v6l2yy/firefox_67.3.16.js"; depth:40; endswith; nocase; http.host; content:"www.dropbox.com"; depth:15; isdataat:!1,relative; metadata:created_at 2018_08_02; reference:url, urlhaus.abuse.ch/url/38009/; classtype:trojan-activity;sid:80901109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (28277)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/mc_setup.exe"; depth:13; endswith; nocase; http.host; content:"crimefreesoftware.com"; depth:21; isdataat:!1,relative; metadata:created_at 2018_07_04; reference:url, urlhaus.abuse.ch/url/28277/; classtype:trojan-activity;sid:80891377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (16630)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/doc/past-due-invoice/"; depth:22; endswith; nocase; http.host; content:"robertrowe.com"; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_07; reference:url, urlhaus.abuse.ch/url/16630/; classtype:trojan-activity;sid:80879730; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (15711)"; flow:established,from_client; http.method; content:"GET"; http.uri; content:"/status/auditor-of-state-notification-of-eft-deposit/"; depth:53; endswith; nocase; http.host; content:"robertrowe.com"; depth:14; isdataat:!1,relative; metadata:created_at 2018_06_05; reference:url, urlhaus.abuse.ch/url/15711/; classtype:trojan-activity;sid:80878811; rev:1;)
# Number of entries: 32142